From d5aa55ce4572174cdd00b5d83d73128a234a83bf Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Sun, 4 Feb 2024 17:38:24 +0100 Subject: [PATCH] add ingress-nginx --- TODO | 1 + .../apps/kubernetes/templates/cluster.yaml | 11 --------- packages/core/installer/images/installer.json | 6 ++--- packages/core/platform/values.yaml | 1 - .../etcd/templates/check-release-name.yaml | 3 +++ .../extra/etcd/templates/kamaji-etcd.yaml | 18 ++++++++++++++ .../ingress/templates/check-release-name.yaml | 3 +++ .../ingress/templates/nginx-ingress.yaml | 24 +++++++++++++++++++ packages/system/ingress-nginx/values.yaml | 2 +- packages/system/kamaji-etcd/Makefile | 1 + .../charts/kamaji-etcd/templates/etcd_cm.yaml | 1 + .../system/kamaji-etcd/patches/fix-svc.diff | 12 ++++++++++ .../kamaji-etcd/templates/datastore.yaml | 14 +++++------ 13 files changed, 74 insertions(+), 23 deletions(-) create mode 100644 packages/extra/etcd/templates/check-release-name.yaml create mode 100644 packages/extra/etcd/templates/kamaji-etcd.yaml create mode 100644 packages/extra/ingress/templates/check-release-name.yaml create mode 100644 packages/extra/ingress/templates/nginx-ingress.yaml create mode 100644 packages/system/kamaji-etcd/patches/fix-svc.diff diff --git a/TODO b/TODO index 6c9f9915..dc92008c 100644 --- a/TODO +++ b/TODO @@ -23,3 +23,4 @@ reconcile system helm releases remove cluster and other namespace resources from apps charts, eg extension-apiserver-authentication-reader nginx-ingress has no values update all applications to be managed by operators +fullnameOverride kamaji-etcd diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index 8f53724a..75cd78bf 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -72,22 +72,11 @@ spec: template: spec: joinConfiguration: - localAPIEndpoint: - advertiseAddress: {{ .Release.Name }}.{{ .Release.Namespace }}.svc - bindPort: 6443 nodeRegistration: kubeletExtraArgs: {} - discovery: - bootstrapToken: - apiServerEndpoint: {{ .Release.Name }}.{{ .Release.Namespace }}.svc:6443 initConfiguration: skipPhases: - addon/kube-proxy - users: - - name: test - sudo: ALL=(ALL) NOPASSWD:ALL - groups: users, admin - passwd: $6$tgqE6TLb2HVdRg0S$i8aPZ1LQQ/F.SMk1QiGua9SCpJKcccAFKLIKZUqkQUZS1ikaS0JJ/T0gM73coXuul/1khh/xQVQH.NOsHOWXr1 --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtMachineTemplate diff --git a/packages/core/installer/images/installer.json b/packages/core/installer/images/installer.json index 40cea3bf..327cc6e9 100644 --- a/packages/core/installer/images/installer.json +++ b/packages/core/installer/images/installer.json @@ -1,14 +1,14 @@ { - "containerimage.config.digest": "sha256:1e74c5d6b48380c70b04b99ab91ef5a6ef6fde818298edacd9e3487f568d7cc2", + "containerimage.config.digest": "sha256:fa3eed4cd2f16714d9f5bd89ae1c9796d566396a718a0cdb81a296286cd33304", "containerimage.descriptor": { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", - "digest": "sha256:2a0c1e4c8cf19a74b08fb9de2f0cdc551f3bf54fd842e648f003f96784cb4d73", + "digest": "sha256:dd0524e0794343ce0e3cade6eab19fd69be9dffd08329bab769ce8b7e567fa14", "size": 2074, "platform": { "architecture": "amd64", "os": "linux" } }, - "containerimage.digest": "sha256:2a0c1e4c8cf19a74b08fb9de2f0cdc551f3bf54fd842e648f003f96784cb4d73", + "containerimage.digest": "sha256:dd0524e0794343ce0e3cade6eab19fd69be9dffd08329bab769ce8b7e567fa14", "image.name": "ghcr.io/aenix-io/cozystack/installer:latest" } \ No newline at end of file diff --git a/packages/core/platform/values.yaml b/packages/core/platform/values.yaml index 1cf1f8a3..8577555f 100644 --- a/packages/core/platform/values.yaml +++ b/packages/core/platform/values.yaml @@ -7,7 +7,6 @@ namespaces: privileged: true - name: cozy-fluxcd - name: cozy-grafana-operator -- name: cozy-ingress-nginx - name: cozy-kamaji - name: cozy-cluster-api privileged: true # for capk only diff --git a/packages/extra/etcd/templates/check-release-name.yaml b/packages/extra/etcd/templates/check-release-name.yaml new file mode 100644 index 00000000..384435af --- /dev/null +++ b/packages/extra/etcd/templates/check-release-name.yaml @@ -0,0 +1,3 @@ +{{- if ne .Release.Name .Chart.Name }} +{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }} +{{- end -}} diff --git a/packages/extra/etcd/templates/kamaji-etcd.yaml b/packages/extra/etcd/templates/kamaji-etcd.yaml new file mode 100644 index 00000000..dbc8e43a --- /dev/null +++ b/packages/extra/etcd/templates/kamaji-etcd.yaml @@ -0,0 +1,18 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kamaji-etcd +spec: + chart: + spec: + chart: cozy-kamaji-etcd + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-system + namespace: cozy-system + version: '*' + interval: 1m0s + timeout: 5m0s + values: + fullnameOverride: etcd diff --git a/packages/extra/ingress/templates/check-release-name.yaml b/packages/extra/ingress/templates/check-release-name.yaml new file mode 100644 index 00000000..384435af --- /dev/null +++ b/packages/extra/ingress/templates/check-release-name.yaml @@ -0,0 +1,3 @@ +{{- if ne .Release.Name .Chart.Name }} +{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }} +{{- end -}} diff --git a/packages/extra/ingress/templates/nginx-ingress.yaml b/packages/extra/ingress/templates/nginx-ingress.yaml new file mode 100644 index 00000000..9eb3f8dc --- /dev/null +++ b/packages/extra/ingress/templates/nginx-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: ingress-nginx +spec: + chart: + spec: + chart: cozy-ingress-nginx + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-system + namespace: cozy-system + version: '*' + interval: 1m0s + timeout: 5m0s + values: + ingress-nginx: + fullnameOverride: ingress-nginx + controller: + ingressClass: {{ .Release.Namespace }} + ingressClassResource: + name: {{ .Release.Namespace }} + controllerValue: k8s.io/ingress-nginx-{{ .Release.Namespace }} diff --git a/packages/system/ingress-nginx/values.yaml b/packages/system/ingress-nginx/values.yaml index 7df539b0..a8d3c2bb 100644 --- a/packages/system/ingress-nginx/values.yaml +++ b/packages/system/ingress-nginx/values.yaml @@ -19,7 +19,7 @@ ingress-nginx: - --server.telemetry-address=0.0.0.0:9090 - --server.exporter-address=0.0.0.0:9091 service: - type: NodePort # ClusterIP + #type: NodePort # ClusterIP externalTrafficPolicy: "Local" #allocateLoadBalancerNodePorts: false config: diff --git a/packages/system/kamaji-etcd/Makefile b/packages/system/kamaji-etcd/Makefile index d7bb46f0..256ec191 100644 --- a/packages/system/kamaji-etcd/Makefile +++ b/packages/system/kamaji-etcd/Makefile @@ -4,3 +4,4 @@ update: helm repo update clastix helm pull clastix/kamaji-etcd --untar --untardir charts sed -i 's/hook-failed/before-hook-creation,hook-failed/' `grep -rl hook-failed charts` + patch -p4 < patches/fix-svc.diff diff --git a/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml b/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml index 95a26719..bd8ddcb9 100644 --- a/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml +++ b/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml @@ -57,6 +57,7 @@ data: "hosts": [ {{- range $count := until (int $.Values.replicas) -}} {{ printf "\"%s-%d.%s.%s.svc.cluster.local\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }} + {{ printf "\"%s-%d.%s.%s.svc\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }} {{- end }} "etcd-server.{{ .Release.Namespace }}.svc.cluster.local", "etcd-server.{{ .Release.Namespace }}.svc", diff --git a/packages/system/kamaji-etcd/patches/fix-svc.diff b/packages/system/kamaji-etcd/patches/fix-svc.diff new file mode 100644 index 00000000..a94ebf96 --- /dev/null +++ b/packages/system/kamaji-etcd/patches/fix-svc.diff @@ -0,0 +1,12 @@ +diff --git a/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml b/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml +index 95a2671..bd8ddcb 100644 +--- a/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml ++++ b/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml +@@ -57,6 +57,7 @@ data: + "hosts": [ + {{- range $count := until (int $.Values.replicas) -}} + {{ printf "\"%s-%d.%s.%s.svc.cluster.local\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }} ++ {{ printf "\"%s-%d.%s.%s.svc\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }} + {{- end }} + "etcd-server.{{ .Release.Namespace }}.svc.cluster.local", + "etcd-server.{{ .Release.Namespace }}.svc", diff --git a/packages/system/kamaji-etcd/templates/datastore.yaml b/packages/system/kamaji-etcd/templates/datastore.yaml index 9ca2ffee..1f5030f4 100644 --- a/packages/system/kamaji-etcd/templates/datastore.yaml +++ b/packages/system/kamaji-etcd/templates/datastore.yaml @@ -5,29 +5,29 @@ metadata: spec: driver: etcd endpoints: - - etcd-0.etcd.{{ .Release.Namespace }}.svc:2379 - - etcd-1.etcd.{{ .Release.Namespace }}.svc:2379 - - etcd-2.etcd.{{ .Release.Namespace }}.svc:2379 + - {{ .Release.Name }}-0.{{ .Release.Name }}.{{ .Release.Namespace }}.svc:2379 + - {{ .Release.Name }}-1.{{ .Release.Name }}.{{ .Release.Namespace }}.svc:2379 + - {{ .Release.Name }}-2.{{ .Release.Name }}.{{ .Release.Namespace }}.svc:2379 tlsConfig: certificateAuthority: certificate: secretReference: keyPath: ca.crt - name: etcd-certs + name: {{ .Release.Name }}-certs namespace: {{ .Release.Namespace }} privateKey: secretReference: keyPath: ca.key - name: etcd-certs + name: {{ .Release.Name }}-certs namespace: {{ .Release.Namespace }} clientCertificate: certificate: secretReference: keyPath: tls.crt - name: etcd-root-client-certs + name: {{ .Release.Name }}-root-client-certs namespace: {{ .Release.Namespace }} privateKey: secretReference: keyPath: tls.key - name: etcd-root-client-certs + name: {{ .Release.Name }}-root-client-certs namespace: {{ .Release.Namespace }}