diff --git a/manifests/cozystack-installer.yaml b/manifests/cozystack-installer.yaml index 742c7723..b3c4503d 100644 --- a/manifests/cozystack-installer.yaml +++ b/manifests/cozystack-installer.yaml @@ -68,7 +68,7 @@ spec: serviceAccountName: cozystack containers: - name: cozystack - image: "ghcr.io/aenix-io/cozystack/cozystack:v0.6.0" + image: "mgr.cp.if.ua/cozystack:v0.6.1-2" env: - name: KUBERNETES_SERVICE_HOST value: localhost @@ -87,7 +87,7 @@ spec: fieldRef: fieldPath: metadata.name - name: darkhttpd - image: "ghcr.io/aenix-io/cozystack/cozystack:v0.6.0" + image: "mgr.cp.if.ua/cozystack:v0.6.1-2" command: - /usr/bin/darkhttpd - /cozystack/assets diff --git a/packages/apps/http-cache/images/nginx-cache.json b/packages/apps/http-cache/images/nginx-cache.json index e0e737b3..0fe08fe3 100644 --- a/packages/apps/http-cache/images/nginx-cache.json +++ b/packages/apps/http-cache/images/nginx-cache.json @@ -1,4 +1,39 @@ { - "containerimage.config.digest": "sha256:aa7a9874c35d7fac8668a623744acbf376b48aed2ef1dc4b3a19054fdcff99cf", - "containerimage.digest": "sha256:d825427d433dda95db40264c6559b44c7bbb726e69279e90fe73fe8fc9265abb" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/ubuntu@22.04?platform=linux%2Famd64", + "digest": { + "sha256": "a6d2b38300ce017add71440577d5b0a90460d0e57fd7aec21dd0d1b0761bbfb2" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "args": { + "build-arg:ARCH": "amd64" + }, + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "default/default/na719vcch4rrxzkdpcgx2zo6q", + "containerimage.config.digest": "sha256:92851e36b025f0ac6160963d7488830dcab846c24a269dea252f2d33c2b07d04", + "containerimage.digest": "sha256:c51996c102fd22bbe0160e5aec2e489c4870e897e99fa8b9fa2611f0bc3ac799", + "image.name": "mgr.cp.if.ua/nginx-cache:v0.1.0,mgr.cp.if.ua/nginx-cache:v0.1.0-v0.6.1-2" } \ No newline at end of file diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index 86b6633b..2c88a526 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0 +mgr.cp.if.ua/nginx-cache:v0.1.0 diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml index 2028768d..39e8cc22 100644 --- a/packages/apps/kubernetes/Chart.yaml +++ b/packages/apps/kubernetes/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.0 +version: 0.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.json b/packages/apps/kubernetes/images/ubuntu-container-disk.json index e7685393..d8bb4558 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.json +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.json @@ -1,4 +1,39 @@ { - "containerimage.config.digest": "sha256:24cee18d0bc9ed40e741412da86820dd99bdb9ffa4c794c81856725a4a10d86e", - "containerimage.digest": "sha256:6a43369905e0630bb401e1cf73084bbef3060e960756f261676cd3bea4195e9a" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/ubuntu@22.04?platform=linux%2Famd64", + "digest": { + "sha256": "a6d2b38300ce017add71440577d5b0a90460d0e57fd7aec21dd0d1b0761bbfb2" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "args": { + "build-arg:ARCH": "amd64" + }, + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "default/default/l99y440iab5ypx66oqg83llt4", + "containerimage.config.digest": "sha256:d297828b945ff40cd3f8c12f631f6db3b40f2b53ed5202c5205982cfbbc2a1df", + "containerimage.digest": "sha256:6a8b43af59ea188f295807ef4c42408a80793ddecf3c1245f27e9c37ff43a726", + "image.name": "mgr.cp.if.ua/ubuntu-container-disk:v1.29.1,mgr.cp.if.ua/ubuntu-container-disk:v1.29.1-v0.6.1-2" } \ No newline at end of file diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index c2389748..6724238b 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.29.1 +mgr.cp.if.ua/ubuntu-container-disk:v1.29.1 diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index 19aebd00..baa0bc6b 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -39,7 +39,9 @@ metadata: spec: dataStoreName: "{{ $etcd }}" addons: - coreDNS: {} + coreDNS: + dnsServiceIPs: + - 10.95.0.10 konnectivity: {} kubelet: cgroupfs: systemd @@ -55,7 +57,7 @@ spec: className: "{{ $ingress }}" deployment: replicas: 2 - version: 1.29.0 + version: 1.29.4 --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtCluster @@ -176,5 +178,5 @@ spec: kind: KubevirtMachineTemplate name: {{ $.Release.Name }}-{{ $groupName }} namespace: default - version: v1.29.0 + version: v1.29.4 {{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml index 96c759fd..14577407 100644 --- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml @@ -26,7 +26,9 @@ spec: values: cilium: tunnel: disabled - autoDirectNodeRoutes: true + autoDirectNodeRoutes: false + bpf: + masquerade: true cgroup: autoMount: enabled: true @@ -38,9 +40,9 @@ spec: chainingMode: ~ customConf: false configMap: "" - routingMode: native + routingMode: tunnel enableIPv4Masquerade: true - ipv4NativeRoutingCIDR: "10.244.0.0/16" + ipv4NativeRoutingCIDR: "" dependsOn: - name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} diff --git a/packages/apps/postgres/Chart.yaml b/packages/apps/postgres/Chart.yaml index c9e8d9f5..89dee73f 100644 --- a/packages/apps/postgres/Chart.yaml +++ b/packages/apps/postgres/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/postgres/templates/init-script.yaml b/packages/apps/postgres/templates/init-script.yaml index e402fce3..f5f6431c 100644 --- a/packages/apps/postgres/templates/init-script.yaml +++ b/packages/apps/postgres/templates/init-script.yaml @@ -100,13 +100,13 @@ stringData: echo "== assign roles to users" psql -v ON_ERROR_STOP=1 --echo-all <<\EOT {{- range $database, $d := .Values.databases }} - {{- range $user, $u := $.Values.roles }} - {{- if has $user $d.users.admin }} + {{- range $user, $u := $.Values.users }} + {{- if has $user $d.roles.admin }} GRANT {{ $database }}_admin TO {{ $user }}; {{- else }} REVOKE {{ $database }}_admin FROM {{ $user }}; {{- end }} - {{- if has $user $d.users.readonly }} + {{- if has $user $d.roles.readonly }} GRANT {{ $database }}_readonly TO {{ $user }}; {{- else }} REVOKE {{ $database }}_readonly FROM {{ $user }}; diff --git a/packages/apps/versions_map b/packages/apps/versions_map index c6f6cf0d..a0af04a8 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -6,13 +6,15 @@ kafka 0.1.0 760f86d2 kafka 0.2.0 HEAD kubernetes 0.1.0 f642698 kubernetes 0.2.0 7cd7de73 -kubernetes 0.3.0 HEAD +kubernetes 0.3.0 7caccec1 +kubernetes 0.4.0 HEAD kubernetes-proxmox 0.2.0 HEAD mysql 0.1.0 f642698 mysql 0.2.0 8b975ff0 mysql 0.3.0 HEAD postgres 0.1.0 f642698 -postgres 0.2.0 HEAD +postgres 0.2.0 7cd7de73 +postgres 0.2.1 HEAD rabbitmq 0.1.0 f642698 rabbitmq 0.2.0 HEAD redis 0.1.1 f642698 diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile index 7f1ddacf..9a44bd14 100644 --- a/packages/core/fluxcd/Makefile +++ b/packages/core/fluxcd/Makefile @@ -11,3 +11,10 @@ apply: diff: helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- + +update: + rm -rf charts + helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts + helm repo update fluxcd-community + helm pull fluxcd-community/flux2 --untar --untardir charts + sed -i 's/\.{{ \.Values\.clusterDomain | default "cluster\.local" }}\.//g' `grep -rl '.{{ .Values.clusterDomain | default "cluster.local" }}.' charts` diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml index 0811c156..8177c17c 100644 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml @@ -44,7 +44,7 @@ spec: - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml index 47da44d5..40e4da8d 100644 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml @@ -43,7 +43,7 @@ spec: - --no-cross-namespace-refs=true {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml index 58abd295..6be9c3e1 100644 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml @@ -43,7 +43,7 @@ spec: - --no-cross-namespace-refs=true {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml index fff3ed0d..6473dbe0 100644 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml @@ -44,7 +44,7 @@ spec: - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml index 46c7cfe8..517b54bd 100644 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml @@ -38,14 +38,14 @@ spec: containers: - args: {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} - --log-encoding=json - --enable-leader-election - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc {{- range .Values.sourceController.container.additionalArgs }} - {{ . }} {{- end}} diff --git a/packages/core/installer/Makefile b/packages/core/installer/Makefile index 5e96fb48..7cea7ed7 100644 --- a/packages/core/installer/Makefile +++ b/packages/core/installer/Makefile @@ -34,8 +34,8 @@ image-cozystack: image-talos: test -f ../../../_out/assets/installer-amd64.tar || make talos-installer docker load -i ../../../_out/assets/installer-amd64.tar - docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION)) - docker push ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION)) + docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) + docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) image-matchbox: test -f ../../../_out/assets/kernel-amd64 || make talos-kernel diff --git a/packages/core/installer/images/cozystack.json b/packages/core/installer/images/cozystack.json index e576eff0..87609773 100644 --- a/packages/core/installer/images/cozystack.json +++ b/packages/core/installer/images/cozystack.json @@ -35,8 +35,8 @@ } } }, - "buildx.build.ref": "default/default/fsmnflf8uqknh80dspcknlpha", - "containerimage.config.digest": "sha256:abdccfbe37edab6f0926f6d24a59fb721bb70ccc50c777348e17b836ffba0e27", - "containerimage.digest": "sha256:37c3d13886ef7780b0bc8702bc2b26c254c14cbd756174b2f243dab924e3b535", - "image.name": "mgr.cp.if.ua:5000/cozystack:latest" + "buildx.build.ref": "default/default/yl8ay4qgn21yi6fl1vkvv7q0q", + "containerimage.config.digest": "sha256:b15e3f99a35085209f84d8832a44e9250b6c3dd78510355dc846e504f435716f", + "containerimage.digest": "sha256:914a96cca1101fd34354a89bd9b8b72b75c93a81c5abefeb0e895f956120916c", + "image.name": "mgr.cp.if.ua/cozystack:v0.6.1-2" } \ No newline at end of file diff --git a/packages/core/installer/images/cozystack.tag b/packages/core/installer/images/cozystack.tag index fa2722fd..7ae679ec 100644 --- a/packages/core/installer/images/cozystack.tag +++ b/packages/core/installer/images/cozystack.tag @@ -1 +1 @@ -mgr.cp.if.ua:5000/cozystack:latest +mgr.cp.if.ua/cozystack:v0.6.1-2 diff --git a/packages/core/installer/images/matchbox.json b/packages/core/installer/images/matchbox.json index 2ff00e73..ec976921 100644 --- a/packages/core/installer/images/matchbox.json +++ b/packages/core/installer/images/matchbox.json @@ -1,4 +1,36 @@ { - "containerimage.config.digest": "sha256:05f6f9ed2e662dde64ace18dbbd69001b39778841bda812d7b6b86e064270e64", - "containerimage.digest": "sha256:56ef77367394c4b073c862974726d882036c9b95d27a56a774987fe3244c35f6" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/quay.io/poseidon/matchbox@v0.10.0?platform=linux%2Famd64", + "digest": { + "sha256": "e14cc4a8f6e8f1182fce74d04fe949b6bfc91b04132b3944297661e2c38c9790" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "default/default/a4c3v6f2svmao7g1qrdclagjs", + "containerimage.config.digest": "sha256:7bc68a091b1ea2855288b5e2d6f0e5c0083c52e7fe12f6b4290e920307198703", + "containerimage.digest": "sha256:37f93f14b23b02fbe4d9dc59b3e074955645a1d8c9f74482b4df6ee27ceeba69", + "image.name": "mgr.cp.if.ua/matchbox:v0.6.1-2,mgr.cp.if.ua/matchbox:v1.7.1-v0.6.1-2" } \ No newline at end of file diff --git a/packages/core/installer/images/matchbox.tag b/packages/core/installer/images/matchbox.tag index dadda235..7974106d 100644 --- a/packages/core/installer/images/matchbox.tag +++ b/packages/core/installer/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/matchbox:v1.7.1 +mgr.cp.if.ua/matchbox:v1.7.1 diff --git a/packages/core/platform/bundles/paas-proxmox.yaml b/packages/core/platform/bundles/paas-proxmox.yaml index 79aa3947..dd82de12 100644 --- a/packages/core/platform/bundles/paas-proxmox.yaml +++ b/packages/core/platform/bundles/paas-proxmox.yaml @@ -1,78 +1,107 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} releases: +- name: cilium + releaseName: cilium + chart: cozy-cilium + namespace: cozy-cilium + privileged: true + dependsOn: [] + +- name: kubeovn + releaseName: kubeovn + chart: cozy-kubeovn + namespace: cozy-kubeovn + privileged: true + dependsOn: [cilium] + values: + cozystack: + nodesHash: {{ include "cozystack.master-node-ips" . | sha256sum }} + kube-ovn: + ipv4: + POD_CIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}" + POD_GATEWAY: "{{ index $cozyConfig.data "ipv4-pod-gateway" }}" + SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}" + JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}" + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager namespace: cozy-cert-manager - dependsOn: [] + dependsOn: [cilium,kubeovn] - name: cert-manager-issuers releaseName: cert-manager-issuers chart: cozy-cert-manager-issuers namespace: cozy-cert-manager - dependsOn: [cert-manager] + dependsOn: [cilium,kubeovn,cert-manager] - name: victoria-metrics-operator releaseName: victoria-metrics-operator chart: cozy-victoria-metrics-operator namespace: cozy-victoria-metrics-operator - dependsOn: [cert-manager] + dependsOn: [cilium,kubeovn,cert-manager] - name: monitoring releaseName: monitoring chart: cozy-monitoring namespace: cozy-monitoring privileged: true - dependsOn: [victoria-metrics-operator] + dependsOn: [cilium,kubeovn,victoria-metrics-operator] - name: grafana-operator releaseName: grafana-operator chart: cozy-grafana-operator namespace: cozy-grafana-operator - dependsOn: [] + dependsOn: [cilium,kubeovn] - name: mariadb-operator releaseName: mariadb-operator chart: cozy-mariadb-operator namespace: cozy-mariadb-operator - dependsOn: [cert-manager,victoria-metrics-operator] + dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator] - name: postgres-operator releaseName: postgres-operator chart: cozy-postgres-operator namespace: cozy-postgres-operator - dependsOn: [cert-manager] + dependsOn: [cilium,kubeovn,cert-manager] - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator namespace: cozy-rabbitmq-operator - dependsOn: [] + dependsOn: [cilium,kubeovn] - name: redis-operator releaseName: redis-operator chart: cozy-redis-operator namespace: cozy-redis-operator - dependsOn: [] + dependsOn: [cilium,kubeovn] - name: proxmox-csi-operator releaseName: proxmox-csi-operator chart: cozy-proxmox-csi-operator namespace: cozy-proxmox - dependsOn: [cert-manager] + dependsOn: [cilium,kubeovn,cert-manager] + +- name: proxmox-csi-operator + releaseName: proxmox-csi-operator + chart: cozy-proxmox-csi-operator + namespace: cozy-proxmox + dependsOn: [cilium,kubeovn,cert-manager] - name: telepresence releaseName: traffic-manager chart: cozy-telepresence namespace: cozy-telepresence - dependsOn: [] + dependsOn: [cilium,kubeovn] - name: dashboard releaseName: dashboard chart: cozy-dashboard namespace: cozy-dashboard - dependsOn: [] + dependsOn: [cilium,kubeovn] {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} values: @@ -88,3 +117,22 @@ releases: {{- end }} {{- end }} +- name: kamaji + releaseName: kamaji + chart: cozy-kamaji + namespace: cozy-kamaji + dependsOn: [cilium,kubeovn,cert-manager] + +- name: capi-operator + releaseName: capi-operator + chart: cozy-capi-operator + namespace: cozy-cluster-api + privileged: true + dependsOn: [cilium,kubeovn,cert-manager] + +- name: capi-providers + releaseName: capi-providers + chart: cozy-capi-providers + namespace: cozy-cluster-api + privileged: true + dependsOn: [cilium,kubeovn,capi-operator] \ No newline at end of file diff --git a/packages/extra/etcd/Chart.yaml b/packages/extra/etcd/Chart.yaml index 3403ec0c..76d426a9 100644 --- a/packages/extra/etcd/Chart.yaml +++ b/packages/extra/etcd/Chart.yaml @@ -3,4 +3,4 @@ name: etcd description: Storage for Kubernetes clusters icon: https://www.svgrepo.com/show/353714/etcd.svg type: application -version: 2.0.1 +version: 2.1.0 diff --git a/packages/extra/etcd/templates/etcd-cluster.yaml b/packages/extra/etcd/templates/etcd-cluster.yaml index 78bc5f00..6edf5616 100644 --- a/packages/extra/etcd/templates/etcd-cluster.yaml +++ b/packages/extra/etcd/templates/etcd-cluster.yaml @@ -15,6 +15,9 @@ metadata: spec: options: quota-backend-bytes: {{ include "calculateQuotaBackendBytes" .Values.size | quote }} + auto-compaction-mode: "periodic" + auto-compaction-retention: "5m" + snapshot-count: "10000" replicas: {{ .Values.replicas }} storage: volumeClaimTemplate: diff --git a/packages/extra/etcd/templates/etcd-defrag.yaml b/packages/extra/etcd/templates/etcd-defrag.yaml new file mode 100644 index 00000000..21a8e514 --- /dev/null +++ b/packages/extra/etcd/templates/etcd-defrag.yaml @@ -0,0 +1,31 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-defrag +spec: + schedule: "0 * * * *" + successfulJobsHistoryLimit: 3 + jobTemplate: + spec: + template: + spec: + containers: + - name: etcd-defrag + image: ghcr.io/ahrtr/etcd-defrag:v0.13.0 + args: + - --endpoints={{ range $i, $e := until (int .Values.replicas) }}{{ if $i }},{{ end }}https://{{ $.Release.Name }}-{{ $i }}.{{ $.Release.Name }}-headless.{{ $.Release.Namespace }}.svc:2379{{ end }} + - --cacert=/etc/etcd/pki/client/cert/ca.crt + - --cert=/etc/etcd/pki/client/cert/tls.crt + - --key=/etc/etcd/pki/client/cert/tls.key + - --cluster + - --defrag-rule + - "dbQuotaUsage > 0.8 || dbSize - dbSizeInUse > 200*1024*1024" + volumeMounts: + - mountPath: /etc/etcd/pki/client/cert + name: client-certificate + readOnly: true + volumes: + - name: client-certificate + secret: + secretName: {{ .Release.Name }}-client-tls + restartPolicy: OnFailure diff --git a/packages/extra/versions_map b/packages/extra/versions_map index 82611637..6bc2b2f9 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -1,5 +1,6 @@ etcd 1.0.0 f7eaab0 etcd 2.0.0 a6d0f7cf -etcd 2.0.1 HEAD +etcd 2.0.1 6fc1cc7d +etcd 2.1.0 HEAD ingress 1.0.0 HEAD monitoring 1.0.0 HEAD diff --git a/packages/system/Makefile b/packages/system/Makefile index 9162b1a4..e40b0bf1 100644 --- a/packages/system/Makefile +++ b/packages/system/Makefile @@ -9,4 +9,4 @@ repo: cd "$(OUT)" && helm repo index . fix-chartnames: - find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done + find . -maxdepth 2 -name Chart.yaml | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index 6e3a484f..a8f1dd6c 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -18,10 +18,15 @@ cilium: k8sServiceHost: localhost k8sServicePort: 7445 +# cni: +# chainingMode: generic-veth +# customConf: true +# configMap: cni-configuration +# routingMode: native +# enableIPv4Masquerade: false +# enableIdentityMark: false + cni: - chainingMode: generic-veth - customConf: true - configMap: cni-configuration - routingMode: native - enableIPv4Masquerade: false - enableIdentityMark: false + chainingMode: null + configMap: "" + customConf: false \ No newline at end of file diff --git a/packages/system/dashboard/Makefile b/packages/system/dashboard/Makefile index 7172288b..f7a66c71 100644 --- a/packages/system/dashboard/Makefile +++ b/packages/system/dashboard/Makefile @@ -14,6 +14,7 @@ update-chart: helm pull bitnami/kubeapps --untar --untardir charts rm -rf charts/kubeapps/charts/postgresql/ ln -s ../../images charts/kubeapps/images + sed -i 's/.cluster.local//g' charts/kubeapps/templates/kubeappsapis/deployment.yaml update-dockerfiles: tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/vmware-tanzu/kubeapps | awk -F'[/^]' 'END{print $$3}') && \ diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml index 61d6e603..5791a2f4 100644 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml +++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml @@ -133,7 +133,7 @@ spec: # longer-term pass something to the plugins so that the plugins won't need to # know these details). Currently they're used directly by the flux plugin - name: REDIS_ADDR - value: {{ printf "%s-master.%s.svc.cluster.local:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }} + value: {{ printf "%s-master.%s.svc:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: diff --git a/packages/system/dashboard/images/dashboard.json b/packages/system/dashboard/images/dashboard.json index fa70d533..afc5da18 100644 --- a/packages/system/dashboard/images/dashboard.json +++ b/packages/system/dashboard/images/dashboard.json @@ -1,4 +1,42 @@ { - "containerimage.config.digest": "sha256:8126f86f18708a9157206884c63dc9df7f3090a33e05f4a1b94f2a7da7610c74", - "containerimage.digest": "sha256:e1a285812d1ce34bcf5c37db2a5c12ec99887c930b46ac261895dc98f674c066" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/bitnami/nginx@1.25.2?platform=linux%2Famd64", + "digest": { + "sha256": "fbd9335f55d83d8aaf9ab1a539b0f2a87b444e8c54f34c9a1ca9d7df15605db4" + } + }, + { + "uri": "pkg:docker/bitnami/node@20.12.1?platform=linux%2Famd64", + "digest": { + "sha256": "ac00b5d3742ef2b522e149ac3912a9118ca8dc27556f13700d4a53c1982b1460" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "default/default/2ot90pccljzk2p5k794ime6v2", + "containerimage.config.digest": "sha256:8f2194dd28579a83f2d42e4344e85bc21a8f83b4d3715a3ce93a137f4417557b", + "containerimage.digest": "sha256:42eb215842470ecc430be735da7abac9b35e78daa80111452fce0d5c1740e314", + "image.name": "mgr.cp.if.ua/dashboard:v0.6.1-2" } \ No newline at end of file diff --git a/packages/system/dashboard/images/dashboard.tag b/packages/system/dashboard/images/dashboard.tag index 7f20ff19..aa2e9e93 100644 --- a/packages/system/dashboard/images/dashboard.tag +++ b/packages/system/dashboard/images/dashboard.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/dashboard:v0.6.0 +mgr.cp.if.ua/dashboard:v0.6.1-2 diff --git a/packages/system/dashboard/images/kubeapps-apis.json b/packages/system/dashboard/images/kubeapps-apis.json index f54437aa..3ce24881 100644 --- a/packages/system/dashboard/images/kubeapps-apis.json +++ b/packages/system/dashboard/images/kubeapps-apis.json @@ -1,4 +1,48 @@ { - "containerimage.config.digest": "sha256:79ac02f0fe54d2007b222efe05596a1bf35b8557e406d018f825a2334bd73249", - "containerimage.digest": "sha256:1c1dbee8e5c4be14e5df36a69be75a6a2907445564379e23b7f8fbea1afc7093" + "buildx.build.provenance": { + "buildType": "https://mobyproject.org/buildkit@v1", + "materials": [ + { + "uri": "pkg:docker/bitnami/golang@1.22.2?platform=linux%2Famd64", + "digest": { + "sha256": "f6238d0feb519be3a157e0f29d56312fdcbfde165d96987f3956581126371977" + } + }, + { + "uri": "pkg:docker/bitnami/minideb@bookworm?platform=linux%2Famd64", + "digest": { + "sha256": "6cc3baf349947d587a9cd4971e81ff3ffc0d17382f2b5b6de63d6542bff10c16" + } + }, + { + "uri": "pkg:docker/alpine@latest?platform=linux%2Famd64", + "digest": { + "sha256": "77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd" + } + } + ], + "invocation": { + "configSource": { + "entryPoint": "Dockerfile" + }, + "parameters": { + "frontend": "dockerfile.v0", + "locals": [ + { + "name": "context" + }, + { + "name": "dockerfile" + } + ] + }, + "environment": { + "platform": "linux/amd64" + } + } + }, + "buildx.build.ref": "default/default/ao0jq2cd1xv1r7w0t4zc3v6jg", + "containerimage.config.digest": "sha256:1ab7b96c8870db7d86e57bdb21fc222196369c30330a8d6d7a7c8b985a1545c9", + "containerimage.digest": "sha256:be834737c0099db19edd886d3645cc395d0b79416f4a97581bf279168b1d15ea", + "image.name": "mgr.cp.if.ua/kubeapps-apis:v0.6.1-2" } \ No newline at end of file diff --git a/packages/system/dashboard/images/kubeapps-apis.tag b/packages/system/dashboard/images/kubeapps-apis.tag index 6cd70ddb..cc8d5e61 100644 --- a/packages/system/dashboard/images/kubeapps-apis.tag +++ b/packages/system/dashboard/images/kubeapps-apis.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.6.0 +mgr.cp.if.ua/kubeapps-apis:v0.6.1-2 diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 2ef13714..de677502 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -1,3 +1,8 @@ kamaji: etcd: deploy: false + + # Fix https://github.com/clastix/kamaji/pull/467 + image: + repository: ghcr.io/kvaps/test + tag: kamaji-v0.6.0-fix diff --git a/packages/system/kubemox/.helmignore b/packages/system/kubemox/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packages/system/kubemox/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/kubemox/Chart.yaml b/packages/system/kubemox/Chart.yaml new file mode 100644 index 00000000..bf91962e --- /dev/null +++ b/packages/system/kubemox/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +name: kubemox +description: A Helm chart for Kubernetes +maintainers: + - name: Alp Eren Celik + email: celial18@itu.edu.tr +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.2" diff --git a/packages/system/kubemox/Makefile b/packages/system/kubemox/Makefile new file mode 100644 index 00000000..ff8c09c0 --- /dev/null +++ b/packages/system/kubemox/Makefile @@ -0,0 +1,11 @@ +NAME=kubemox +NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package-system.mk + +update: + rm -rf templates + mkdir templates + export RELEASE=v0.0.6-rc2 && \ + wget https://github.com/kubevirt/kubevirt/releases/download/$${RELEASE}/kubevirt-cr.yaml -O templates/kubevirt-cr.yaml + sed -i 's/namespace: kubevirt/namespace: cozy-kubevirt/g' templates/kubevirt-cr.yaml diff --git a/packages/system/kubemox/templates/NOTES.txt b/packages/system/kubemox/templates/NOTES.txt new file mode 100644 index 00000000..5da4c2ce --- /dev/null +++ b/packages/system/kubemox/templates/NOTES.txt @@ -0,0 +1,12 @@ +* Thanks for installing the kubemox! + +* Kubemox aims managing Proxmox resources through Kubernetes objects. + +- To create a VirtualMachine from a template on Proxmox use one of the examples below: + + 1. kubectl create -f kubemox/samples/virtualmachineclone.yaml + + 2. kubectl create -f kubemox/samples/virtualmachinscratch.yaml + + +DISCLAIMER: Kubemox is still under development so please use accordingly! diff --git a/packages/system/kubemox/templates/_helpers.tpl b/packages/system/kubemox/templates/_helpers.tpl new file mode 100644 index 00000000..a0e950e0 --- /dev/null +++ b/packages/system/kubemox/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubemox.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubemox.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubemox.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubemox.labels" -}} +helm.sh/chart: {{ include "kubemox.chart" . }} +{{ include "kubemox.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubemox.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubemox.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubemox.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubemox.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/packages/system/kubemox/templates/crds/containers.yaml b/packages/system/kubemox/templates/crds/containers.yaml new file mode 100644 index 00000000..07347492 --- /dev/null +++ b/packages/system/kubemox/templates/crds/containers.yaml @@ -0,0 +1,107 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: containers.proxmox.alperen.cloud +spec: + conversion: + strategy: None + group: proxmox.alperen.cloud + names: + kind: Container + listKind: ContainerList + plural: containers + singular: container + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Container is the Schema for the containers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ContainerSpec defines the desired state of Container + properties: + name: + description: Name is the name of the Container + type: string + nodeName: + description: NodeName is the name of the target node of Proxmox + type: string + template: + description: TemplateSpec of the source Container + properties: + cores: + description: Cores is the number of CPU cores + type: integer + disk: + description: Disks is the list of disks + items: + properties: + size: + description: Size is the size of the disk + type: integer + storage: + description: Storage is the name of the storage + type: string + type: + description: Type is the type of the disk + type: string + type: object + type: array + memory: + description: Memory is the amount of memory in MB + type: integer + name: + description: Name of the template + type: string + network: + description: Networks is the list of networks + items: + properties: + bridge: + description: Bridge is the name of the bridge + type: string + model: + description: Name is the name of the network + type: string + type: object + type: array + type: object + required: + - name + - nodeName + type: object + status: + description: ContainerStatus defines the observed state of Container + properties: + id: + type: integer + name: + type: string + node: + type: string + state: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + uptime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packages/system/kubemox/templates/crds/customcertificate.yaml b/packages/system/kubemox/templates/crds/customcertificate.yaml new file mode 100644 index 00000000..be744409 --- /dev/null +++ b/packages/system/kubemox/templates/crds/customcertificate.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{"controller-gen.kubebuilder.io/version":"v0.12.0"},"name":"customcertificates.proxmox.alperen.cloud"},"spec":{"group":"proxmox.alperen.cloud","names":{"kind":"CustomCertificate","listKind":"CustomCertificateList","plural":"customcertificates","singular":"customcertificate"},"scope":"Namespaced","versions":[{"name":"v1alpha1","schema":{"openAPIV3Schema":{"description":"CustomCertificate is the Schema for the customcertificates API","properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"CustomCertificateSpec defines the desired state of CustomCertificate","properties":{"certManagerSpec":{"properties":{"commonName":{"type":"string"},"dnsNames":{"items":{"type":"string"},"type":"array"},"issuerRef":{"properties":{"group":{"type":"string"},"kind":{"type":"string"},"name":{"type":"string"}},"type":"object"},"secretName":{"type":"string"},"usages":{"items":{"type":"string"},"type":"array"}},"type":"object"},"nodeName":{"description":"INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run \"make\" to regenerate code after modifying this file","type":"string"},"proxmoxCertSpec":{"properties":{"certificate":{"type":"string"},"force":{"type":"boolean"},"nodeName":{"type":"string"},"privateKey":{"type":"string"},"restartProxy":{"type":"boolean"}},"type":"object"}},"type":"object"},"status":{"description":"CustomCertificateStatus defines the observed state of CustomCertificate","properties":{"status":{"description":"INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file","type":"string"}},"type":"object"}},"type":"object"}},"served":true,"storage":true,"subresources":{"status":{}}}]}} + creationTimestamp: "2024-02-17T20:53:20Z" + generation: 3 + name: customcertificates.proxmox.alperen.cloud + resourceVersion: "3299203" + uid: b6cf98fa-a272-4b2f-b150-f49ab3b5f368 +spec: + conversion: + strategy: None + group: proxmox.alperen.cloud + names: + kind: CustomCertificate + listKind: CustomCertificateList + plural: customcertificates + singular: customcertificate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CustomCertificate is the Schema for the customcertificates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CustomCertificateSpec defines the desired state of CustomCertificate + properties: + certManagerSpec: + properties: + commonName: + type: string + dnsNames: + items: + type: string + type: array + issuerRef: + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + secretName: + type: string + usages: + items: + type: string + type: array + type: object + nodeName: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proxmoxCertSpec: + properties: + certificate: + type: string + force: + type: boolean + nodeName: + type: string + privateKey: + type: string + restartProxy: + type: boolean + type: object + type: object + status: + description: CustomCertificateStatus defines the observed state of CustomCertificate + properties: + status: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packages/system/kubemox/templates/crds/managedvirtualmachines.yaml b/packages/system/kubemox/templates/crds/managedvirtualmachines.yaml new file mode 100644 index 00000000..e49a61cc --- /dev/null +++ b/packages/system/kubemox/templates/crds/managedvirtualmachines.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: managedvirtualmachines.proxmox.alperen.cloud +spec: + group: proxmox.alperen.cloud + names: + kind: ManagedVirtualMachine + listKind: ManagedVirtualMachineList + plural: managedvirtualmachines + singular: managedvirtualmachine + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagedVirtualMachine is the Schema for the managedvirtualmachines + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagedVirtualMachineSpec defines the desired state of ManagedVirtualMachine + properties: + cores: + type: integer + disk: + type: integer + memory: + type: integer + name: + description: Foo is an example field of ManagedVirtualMachine. Edit + managedvirtualmachine_types.go to remove/update + type: string + nodeName: + type: string + required: + - cores + - disk + - memory + - name + - nodeName + type: object + status: + description: ManagedVirtualMachineStatus defines the observed state of + ManagedVirtualMachine + properties: + IPAddress: + type: string + OSInfo: + type: string + id: + type: integer + name: + type: string + node: + type: string + state: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + uptime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/kubemox/templates/crds/storagedownloadurls.yaml b/packages/system/kubemox/templates/crds/storagedownloadurls.yaml new file mode 100644 index 00000000..9e2cfe15 --- /dev/null +++ b/packages/system/kubemox/templates/crds/storagedownloadurls.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: storagedownloadurls.proxmox.alperen.cloud +spec: + conversion: + strategy: None + group: proxmox.alperen.cloud + names: + kind: StorageDownloadURL + listKind: StorageDownloadURLList + plural: storagedownloadurls + singular: storagedownloadurl + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: StorageDownloadURL is the Schema for the storagedownloadurls + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: StorageDownloadURLSpec defines the desired state of StorageDownloadURL + properties: + checksum: + description: Optional fields + type: string + checksumAlgorithm: + type: string + compression: + type: string + content: + type: string + filename: + type: string + node: + type: string + storage: + type: string + url: + type: string + verifyCertificate: + type: boolean + required: + - content + - filename + - node + - storage + - url + type: object + status: + description: StorageDownloadURLStatus defines the observed state of StorageDownloadURL + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packages/system/kubemox/templates/crds/virtualmachines.yaml b/packages/system/kubemox/templates/crds/virtualmachines.yaml new file mode 100644 index 00000000..bc75029d --- /dev/null +++ b/packages/system/kubemox/templates/crds/virtualmachines.yaml @@ -0,0 +1,156 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: virtualmachines.proxmox.alperen.cloud +spec: + group: proxmox.alperen.cloud + names: + kind: VirtualMachine + listKind: VirtualMachineList + plural: virtualmachines + singular: virtualmachine + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VirtualMachine is the Schema for the virtualmachines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualMachineSpec defines the desired state of VirtualMachine + properties: + name: + description: Name is the name of the VM + type: string + nodeName: + description: NodeName is the name of the target node of Proxmox + type: string + template: + description: TemplateSpec of the source VM + properties: + cores: + description: Cores is the number of CPU cores + type: integer + disk: + description: Disks is the list of disks + items: + properties: + size: + description: Size is the size of the disk in GB + type: integer + storage: + description: Storage is the name of the storage + type: string + type: + description: Type is the type of the disk + type: string + required: + - size + - storage + - type + type: object + type: array + memory: + description: Memory is the amount of memory in MB + type: integer + name: + description: Name of the template + type: string + network: + description: Networks is the list of networks + items: + properties: + bridge: + description: Bridge is the name of the bridge + type: string + model: + description: Model is the model of the network card + type: string + required: + - bridge + - model + type: object + type: array + socket: + description: Socket is the number of CPU sockets + type: integer + type: object + vmSpec: + description: This field should be modified further + properties: + cores: + description: CPUs + type: integer + disk: + description: Disks is the list of disks + properties: + name: + type: string + value: + type: string + type: object + memory: + description: Memory is the amount of memory in MB + type: integer + network: + description: Networks is the list of networks + properties: + name: + type: string + value: + type: string + type: object + osImage: + description: OS Image + properties: + name: + type: string + value: + type: string + type: object + type: object + required: + - name + - nodeName + type: object + status: + description: VirtualMachineStatus defines the observed state of VirtualMachine + properties: + IPAddress: + type: string + OSInfo: + type: string + id: + type: integer + name: + type: string + node: + type: string + state: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + uptime: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/kubemox/templates/crds/virtualmachinesets.yaml b/packages/system/kubemox/templates/crds/virtualmachinesets.yaml new file mode 100644 index 00000000..966a1980 --- /dev/null +++ b/packages/system/kubemox/templates/crds/virtualmachinesets.yaml @@ -0,0 +1,110 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: virtualmachinesets.proxmox.alperen.cloud +spec: + group: proxmox.alperen.cloud + names: + kind: VirtualMachineSet + listKind: VirtualMachineSetList + plural: virtualmachinesets + singular: virtualmachineset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VirtualMachineSet is the Schema for the virtualmachinesets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualMachineSetSpec defines the desired state of VirtualMachineSet + properties: + nodeName: + type: string + replicas: + description: Foo is an example field of VirtualMachineSet. Edit virtualmachineset_types.go + to remove/update + type: integer + template: + properties: + cores: + description: Cores is the number of CPU cores + type: integer + disk: + description: Disks is the list of disks + items: + properties: + size: + description: Size is the size of the disk in GB + type: integer + storage: + description: Storage is the name of the storage + type: string + type: + description: Type is the type of the disk + type: string + required: + - size + - storage + - type + type: object + type: array + memory: + description: Memory is the amount of memory in MB + type: integer + name: + description: Name of the template + type: string + network: + description: Networks is the list of networks + items: + properties: + bridge: + description: Bridge is the name of the bridge + type: string + model: + description: Model is the model of the network card + type: string + required: + - bridge + - model + type: object + type: array + socket: + description: Socket is the number of CPU sockets + type: integer + type: object + required: + - nodeName + - replicas + type: object + status: + description: VirtualMachineSetStatus defines the observed state of VirtualMachineSet + properties: + condition: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + required: + - condition + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packages/system/kubemox/templates/crds/virtualmachinesnapshotpolicies.yaml b/packages/system/kubemox/templates/crds/virtualmachinesnapshotpolicies.yaml new file mode 100644 index 00000000..638a841b --- /dev/null +++ b/packages/system/kubemox/templates/crds/virtualmachinesnapshotpolicies.yaml @@ -0,0 +1,104 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: virtualmachinesnapshotpolicies.proxmox.alperen.cloud +spec: + group: proxmox.alperen.cloud + names: + kind: VirtualMachineSnapshotPolicy + listKind: VirtualMachineSnapshotPolicyList + plural: virtualmachinesnapshotpolicies + singular: virtualmachinesnapshotpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VirtualMachineSnapshotPolicy is the Schema for the virtualmachinesnapshotpolicies + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualMachineSnapshotPolicySpec defines the desired state + of VirtualMachineSnapshotPolicy + properties: + labelSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + namespaces: + items: + type: string + type: array + type: object + snapshotSchedule: + type: string + type: object + status: + description: VirtualMachineSnapshotPolicyStatus defines the observed state + of VirtualMachineSnapshotPolicy + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packages/system/kubemox/templates/crds/virtualmachinesnapshots.yaml b/packages/system/kubemox/templates/crds/virtualmachinesnapshots.yaml new file mode 100644 index 00000000..8542cb4c --- /dev/null +++ b/packages/system/kubemox/templates/crds/virtualmachinesnapshots.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: virtualmachinesnapshots.proxmox.alperen.cloud +spec: + group: proxmox.alperen.cloud + names: + kind: VirtualMachineSnapshot + listKind: VirtualMachineSnapshotList + plural: virtualmachinesnapshots + singular: virtualmachinesnapshot + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VirtualMachineSnapshot is the Schema for the virtualmachinesnapshots + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualMachineSnapshotSpec defines the desired state of VirtualMachineSnapshot + properties: + snapshotName: + description: Name of the snapshot + type: string + timestamp: + description: Description of the snapshot + format: date-time + type: string + virtualMachineName: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + Name of the virtual machine to take snapshot of' + type: string + required: + - virtualMachineName + type: object + status: + description: VirtualMachineSnapshotStatus defines the observed state of + VirtualMachineSnapshot + properties: + errorMessage: + description: Error message if the snapshot creation process failed + type: string + status: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file Possible values: "created", "failed"' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/packages/system/kubemox/templates/deployment.yaml b/packages/system/kubemox/templates/deployment.yaml new file mode 100644 index 00000000..b246d9d6 --- /dev/null +++ b/packages/system/kubemox/templates/deployment.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kubemox.fullname" . }} + labels: + {{- include "kubemox.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "kubemox.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kubemox.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kubemox.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + # livenessProbe: + # httpGet: + # path: / + # port: http + # readinessProbe: + # httpGet: + # path: / + # port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PROXMOX_ENDPOINT + value: {{ .Values.proxmox.endpoint }} + - name: PROXMOX_INSECURE_SKIP_TLS_VERIFY + value: {{ .Values.proxmox.insecureSkipTLSVerify | quote }} + {{- if .Values.proxmox.tokenID }} + - name: PROXMOX_TOKEN_ID + valueFrom: + secretKeyRef: + name: proxmox-credentials + key: tokenID + {{- end }} + {{- if .Values.proxmox.secret }} + - name: PROXMOX_SECRET + valueFrom: + secretKeyRef: + name: proxmox-credentials + key: secret + {{- end }} + {{- if .Values.proxmox.username }} + - name: PROXMOX_USERNAME + valueFrom: + secretKeyRef: + name: proxmox-credentials + key: username + {{- end }} + {{- if .Values.proxmox.password }} + - name: PROXMOX_PASSWORD + valueFrom: + secretKeyRef: + name: proxmox-credentials + key: password + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/kubemox/templates/hpa.yaml b/packages/system/kubemox/templates/hpa.yaml new file mode 100644 index 00000000..7d634219 --- /dev/null +++ b/packages/system/kubemox/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kubemox.fullname" . }} + labels: + {{- include "kubemox.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kubemox.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/packages/system/kubemox/templates/ingress.yaml b/packages/system/kubemox/templates/ingress.yaml new file mode 100644 index 00000000..69d4c94a --- /dev/null +++ b/packages/system/kubemox/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "kubemox.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "kubemox.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packages/system/kubemox/templates/role.yaml b/packages/system/kubemox/templates/role.yaml new file mode 100644 index 00000000..4481a3e9 --- /dev/null +++ b/packages/system/kubemox/templates/role.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubemox +rules: +# Custom Resources +- apiGroups: ["proxmox.alperen.cloud"] + resources: + - "managedvirtualmachines" + - "managedvirtualmachines/finalizers" + - "managedvirtualmachines/status" + - "virtualmachines" + - "virtualmachines/finalizers" + - "virtualmachines/status" + - "virtualmachinesets" + - "virtualmachinesets/finalizers" + - "virtualmachinesets/status" + - "virtualmachinesnapshots" + - "virtualmachinesnapshots/finalizers" + - "virtualmachinesnapshots/status" + - "virtualmachinesnapshotpolicies" + - "virtualmachinesnapshotpolicies/finalizers" + - "virtualmachinesnapshotpolicies/status" + - "containers" + - "containers/finalizers" + - "containers/status" + - "customcertificates" + - "customcertificates/finalizers" + - "customcertificates/status" + - "storagedownloadurls" + - "storagedownloadurls/finalizers" + - "storagedownloadurls/status" + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +# Events +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +## Leader election +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +## List CRDs +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - get +# Certificates +- apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] \ No newline at end of file diff --git a/packages/system/kubemox/templates/rolebinding.yaml b/packages/system/kubemox/templates/rolebinding.yaml new file mode 100644 index 00000000..dc5f27aa --- /dev/null +++ b/packages/system/kubemox/templates/rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubemox +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubemox +subjects: +- kind: ServiceAccount + name: kubemox + namespace: {{ .Release.Namespace }} diff --git a/packages/system/kubemox/templates/secret.yaml b/packages/system/kubemox/templates/secret.yaml new file mode 100644 index 00000000..adfb86ce --- /dev/null +++ b/packages/system/kubemox/templates/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + {{- if .Values.proxmox.secret }} + secret: {{ .Values.proxmox.secret | b64enc }} + {{- end }} + {{- if .Values.proxmox.tokenID }} + tokenID: {{ .Values.proxmox.tokenID | b64enc }} + {{- end }} + {{- if .Values.proxmox.username }} + username: {{ .Values.proxmox.username | b64enc }} + {{- end }} + {{- if .Values.proxmox.password }} + password: {{ .Values.proxmox.password | b64enc }} + {{- end }} +kind: Secret +metadata: + name: proxmox-credentials \ No newline at end of file diff --git a/packages/system/kubemox/templates/service.yaml b/packages/system/kubemox/templates/service.yaml new file mode 100644 index 00000000..98b4138d --- /dev/null +++ b/packages/system/kubemox/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kubemox.fullname" . }} + labels: + {{- include "kubemox.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: {{ .Values.service.portName }} + selector: + {{- include "kubemox.selectorLabels" . | nindent 4 }} diff --git a/packages/system/kubemox/templates/serviceMonitor.yaml b/packages/system/kubemox/templates/serviceMonitor.yaml new file mode 100644 index 00000000..7ed3a59d --- /dev/null +++ b/packages/system/kubemox/templates/serviceMonitor.yaml @@ -0,0 +1,47 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kubemox.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "kubemox.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.metrics.service.portName }} + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "kubemox.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/packages/system/kubemox/templates/serviceaccount.yaml b/packages/system/kubemox/templates/serviceaccount.yaml new file mode 100644 index 00000000..60981531 --- /dev/null +++ b/packages/system/kubemox/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kubemox.serviceAccountName" . }} + labels: + {{- include "kubemox.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/kubemox/templates/tests/test-connection.yaml b/packages/system/kubemox/templates/tests/test-connection.yaml new file mode 100644 index 00000000..c8021781 --- /dev/null +++ b/packages/system/kubemox/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "kubemox.fullname" . }}-test-connection" + labels: + {{- include "kubemox.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "kubemox.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/packages/system/kubemox/values.yaml b/packages/system/kubemox/values.yaml new file mode 100644 index 00000000..3c653a04 --- /dev/null +++ b/packages/system/kubemox/values.yaml @@ -0,0 +1,126 @@ +# Default values for kubemox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +proxmox: + endpoint: "10.0.0.99" + # endpoint: 10.0.0.99 + # insecureSkipTLSVerify: true + insecureSkipTLSVerify: true + # Either tokenID/secret or username/password must be set + tokenID: "" + secret: "" + # Both username and password must be set if tokenID/secret is not set + username: "root@pam" + password: "PROXMOX_PASSWORD" + +image: + repository: alperencelik/kubemox + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + # See https://github.com/alperencelik/kubemox/releases for the tags + tag: "latest" + +metrics: + serviceMonitor: + enabled: false + interval: 30s + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + targetPort: 8080 + portName: http + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/scripts/installer.sh b/scripts/installer.sh index 5fd5b0be..e5acb578 100755 --- a/scripts/installer.sh +++ b/scripts/installer.sh @@ -23,10 +23,10 @@ flux_is_ok() { } install_basic_charts() { - if [ "$BUNDLE" = "paas-full" ] || [ "$BUNDLE" = "distro-full" ]; then - make -C packages/system/cilium apply resume + if [ "$BUNDLE" = "paas-full" ] || [ "$BUNDLE" = "distro-full" || "$BUNDLE" = "paas-proxmox" ]; then + make -C packages/system/cilium apply resume fi - if [ "$BUNDLE" = "paas-full" ]; then + if [ "$BUNDLE" = "paas-full" || "$BUNDLE" = "paas-proxmox" ]; then make -C packages/system/kubeovn apply resume fi }