mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-28 18:18:41 +00:00
Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
e98fa9cd72 | ||
|
|
01d90bb736 | ||
|
|
e04cfaaa58 | ||
|
|
8c86905b22 | ||
|
|
84955d13ac | ||
|
|
46e5044851 | ||
|
|
3a3f44a427 | ||
|
|
0cc35a212c | ||
|
|
0bb79adec0 | ||
|
|
9e89a9d3ad | ||
|
|
ddfb1d65e3 | ||
|
|
efafe16d3b | ||
|
|
e1b4861c8a | ||
|
|
4d0bf14fc3 | ||
|
|
35069ff3e9 | ||
|
|
b9afd69df0 |
@@ -1,32 +1,35 @@
|
||||
# Managed Clickhouse Service
|
||||
|
||||
ClickHouse is an open source high-performance and column-oriented SQL database management system (DBMS).
|
||||
It is used for online analytical processing (OLAP).
|
||||
Cozystack platform uses Altinity operator to provide ClickHouse.
|
||||
|
||||
### How to restore backup:
|
||||
|
||||
find snapshot:
|
||||
```
|
||||
restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
|
||||
```
|
||||
1. Find a snapshot:
|
||||
```
|
||||
restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
|
||||
```
|
||||
|
||||
restore:
|
||||
```
|
||||
restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
|
||||
```
|
||||
2. Restore it:
|
||||
```
|
||||
restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
|
||||
```
|
||||
|
||||
more details:
|
||||
- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
|
||||
For more details, read [Restic: Effective Backup from Stdin](https://blog.aenix.io/restic-effective-backup-from-stdin-4bc1e8f083c1).
|
||||
|
||||
## Parameters
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------- | ----------------------------------- | ------ |
|
||||
| `size` | Persistent Volume size | `10Gi` |
|
||||
| `logStorageSize` | Persistent Volume for logs size | `2Gi` |
|
||||
| `shards` | Number of Clickhouse replicas | `1` |
|
||||
| `replicas` | Number of Clickhouse shards | `2` |
|
||||
| `storageClass` | StorageClass used to store the data | `""` |
|
||||
| `logTTL` | for query_log and query_thread_log | `15` |
|
||||
| Name | Description | Value |
|
||||
| ---------------- | -------------------------------------------------------- | ------ |
|
||||
| `size` | Size of Persistent Volume for data | `10Gi` |
|
||||
| `logStorageSize` | Size of Persistent Volume for logs | `2Gi` |
|
||||
| `shards` | Number of Clickhouse shards | `1` |
|
||||
| `replicas` | Number of Clickhouse replicas | `2` |
|
||||
| `storageClass` | StorageClass used to store the data | `""` |
|
||||
| `logTTL` | TTL (expiration time) for query_log and query_thread_log | `15` |
|
||||
|
||||
### Configuration parameters
|
||||
|
||||
@@ -36,15 +39,32 @@ more details:
|
||||
|
||||
### Backup parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
|
||||
| `backup.enabled` | Enable pereiodic backups | `false` |
|
||||
| `backup.s3Region` | The AWS S3 region where backups are stored | `us-east-1` |
|
||||
| `backup.s3Bucket` | The S3 bucket used for storing backups | `s3.example.org/clickhouse-backups` |
|
||||
| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` |
|
||||
| `backup.cleanupStrategy` | The strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
|
||||
| `backup.s3AccessKey` | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` |
|
||||
| `backup.s3SecretKey` | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` |
|
||||
| `backup.resticPassword` | The password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` |
|
||||
| `resources` | Resources | `{}` |
|
||||
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------ | --------------------------------------------------------------------------- | ------------------------------------------------------ |
|
||||
| `backup.enabled` | Enable periodic backups | `false` |
|
||||
| `backup.s3Region` | AWS S3 region where backups are stored | `us-east-1` |
|
||||
| `backup.s3Bucket` | S3 bucket used for storing backups | `s3.example.org/clickhouse-backups` |
|
||||
| `backup.schedule` | Cron schedule for automated backups | `0 2 * * *` |
|
||||
| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
|
||||
| `backup.s3AccessKey` | Access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu` |
|
||||
| `backup.s3SecretKey` | Secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog` |
|
||||
| `backup.resticPassword` | Password for Restic backup encryption | `ChaXoveekoh6eigh4siesheeda2quai0` |
|
||||
| `resources` | Explicit CPU/memory resource requests and limits for the Clickhouse service | `{}` |
|
||||
| `resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. | `nano` |
|
||||
|
||||
|
||||
In production environments, it's recommended to set `resources` explicitly.
|
||||
Example of `resources`:
|
||||
|
||||
```yaml
|
||||
resources:
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 4Gi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
```
|
||||
|
||||
Allowed values for `resourcesPreset` are `none`, `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
|
||||
This value is ignored if `resources` value is set.
|
||||
|
||||
@@ -4,22 +4,22 @@
|
||||
"properties": {
|
||||
"size": {
|
||||
"type": "string",
|
||||
"description": "Persistent Volume size",
|
||||
"description": "Size of Persistent Volume for data",
|
||||
"default": "10Gi"
|
||||
},
|
||||
"logStorageSize": {
|
||||
"type": "string",
|
||||
"description": "Persistent Volume for logs size",
|
||||
"description": "Size of Persistent Volume for logs",
|
||||
"default": "2Gi"
|
||||
},
|
||||
"shards": {
|
||||
"type": "number",
|
||||
"description": "Number of Clickhouse replicas",
|
||||
"description": "Number of Clickhouse shards",
|
||||
"default": 1
|
||||
},
|
||||
"replicas": {
|
||||
"type": "number",
|
||||
"description": "Number of Clickhouse shards",
|
||||
"description": "Number of Clickhouse replicas",
|
||||
"default": 2
|
||||
},
|
||||
"storageClass": {
|
||||
@@ -29,7 +29,7 @@
|
||||
},
|
||||
"logTTL": {
|
||||
"type": "number",
|
||||
"description": "for query_log and query_thread_log",
|
||||
"description": "TTL (expiration time) for query_log and query_thread_log",
|
||||
"default": 15
|
||||
},
|
||||
"backup": {
|
||||
@@ -37,17 +37,17 @@
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean",
|
||||
"description": "Enable pereiodic backups",
|
||||
"description": "Enable periodic backups",
|
||||
"default": false
|
||||
},
|
||||
"s3Region": {
|
||||
"type": "string",
|
||||
"description": "The AWS S3 region where backups are stored",
|
||||
"description": "AWS S3 region where backups are stored",
|
||||
"default": "us-east-1"
|
||||
},
|
||||
"s3Bucket": {
|
||||
"type": "string",
|
||||
"description": "The S3 bucket used for storing backups",
|
||||
"description": "S3 bucket used for storing backups",
|
||||
"default": "s3.example.org/clickhouse-backups"
|
||||
},
|
||||
"schedule": {
|
||||
@@ -57,34 +57,34 @@
|
||||
},
|
||||
"cleanupStrategy": {
|
||||
"type": "string",
|
||||
"description": "The strategy for cleaning up old backups",
|
||||
"description": "Retention strategy for cleaning up old backups",
|
||||
"default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
|
||||
},
|
||||
"s3AccessKey": {
|
||||
"type": "string",
|
||||
"description": "The access key for S3, used for authentication",
|
||||
"description": "Access key for S3, used for authentication",
|
||||
"default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
|
||||
},
|
||||
"s3SecretKey": {
|
||||
"type": "string",
|
||||
"description": "The secret key for S3, used for authentication",
|
||||
"description": "Secret key for S3, used for authentication",
|
||||
"default": "ju3eum4dekeich9ahM1te8waeGai0oog"
|
||||
},
|
||||
"resticPassword": {
|
||||
"type": "string",
|
||||
"description": "The password for Restic backup encryption",
|
||||
"description": "Password for Restic backup encryption",
|
||||
"default": "ChaXoveekoh6eigh4siesheeda2quai0"
|
||||
}
|
||||
}
|
||||
},
|
||||
"resources": {
|
||||
"type": "object",
|
||||
"description": "Resources",
|
||||
"description": "Explicit CPU/memory resource requests and limits for the Clickhouse service",
|
||||
"default": {}
|
||||
},
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"description": "Use a common resources preset when `resources` is not set explicitly.",
|
||||
"default": "nano"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
## @section Common parameters
|
||||
|
||||
## @param size Persistent Volume size
|
||||
## @param logStorageSize Persistent Volume for logs size
|
||||
## @param shards Number of Clickhouse replicas
|
||||
## @param replicas Number of Clickhouse shards
|
||||
## @param size Size of Persistent Volume for data
|
||||
## @param logStorageSize Size of Persistent Volume for logs
|
||||
## @param shards Number of Clickhouse shards
|
||||
## @param replicas Number of Clickhouse replicas
|
||||
## @param storageClass StorageClass used to store the data
|
||||
## @param logTTL for query_log and query_thread_log
|
||||
## @param logTTL TTL (expiration time) for query_log and query_thread_log
|
||||
##
|
||||
size: 10Gi
|
||||
logStorageSize: 2Gi
|
||||
@@ -29,14 +29,14 @@ users: {}
|
||||
|
||||
## @section Backup parameters
|
||||
|
||||
## @param backup.enabled Enable pereiodic backups
|
||||
## @param backup.s3Region The AWS S3 region where backups are stored
|
||||
## @param backup.s3Bucket The S3 bucket used for storing backups
|
||||
## @param backup.enabled Enable periodic backups
|
||||
## @param backup.s3Region AWS S3 region where backups are stored
|
||||
## @param backup.s3Bucket S3 bucket used for storing backups
|
||||
## @param backup.schedule Cron schedule for automated backups
|
||||
## @param backup.cleanupStrategy The strategy for cleaning up old backups
|
||||
## @param backup.s3AccessKey The access key for S3, used for authentication
|
||||
## @param backup.s3SecretKey The secret key for S3, used for authentication
|
||||
## @param backup.resticPassword The password for Restic backup encryption
|
||||
## @param backup.cleanupStrategy Retention strategy for cleaning up old backups
|
||||
## @param backup.s3AccessKey Access key for S3, used for authentication
|
||||
## @param backup.s3SecretKey Secret key for S3, used for authentication
|
||||
## @param backup.resticPassword Password for Restic backup encryption
|
||||
backup:
|
||||
enabled: false
|
||||
s3Region: us-east-1
|
||||
@@ -47,7 +47,7 @@ backup:
|
||||
s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
|
||||
resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
|
||||
|
||||
## @param resources Resources
|
||||
## @param resources Explicit CPU/memory resource requests and limits for the Clickhouse service
|
||||
resources: {}
|
||||
# resources:
|
||||
# limits:
|
||||
@@ -56,6 +56,6 @@ resources: {}
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 512Mi
|
||||
|
||||
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
|
||||
## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly.
|
||||
resourcesPreset: "nano"
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/nginx-cache:0.5.0@sha256:99cd04f09f80eb0c60cc0b2f6bc8180ada7ada00cb594606447674953dfa1b67
|
||||
ghcr.io/cozystack/cozystack/nginx-cache:0.5.0@sha256:c1944c60a449e36e29153a38db6feee41139d38b02fe3670efb673feb3bc0ee6
|
||||
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -14,9 +14,9 @@
|
||||
| `zookeeper.replicas` | Number of ZooKeeper replicas | `3` |
|
||||
| `zookeeper.storageClass` | StorageClass used to store the ZooKeeper data | `""` |
|
||||
| `kafka.resources` | Resources | `{}` |
|
||||
| `kafka.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
|
||||
| `kafka.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
|
||||
| `zookeeper.resources` | Resources | `{}` |
|
||||
| `zookeeper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
|
||||
| `zookeeper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
|
||||
### Configuration parameters
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"default": "nano"
|
||||
"default": "small"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -63,7 +63,7 @@
|
||||
"resourcesPreset": {
|
||||
"type": "string",
|
||||
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
|
||||
"default": "nano"
|
||||
"default": "micro"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
@@ -25,7 +25,7 @@ kafka:
|
||||
# memory: 512Mi
|
||||
|
||||
## @param kafka.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
resourcesPreset: "nano"
|
||||
resourcesPreset: "small"
|
||||
|
||||
zookeeper:
|
||||
size: 5Gi
|
||||
@@ -42,7 +42,7 @@ zookeeper:
|
||||
# memory: 512Mi
|
||||
|
||||
## @param zookeeper.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
resourcesPreset: "nano"
|
||||
resourcesPreset: "micro"
|
||||
|
||||
## @section Configuration parameters
|
||||
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/cluster-autoscaler:0.21.0@sha256:7315850634728a5864a3de3150c12f0e1454f3f1ce33cdf21a278f57611dd5e9
|
||||
ghcr.io/cozystack/cozystack/cluster-autoscaler:0.21.0@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.21.0@sha256:6962bdf51ab2ff40b420b9cff7c850aeea02187da2a65a67f10e0471744649d7
|
||||
ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.21.0@sha256:c53cff22980c754eb45f552cb1ccd3d9ad0b4ce4c12b024012e0ae256fd114f0
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.21.0@sha256:b1525163cd21938ac934bb1b860f2f3151464fa463b82880ab058167aeaf3e29
|
||||
ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.21.0@sha256:510e4c8db50126391b94668fccce9f6ed82d298a02882d2585596b5c6213ddc3
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:bfe568db4b768a4b6c67a8d562892bbba766d0245e140d431754589b347f0b41
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:e53f2394c7aa76ad10818ffb945e40006cd77406999e47e036d41b8b0bf094cc
|
||||
|
||||
@@ -4,4 +4,4 @@ description: Separated tenant namespace
|
||||
icon: /logos/tenant.svg
|
||||
|
||||
type: application
|
||||
version: 1.9.2
|
||||
version: 1.10.0
|
||||
|
||||
1
packages/apps/tenant/charts/cozy-lib
Symbolic link
1
packages/apps/tenant/charts/cozy-lib
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../library/cozy-lib
|
||||
@@ -23,8 +23,8 @@ metadata:
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["*"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch"]
|
||||
resources: ["pods", "services", "persistentvolumes", "endpoints", "events", "resourcequotas"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
@@ -94,7 +94,12 @@ rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- "*"
|
||||
- pods
|
||||
- services
|
||||
- persistentvolumes
|
||||
- endpoints
|
||||
- events
|
||||
- resourcequotas
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
@@ -119,24 +124,7 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "cozy-lib.rbac.subjectsForTenant" (list "view" (include "tenant.name" .)) | nindent 2 }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-view
|
||||
@@ -165,7 +153,12 @@ rules:
|
||||
- watch
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- "*"
|
||||
- pods
|
||||
- services
|
||||
- persistentvolumes
|
||||
- endpoints
|
||||
- events
|
||||
- resourcequotas
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
@@ -184,6 +177,12 @@ rules:
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups: ["subresources.kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachineinstances/portforward
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- cozystack.io
|
||||
resources:
|
||||
@@ -196,24 +195,7 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "cozy-lib.rbac.subjectsForTenant" (list "use" (include "tenant.name" .)) | nindent 2 }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-use
|
||||
@@ -234,7 +216,12 @@ rules:
|
||||
- get
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- "*"
|
||||
- pods
|
||||
- services
|
||||
- persistentvolumes
|
||||
- endpoints
|
||||
- events
|
||||
- resourcequotas
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
@@ -253,6 +240,12 @@ rules:
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups: ["subresources.kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachineinstances/portforward
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups: ["apps.cozystack.io"]
|
||||
resources:
|
||||
- buckets
|
||||
@@ -293,24 +286,7 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "cozy-lib.rbac.subjectsForTenant" (list "admin" (include "tenant.name" .)) | nindent 2 }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-admin
|
||||
@@ -331,7 +307,12 @@ rules:
|
||||
- get
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- "*"
|
||||
- pods
|
||||
- services
|
||||
- persistentvolumes
|
||||
- endpoints
|
||||
- events
|
||||
- resourcequotas
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
@@ -349,6 +330,12 @@ rules:
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- apiGroups: ["subresources.kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachineinstances/portforward
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups: ["apps.cozystack.io"]
|
||||
resources:
|
||||
- '*'
|
||||
@@ -366,24 +353,7 @@ metadata:
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
namespace: {{ include "tenant.name" . }}
|
||||
subjects:
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
- kind: Group
|
||||
name: tenant-root-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
- kind: Group
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if hasPrefix "tenant-" .Release.Namespace }}
|
||||
{{- $parts := splitList "-" .Release.Namespace }}
|
||||
{{- range $i, $v := $parts }}
|
||||
{{- if ne $i 0 }}
|
||||
- kind: Group
|
||||
name: {{ join "-" (slice $parts 0 (add $i 1)) }}-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ include "cozy-lib.rbac.subjectsForTenant" (list "super-admin" (include "tenant.name" .) ) | nindent 2 }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "tenant.name" . }}-super-admin
|
||||
|
||||
@@ -36,7 +36,8 @@ kafka 0.3.2 93c46161
|
||||
kafka 0.3.3 8267072d
|
||||
kafka 0.4.0 85ec09b8
|
||||
kafka 0.5.0 93bdf411
|
||||
kafka 0.6.0 HEAD
|
||||
kafka 0.6.0 6130f43d
|
||||
kafka 0.6.1 HEAD
|
||||
kubernetes 0.1.0 263e47be
|
||||
kubernetes 0.2.0 53f2365e
|
||||
kubernetes 0.3.0 007d414f
|
||||
@@ -146,7 +147,8 @@ tenant 1.7.0 24fa7222
|
||||
tenant 1.8.0 160e4e2a
|
||||
tenant 1.9.0 728743db
|
||||
tenant 1.9.1 721c12a7
|
||||
tenant 1.9.2 HEAD
|
||||
tenant 1.9.2 8c86905b
|
||||
tenant 1.10.0 HEAD
|
||||
virtual-machine 0.1.4 f2015d65
|
||||
virtual-machine 0.1.5 263e47be
|
||||
virtual-machine 0.2.0 c0685f43
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/cozystack/cozystack/installer:v0.31.1@sha256:b8f418e45dcbf351b13ce743f3528b195159753430d35c619dd82a1c676ae3bb
|
||||
image: ghcr.io/cozystack/cozystack/installer:v0.31.2@sha256:c45ab98465c0077337077f86f5e7d8ab3c051db6092854bbc9c26400c3317f9a
|
||||
|
||||
@@ -167,7 +167,7 @@ releases:
|
||||
releaseName: snapshot-controller
|
||||
chart: cozy-snapshot-controller
|
||||
namespace: cozy-snapshot-controller
|
||||
dependsOn: [cilium,cert-manager-issuers]
|
||||
dependsOn: [cilium]
|
||||
|
||||
- name: objectstorage-controller
|
||||
releaseName: objectstorage-controller
|
||||
|
||||
@@ -69,4 +69,10 @@ kubeapps:
|
||||
.appview-first-row section[aria-labelledby="access-urls-title"] {
|
||||
width: 100%;
|
||||
}
|
||||
.header-version {
|
||||
display: none;
|
||||
}
|
||||
.label.label-info-secondary {
|
||||
display: none;
|
||||
}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.1@sha256:55809f10d69d32b47b9ca306482861255408516eab7775498ac71368f362ee96
|
||||
image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.2@sha256:90468a068e64d41135e94104307dfee7c34baa97d1ad3661431a54a2a5742f5f
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/matchbox:v0.31.1@sha256:31b267a3a542e4ddabcadb85fbfe1fb0746e57cc29d941d320437cfd0abae7d9
|
||||
ghcr.io/cozystack/cozystack/matchbox:v0.31.2@sha256:b680021f59d717929fe41bc974a0e39ab9b4d361bf8f5189c7a98c2267bd039e
|
||||
|
||||
@@ -3,4 +3,4 @@ name: monitoring
|
||||
description: Monitoring and observability stack
|
||||
icon: /logos/monitoring.svg
|
||||
type: application
|
||||
version: 1.10.0
|
||||
version: 1.10.1
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/grafana:1.10.0@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399
|
||||
ghcr.io/cozystack/cozystack/grafana:1.10.1@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399
|
||||
|
||||
@@ -18,8 +18,8 @@ spec:
|
||||
{{- if and .vminsert .vminsert.minAllowed }}
|
||||
{{- toYaml .vminsert.minAllowed | nindent 10 }}
|
||||
{{- else }}
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
cpu: 25m
|
||||
memory: 64Mi
|
||||
{{- end }}
|
||||
maxAllowed:
|
||||
{{- if and .vminsert .vminsert.maxAllowed }}
|
||||
@@ -47,8 +47,8 @@ spec:
|
||||
{{- if and .vmselect .vmselect.minAllowed }}
|
||||
{{- toYaml .vmselect.minAllowed | nindent 10 }}
|
||||
{{- else }}
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
cpu: 25m
|
||||
memory: 64Mi
|
||||
{{- end }}
|
||||
maxAllowed:
|
||||
{{- if and .vmselect .vmselect.maxAllowed }}
|
||||
@@ -76,8 +76,8 @@ spec:
|
||||
{{- if and .vmstorage .vmstorage.minAllowed }}
|
||||
{{- toYaml .vmstorage.minAllowed | nindent 10 }}
|
||||
{{- else }}
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
cpu: 25m
|
||||
memory: 64Mi
|
||||
{{- end }}
|
||||
maxAllowed:
|
||||
{{- if and .vmstorage .vmstorage.maxAllowed }}
|
||||
|
||||
@@ -16,7 +16,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.4.0
|
||||
version: 0.4.1
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -13,8 +13,8 @@ spec:
|
||||
containerPolicies:
|
||||
- containerName: seaweedfs
|
||||
minAllowed:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
cpu: 25m
|
||||
memory: 64Mi
|
||||
maxAllowed:
|
||||
cpu: "1"
|
||||
memory: 2048Mi
|
||||
@@ -36,8 +36,8 @@ spec:
|
||||
containerPolicies:
|
||||
- containerName: seaweedfs
|
||||
minAllowed:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
cpu: 25m
|
||||
memory: 64Mi
|
||||
maxAllowed:
|
||||
cpu: "1"
|
||||
memory: 2048Mi
|
||||
@@ -59,8 +59,8 @@ spec:
|
||||
containerPolicies:
|
||||
- containerName: seaweedfs
|
||||
minAllowed:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
cpu: 25m
|
||||
memory: 64Mi
|
||||
maxAllowed:
|
||||
cpu: "1"
|
||||
memory: 2048Mi
|
||||
|
||||
@@ -39,9 +39,11 @@ monitoring 1.8.1 8267072d
|
||||
monitoring 1.9.0 45a7416c
|
||||
monitoring 1.9.1 fd240701
|
||||
monitoring 1.9.2 f9f8bb2f
|
||||
monitoring 1.10.0 HEAD
|
||||
monitoring 1.10.0 632224a3
|
||||
monitoring 1.10.1 HEAD
|
||||
seaweedfs 0.1.0 71514249
|
||||
seaweedfs 0.2.0 5fb9cfe3
|
||||
seaweedfs 0.2.1 fde4bcfa
|
||||
seaweedfs 0.3.0 45a7416c
|
||||
seaweedfs 0.4.0 HEAD
|
||||
seaweedfs 0.4.0 632224a3
|
||||
seaweedfs 0.4.1 HEAD
|
||||
|
||||
@@ -15,4 +15,4 @@ type: library
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.0
|
||||
version: 0.2.0
|
||||
|
||||
5
packages/library/cozy-lib/templates/_checkinput.tpl
Normal file
5
packages/library/cozy-lib/templates/_checkinput.tpl
Normal file
@@ -0,0 +1,5 @@
|
||||
{{- define "cozy-lib.checkInput" }}
|
||||
{{- if not (kindIs "slice" .) }}
|
||||
{{- fail (printf "called cozy-lib function without global scope, expected [<arg>, $], got %s" (kindOf .)) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
7
packages/library/cozy-lib/templates/_cozyconfig.tpl
Normal file
7
packages/library/cozy-lib/templates/_cozyconfig.tpl
Normal file
@@ -0,0 +1,7 @@
|
||||
{{- define "cozy-lib.loadCozyConfig" }}
|
||||
{{- include "cozy-lib.checkInput" . }}
|
||||
{{- if not (hasKey (index . 1) "cozyConfig") }}
|
||||
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
|
||||
{{- $_ := set (index . 1) "cozyConfig" $cozyConfig }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
106
packages/library/cozy-lib/templates/_rbac.tpl
Normal file
106
packages/library/cozy-lib/templates/_rbac.tpl
Normal file
@@ -0,0 +1,106 @@
|
||||
{{- define "cozy-lib.rbac.accessLevelMap" }}
|
||||
view: 0
|
||||
use: 1
|
||||
admin: 2
|
||||
super-admin: 3
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.rbac.accessLevelToInt" }}
|
||||
{{- $accessMap := include "cozy-lib.rbac.accessLevelMap" "" | fromYaml }}
|
||||
{{- $accessLevel := dig . -1 $accessMap | int }}
|
||||
{{- if eq $accessLevel -1 }}
|
||||
{{- printf "encountered access level of %s, allowed values are %s" . ($accessMap | keys) | fail }}
|
||||
{{- end }}
|
||||
{{- $accessLevel }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.rbac.accessLevelsAtOrAbove" }}
|
||||
{{- $minLevelInt := include "cozy-lib.rbac.accessLevelToInt" . | int }}
|
||||
{{- range $k, $v := (include "cozy-lib.rbac.accessLevelMap" "" | fromYaml) }}
|
||||
{{- if ge (int $v) $minLevelInt }}
|
||||
- {{ $k }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.rbac.allParentTenantsAndThis" }}
|
||||
{{- if not (hasPrefix "tenant-" .) }}
|
||||
{{- printf "'%s' is not a valid tenant identifier" . | fail }}
|
||||
{{- end }}
|
||||
{{- $parts := append (splitList "-" .) "" }}
|
||||
{{- $tenants := list }}
|
||||
{{- range untilStep 2 (len $parts) 1 }}
|
||||
{{- $tenants = append $tenants (slice $parts 0 . | join "-") }}
|
||||
{{- end }}
|
||||
{{- range $tenants }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- if not (eq . "tenant-root") }}
|
||||
- tenant-root
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.rbac.groupSubject" -}}
|
||||
- kind: Group
|
||||
name: {{ . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.rbac.serviceAccountSubject" -}}
|
||||
- kind: ServiceAccount
|
||||
name: {{ . }}
|
||||
namespace: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
{{- /*
|
||||
A helper function to get a list of groups that should have access, given a
|
||||
minimal access level and the tenant. Invoked as:
|
||||
{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" $) }}
|
||||
For an example input of (list "use" $) and a .Release.Namespace of
|
||||
tenant-abc-def it will return:
|
||||
---
|
||||
- kind: Group
|
||||
name: tenant-abc-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: tenant-abc-def-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: tenant-abc-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: tenant-abc-def-super-admin
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: tenant-abc-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
- kind: Group
|
||||
name: tenant-abc-def-use
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
in other words, all roles including use and higher and for tenant-abc-def, as
|
||||
well as all parent, grandparent, etc. tenants.
|
||||
*/}}
|
||||
{{- define "cozy-lib.rbac.subjectsForTenantAndAccessLevel" }}
|
||||
{{- include "cozy-lib.checkInput" . }}
|
||||
{{- $level := index . 0 }}
|
||||
{{- $tenant := index . 1 }}
|
||||
{{- $levels := include "cozy-lib.rbac.accessLevelsAtOrAbove" $level | fromYamlArray }}
|
||||
{{- $tenants := include "cozy-lib.rbac.allParentTenantsAndThis" $tenant | fromYamlArray }}
|
||||
{{- range $t := $tenants }}
|
||||
{{- include "cozy-lib.rbac.serviceAccountSubject" $t }}{{ printf "\n" }}
|
||||
{{- range $l := $levels }}
|
||||
{{- include "cozy-lib.rbac.groupSubject" (printf "%s-%s" $t $l) }}{{ printf "\n" }}
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.rbac.subjectsForTenant" }}
|
||||
{{- include "cozy-lib.checkInput" . }}
|
||||
{{- $level := index . 0 }}
|
||||
{{- $tenant := index . 1 }}
|
||||
{{- $tenants := include "cozy-lib.rbac.allParentTenantsAndThis" $tenant | fromYamlArray }}
|
||||
{{- range $t := $tenants }}
|
||||
{{- include "cozy-lib.rbac.groupSubject" (printf "%s-%s" $t $level) }}{{ printf "\n" }}
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
@@ -11,38 +11,68 @@ These presets are for basic testing and not meant to be used in production
|
||||
{{ include "cozy-lib.resources.preset" "nano" -}}
|
||||
*/}}
|
||||
{{- define "cozy-lib.resources.preset" -}}
|
||||
{{- $cpuAllocationRatio := include "cozy-lib.resources.cpuAllocationRatio" . | float64 }}
|
||||
{{- $args := index . 0 }}
|
||||
|
||||
{{- $baseCPU := dict
|
||||
"nano" (dict "requests" (dict "cpu" "100m" ))
|
||||
"micro" (dict "requests" (dict "cpu" "250m" ))
|
||||
"small" (dict "requests" (dict "cpu" "500m" ))
|
||||
"medium" (dict "requests" (dict "cpu" "500m" ))
|
||||
"large" (dict "requests" (dict "cpu" "1" ))
|
||||
"xlarge" (dict "requests" (dict "cpu" "2" ))
|
||||
"2xlarge" (dict "requests" (dict "cpu" "4" ))
|
||||
}}
|
||||
{{- $baseMemory := dict
|
||||
"nano" (dict "requests" (dict "memory" "128Mi" ))
|
||||
"micro" (dict "requests" (dict "memory" "256Mi" ))
|
||||
"small" (dict "requests" (dict "memory" "512Mi" ))
|
||||
"medium" (dict "requests" (dict "memory" "1Gi" ))
|
||||
"large" (dict "requests" (dict "memory" "2Gi" ))
|
||||
"xlarge" (dict "requests" (dict "memory" "4Gi" ))
|
||||
"2xlarge" (dict "requests" (dict "memory" "8Gi" ))
|
||||
}}
|
||||
|
||||
{{- range $baseCPU }}
|
||||
{{- $_ := set . "limits" (dict "cpu" (include "cozy-lib.resources.toFloat" .requests.cpu | float64 | mulf $cpuAllocationRatio | toString)) }}
|
||||
{{- end }}
|
||||
{{- range $baseMemory }}
|
||||
{{- $_ := set . "limits" (dict "memory" .requests.memory) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $presets := dict
|
||||
"nano" (dict
|
||||
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "128Mi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
"micro" (dict
|
||||
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "256Mi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
"small" (dict
|
||||
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "512Mi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
"medium" (dict
|
||||
"requests" (dict "cpu" "500m" "memory" "1Gi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "1Gi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
"large" (dict
|
||||
"requests" (dict "cpu" "1" "memory" "2Gi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "2Gi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
"xlarge" (dict
|
||||
"requests" (dict "cpu" "2" "memory" "4Gi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "4Gi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
"2xlarge" (dict
|
||||
"requests" (dict "cpu" "4" "memory" "8Gi" "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "memory" "8Gi" "ephemeral-storage" "2Gi")
|
||||
"requests" (dict "ephemeral-storage" "50Mi")
|
||||
"limits" (dict "ephemeral-storage" "2Gi")
|
||||
)
|
||||
}}
|
||||
{{- if hasKey $presets . -}}
|
||||
{{- index $presets . | toYaml -}}
|
||||
{{- $_ := merge $presets $baseCPU $baseMemory }}
|
||||
{{- if hasKey $presets $args -}}
|
||||
{{- index $presets $args | toYaml -}}
|
||||
{{- else -}}
|
||||
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" . (join "," (keys $presets)) | fail -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,16 +1,47 @@
|
||||
{{- define "cozy-lib.resources.defaultCpuAllocationRatio" }}
|
||||
{{- `10` }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.resources.cpuAllocationRatio" }}
|
||||
{{- include "cozy-lib.loadCozyConfig" . }}
|
||||
{{- $cozyConfig := index . 1 "cozyConfig" }}
|
||||
{{- if not $cozyConfig }}
|
||||
{{- include "cozy-lib.resources.defaultCpuAllocationRatio" . }}
|
||||
{{- else }}
|
||||
{{- dig "data" "cpu-allocation-ratio" (include "cozy-lib.resources.defaultCpuAllocationRatio" dict) $cozyConfig }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cozy-lib.resources.toFloat" -}}
|
||||
{{- $value := . -}}
|
||||
{{- $unit := 1.0 -}}
|
||||
{{- if typeIs "string" . -}}
|
||||
{{- $base2 := dict "Ki" 0x1p10 "Mi" 0x1p20 "Gi" 0x1p30 "Ti" 0x1p40 "Pi" 0x1p50 "Ei" 0x1p60 -}}
|
||||
{{- $base10 := dict "m" 1e-3 "k" 1e3 "M" 1e6 "G" 1e9 "T" 1e12 "P" 1e15 "E" 1e18 -}}
|
||||
{{- range $k, $v := merge $base2 $base10 -}}
|
||||
{{- if hasSuffix $k $ -}}
|
||||
{{- $value = trimSuffix $k $ -}}
|
||||
{{- $unit = $v -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- mulf (float64 $value) $unit | toString -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
A sanitized resource map is a dict with resource-name => resource-quantity.
|
||||
If not in such a form, requests are used, then limits. All resources are set
|
||||
to have equal requests and limits, except CPU, that has only requests. The
|
||||
template expects to receive a dict {"requests":{...}, "limits":{...}} as
|
||||
input, e.g. {{ include "cozy-lib.resources.sanitize" .Values.resources }}.
|
||||
to have equal requests and limits, except CPU, where the limit is increased
|
||||
by a factor of the CPU allocation ratio. The template expects to receive a
|
||||
dict {"requests":{...}, "limits":{...}} as input, e.g.
|
||||
{{ include "cozy-lib.resources.sanitize" .Values.resources }}.
|
||||
Example input:
|
||||
==============
|
||||
limits:
|
||||
cpu: 100m
|
||||
cpu: "1"
|
||||
memory: 1024Mi
|
||||
requests:
|
||||
cpu: 200m
|
||||
cpu: "2"
|
||||
memory: 512Mi
|
||||
memory: 256Mi
|
||||
devices.com/nvidia: "1"
|
||||
@@ -18,34 +49,42 @@
|
||||
Example output:
|
||||
===============
|
||||
limits:
|
||||
devices.com/nvidia: "1"
|
||||
memory: 256Mi
|
||||
devices.com/nvidia: "1" # only present in top level key
|
||||
memory: 256Mi # value from top level key has priority over all others
|
||||
cpu: "2" # value from .requests.cpu has priority over .limits.cpu
|
||||
requests:
|
||||
cpu: 200m
|
||||
devices.com/nvidia: "1"
|
||||
memory: 256Mi
|
||||
cpu: 200m # .limits.cpu divided by CPU allocation ratio
|
||||
devices.com/nvidia: "1" # .requests == .limits
|
||||
memory: 256Mi # .requests == .limits
|
||||
*/}}
|
||||
{{- define "cozy-lib.resources.sanitize" }}
|
||||
{{- $cpuAllocationRatio := include "cozy-lib.resources.cpuAllocationRatio" . | float64 }}
|
||||
{{- $sanitizedMap := dict }}
|
||||
{{- if hasKey . "limits" }}
|
||||
{{- range $k, $v := .limits }}
|
||||
{{- $args := index . 0 }}
|
||||
{{- if hasKey $args "limits" }}
|
||||
{{- range $k, $v := $args.limits }}
|
||||
{{- $_ := set $sanitizedMap $k $v }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if hasKey . "requests" }}
|
||||
{{- range $k, $v := .requests }}
|
||||
{{- if hasKey $args "requests" }}
|
||||
{{- range $k, $v := $args.requests }}
|
||||
{{- $_ := set $sanitizedMap $k $v }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $k, $v := . }}
|
||||
{{- range $k, $v := $args }}
|
||||
{{- if not (or (eq $k "requests") (eq $k "limits")) }}
|
||||
{{- $_ := set $sanitizedMap $k $v }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- $output := dict "requests" dict "limits" dict }}
|
||||
{{- range $k, $v := $sanitizedMap }}
|
||||
{{- $_ := set $output.requests $k $v }}
|
||||
{{- if not (eq $k "cpu") }}
|
||||
{{- $_ := set $output.requests $k $v }}
|
||||
{{- $_ := set $output.limits $k $v }}
|
||||
{{- else }}
|
||||
{{- $vcpuRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
|
||||
{{- $cpuRequestF64 := divf $vcpuRequestF64 $cpuAllocationRatio }}
|
||||
{{- $_ := set $output.requests $k ($cpuRequestF64 | toString) }}
|
||||
{{- $_ := set $output.limits $k $v }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:87669221b6c51dfdf9d9b0c97b41b90cb9199de3739c1623351f604621a99ae3
|
||||
ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a634d52923f2f6acc8bd9595b3fa500d1cbdc686dfbeb59e36060d805e5a2684
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystackAPI:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.1@sha256:4b6fc8f5a50ad02486aca663f6d29a800dcc1eb66763ca7f0e8f176b37f97f16
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.2@sha256:1b545911b21026f22eba46974294b8ac223e76a1ab84b42eae7f7c952547c9ca
|
||||
|
||||
@@ -12,3 +12,6 @@ rules:
|
||||
- apiGroups: ["helm.toolkit.fluxcd.io"]
|
||||
resources: ["helmreleases"]
|
||||
verbs: ["get", "list", "watch", "patch", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "list", "watch", "patch", "update"]
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
cozystackController:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.1@sha256:7b415d9cbad18fdfbc13423a930a03164141d1972500fe3a1a45ba240da75c55
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.2@sha256:0f07f4f796c3ca9f34ea36876ca2e86c6b10b11dc8122433021769681b0f15bf
|
||||
debug: false
|
||||
disableTelemetry: false
|
||||
cozystackVersion: "v0.31.1"
|
||||
cozystackVersion: "v0.31.2"
|
||||
|
||||
@@ -76,7 +76,7 @@ data:
|
||||
"kubeappsNamespace": {{ .Release.Namespace | quote }},
|
||||
"helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
|
||||
"carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
|
||||
"appVersion": "v0.31.1",
|
||||
"appVersion": "v0.31.2",
|
||||
"authProxyEnabled": {{ .Values.authProxy.enabled }},
|
||||
"oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
|
||||
"oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
FROM bitnami/node:20.15.1 AS build
|
||||
WORKDIR /app
|
||||
|
||||
ARG COMMIT_REF=190ea544aeb0be74bb6d1aa4bb474910559e7ecd
|
||||
ARG COMMIT_REF=6856b66f9244ef1b2703a2f30899366e0ba040de
|
||||
RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard
|
||||
|
||||
RUN yarn install --frozen-lockfile
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# syntax = docker/dockerfile:1
|
||||
|
||||
FROM alpine AS source
|
||||
ARG COMMIT_REF=dd02680d796c962b8dcc4e5ea70960a846c1acdc
|
||||
ARG COMMIT_REF=6856b66f9244ef1b2703a2f30899366e0ba040de
|
||||
RUN apk add --no-cache patch
|
||||
WORKDIR /source
|
||||
RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
|
||||
|
||||
@@ -19,24 +19,26 @@ kubeapps:
|
||||
image:
|
||||
registry: ghcr.io/cozystack/cozystack
|
||||
repository: dashboard
|
||||
tag: v0.31.1
|
||||
digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
|
||||
tag: v0.31.2
|
||||
digest: "sha256:5e514516bd3dc0c693bb346ddeb9740e0439a59deb2a56b87317286e3ce79ac9"
|
||||
redis:
|
||||
master:
|
||||
resourcesPreset: "none"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 200m
|
||||
memory: 256Mi
|
||||
cpu: 20m
|
||||
memory: 32Mi
|
||||
limits:
|
||||
memory: 256Mi
|
||||
kubeappsapis:
|
||||
resourcesPreset: "none"
|
||||
qps: "250.0"
|
||||
burst: "500"
|
||||
image:
|
||||
registry: ghcr.io/cozystack/cozystack
|
||||
repository: kubeapps-apis
|
||||
tag: v0.31.1
|
||||
digest: "sha256:07646be7508e443c2fe11b1f33757a716aec487c09b42343e490f9edccb1d57f"
|
||||
tag: v0.31.2
|
||||
digest: "sha256:930f8f4b9e69a82f3de7fee951ead272f5d3a4c5d8eddad33b068f9e9682a962"
|
||||
pluginConfig:
|
||||
flux:
|
||||
packages:
|
||||
|
||||
@@ -5,3 +5,10 @@ flux-operator:
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
hostNetwork: true
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 64Mi
|
||||
|
||||
@@ -3,7 +3,7 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.31.1@sha256:2402c2e4592d79983e074a2de8758a72f8cf2ea653cd30e0550ff2b988eb2e00
|
||||
tag: v0.31.2@sha256:39bd83f5e7dae9c462f25d3aaef4240749dc380469062b9184727d5b12d0d584
|
||||
repository: ghcr.io/cozystack/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
portSecurity: true
|
||||
routes: ""
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.1@sha256:c3f68266a7a43f87a392449939c0fe990821325bcb8070efb8e50f1f886b9c2c
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.2@sha256:afb08b32724c573d5b6503343271ae59cae2e7b554d7d441a276615416b59e71
|
||||
|
||||
@@ -16,6 +16,48 @@ kube-ovn:
|
||||
OPENVSWITCH_DIR: "/var/lib/openvswitch"
|
||||
OVN_DIR: "/var/lib/ovn"
|
||||
DISABLE_MODULES_MANAGEMENT: true
|
||||
ovn-central:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "100Mi"
|
||||
limits:
|
||||
cpu: "3"
|
||||
memory: "4Gi"
|
||||
ovs-ovn:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "2"
|
||||
memory: "1000Mi"
|
||||
kube-ovn-controller:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "100Mi"
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
kube-ovn-cni:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
kube-ovn-pinger:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "200m"
|
||||
memory: "400Mi"
|
||||
kube-ovn-monitor:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "200m"
|
||||
memory: "200Mi"
|
||||
global:
|
||||
registry:
|
||||
address: ghcr.io/cozystack/cozystack
|
||||
|
||||
@@ -4,8 +4,8 @@ metallb:
|
||||
controller:
|
||||
image:
|
||||
repository: ghcr.io/cozystack/cozystack/metallb-controller
|
||||
tag: v0.14.9@sha256:d8fa1a8147f844fb6add20a2147e9be6d1c26424748439c2648a0f6d8e10804d
|
||||
tag: v0.14.9@sha256:9bd71ad21152915dc1c31c79aa1b64ea248d3785b1d6c08ae8c62cc6f688e59a
|
||||
speaker:
|
||||
image:
|
||||
repository: ghcr.io/cozystack/cozystack/metallb-speaker
|
||||
tag: v0.14.9@sha256:a65437314ef23acf030afb44c3a25c5cb6ee813041e9b36ee7e0988a1e21b762
|
||||
tag: v0.14.9@sha256:f63fe3478101c711d84ba7423f0deb6b0c403ca278ca1b9327c693aaf51a3d1e
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
{{- if not (lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "cozy-cert-manager" "cert-manager-issuers") }}
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: selfsigned-cluster-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
||||
{{- end }}
|
||||
10
scripts/migrations/13
Executable file
10
scripts/migrations/13
Executable file
@@ -0,0 +1,10 @@
|
||||
#!/bin/sh
|
||||
# Migration 13 --> 14
|
||||
|
||||
# Upgrade tenants.apps to new chart version
|
||||
kubectl get tenants.apps.cozystack.io -A --no-headers --output=custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' | while read NAMESPACE NAME; do
|
||||
kubectl patch tenants.apps.cozystack.io -n "$NAMESPACE" "$NAME" --type merge -p '{"appVersion":"1.10.0"}'
|
||||
done
|
||||
|
||||
# Write version to cozystack-version config
|
||||
kubectl create configmap -n cozy-system cozystack-version --from-literal=version=14 --dry-run=client -o yaml | kubectl apply -f-
|
||||
Reference in New Issue
Block a user