mirror of
https://github.com/cozystack/cozystack.git
synced 2026-03-15 19:38:55 +00:00
Compare commits
10 Commits
main
...
feat/gatew
| Author | SHA1 | Date | |
|---|---|---|---|
|
3b366e28c6 | ||
|
|
b6195cc8b8 | ||
|
|
1752f0e121 | ||
|
|
991e0ea3e3 | ||
|
|
00890e0264 | ||
|
|
1076719730 | ||
|
|
8b58140e0d | ||
|
|
b15f2f273c | ||
|
|
7247edc280 | ||
|
|
2c0a043fa5 |
@@ -1,29 +0,0 @@
|
||||
<!--
|
||||
https://github.com/cozystack/cozystack/releases/tag/v1.0.5
|
||||
-->
|
||||
|
||||
## Fixes
|
||||
|
||||
* **[api] Fix spurious OpenAPI post-processing errors for non-apps group versions**: The API server no longer logs false errors while generating OpenAPI specs for core and other non-`apps.cozystack.io` group versions. The post-processor now exits early when the base `Application` schemas are absent, reducing noisy startup logs without affecting application schema generation ([**@kvaps**](https://github.com/kvaps) in #2212, #2216).
|
||||
|
||||
## Documentation
|
||||
|
||||
* **[website] Add `DependenciesNotReady` troubleshooting and correct packages management build target**: Added a troubleshooting guide for packages stuck in `DependenciesNotReady`, including how to inspect operator logs and identify missing dependencies, and fixed the outdated `make image-cozystack` command to `make image-packages` in the packages management guide ([**@kvaps**](https://github.com/kvaps) in cozystack/website#450).
|
||||
|
||||
* **[website] Clarify operator-first installation order**: Reordered the platform installation guide and tutorial so users install the Cozystack operator before preparing and applying the Platform Package, matching the rest of the installation docs and reducing setup confusion during fresh installs ([**@sircthulhu**](https://github.com/sircthulhu) in cozystack/website#449).
|
||||
|
||||
* **[website] Add automated installation guide for Ansible**: Added end-to-end documentation for deploying Cozystack with the `cozystack.installer` Ansible collection, including inventory examples, distro-specific playbooks, configuration reference, verification steps, and explicit version pinning guidance to help operators automate installs safely ([**@lexfrei**](https://github.com/lexfrei) in cozystack/website#442).
|
||||
|
||||
* **[website] Expand CA rotation operations guide**: Completed the CA rotation documentation with separate Talos and Kubernetes certificate rotation procedures, dry-run preview steps, and post-rotation guidance for fetching updated `talosconfig` and `kubeconfig` files after certificate changes ([**@kvaps**](https://github.com/kvaps) in cozystack/website#406).
|
||||
|
||||
* **[website] Improve backup operations documentation**: Enhanced the operator backup and recovery guide with clearer Velero enablement steps, concrete provider and bucket examples, and more useful commands for inspecting backups, schedules, restores, CRD status, and logs ([**@androndo**](https://github.com/androndo) in cozystack/website#440).
|
||||
|
||||
* **[website] Add custom metrics collection guide**: Added a monitoring guide showing how tenants can expose their own Prometheus exporters through `VMServiceScrape` and `VMPodScrape`, including namespace labeling requirements, example manifests, verification steps, and troubleshooting advice ([**@IvanHunters**](https://github.com/IvanHunters) in cozystack/website#444).
|
||||
|
||||
* **[website] Document PackageSource and Package architecture**: Added a Key Concepts reference covering `PackageSource` and `Package` reconciliation flow, dependency handling, update propagation, rollback behavior, FluxPlunger recovery, and the `cozypkg` CLI for package management ([**@IvanHunters**](https://github.com/IvanHunters) in cozystack/website#445).
|
||||
|
||||
* **[website] Refresh v1 application and platform documentation**: Fixed the documentation auto-update flow and published a broad v1 documentation refresh covering newly documented applications, updated naming and navigation, virtualization and platform content updates, and reorganized versioned docs pages ([**@myasnikovdaniil**](https://github.com/myasnikovdaniil) in cozystack/website#439).
|
||||
|
||||
---
|
||||
|
||||
**Full Changelog**: https://github.com/cozystack/cozystack/compare/v1.0.4...v1.0.5
|
||||
75
packages/apps/harbor/templates/httproute.yaml
Normal file
75
packages/apps/harbor/templates/httproute.yaml
Normal file
@@ -0,0 +1,75 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
|
||||
{{- $gateway := .Values._namespace.gateway | default "" }}
|
||||
{{- $host := .Values._namespace.host }}
|
||||
{{- $harborHost := .Values.host | default (printf "%s.%s" .Release.Name $host) }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-harbor
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: {{ $gateway }}
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
hostname: {{ $harborHost | quote }}
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
- name: https
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ $harborHost | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: {{ .Release.Name }}-harbor-gateway-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-harbor-redirect-to-https
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ .Release.Name }}-harbor
|
||||
sectionName: http
|
||||
hostnames:
|
||||
- {{ $harborHost | quote }}
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-harbor
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ .Release.Name }}-harbor
|
||||
sectionName: https
|
||||
hostnames:
|
||||
- {{ $harborHost | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: {{ .Release.Name }}
|
||||
port: 80
|
||||
{{- end }}
|
||||
@@ -1,4 +1,4 @@
|
||||
KUBERNETES_VERSIONS = $(shell awk -F'"' '{print $$2}' files/versions.yaml)
|
||||
KUBERNETES_VERSION = v1.35
|
||||
KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
|
||||
|
||||
include ../../../hack/common-envs.mk
|
||||
@@ -15,19 +15,17 @@ update:
|
||||
image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler
|
||||
|
||||
image-ubuntu-container-disk:
|
||||
$(foreach ver,$(KUBERNETES_VERSIONS), \
|
||||
docker buildx build images/ubuntu-container-disk \
|
||||
--build-arg KUBERNETES_VERSION=$(ver) \
|
||||
--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver)) \
|
||||
--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver)-$(TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver)) \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/ubuntu-container-disk-$(ver).json \
|
||||
$(BUILDX_ARGS) && \
|
||||
echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk-$(ver).json -o json -r)" \
|
||||
> images/ubuntu-container-disk-$(ver).tag && \
|
||||
rm -f images/ubuntu-container-disk-$(ver).json; \
|
||||
)
|
||||
docker buildx build images/ubuntu-container-disk \
|
||||
--build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
|
||||
--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)) \
|
||||
--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)-$(TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/ubuntu-container-disk.json \
|
||||
$(BUILDX_ARGS)
|
||||
echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
|
||||
> images/ubuntu-container-disk.tag
|
||||
rm -f images/ubuntu-container-disk.json
|
||||
|
||||
image-kubevirt-cloud-provider:
|
||||
docker buildx build images/kubevirt-cloud-provider \
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.30@sha256:8c2276f68beb67edf5bf76d6c97b271dd9303b336e1d5850ae2b91a590c9bb57
|
||||
@@ -1 +0,0 @@
|
||||
ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.31@sha256:2b631cd227bc9b1bae16de033830e756cd6590b512dc0d2b13367ee626f3e4ca
|
||||
@@ -1 +0,0 @@
|
||||
ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.32@sha256:600d6ce7df4eaa8cc79c7d6d1b01ecac43e7696beb84eafce752d9210a16455f
|
||||
@@ -1 +0,0 @@
|
||||
ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.33@sha256:243e55d6f2887a4f6ce8526de52fd083b7b88194d5c7f3eaa51b87efb557ac88
|
||||
@@ -1 +0,0 @@
|
||||
ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.34@sha256:ad8377d5644ba51729dc69dff4c9f6b4a48957075d054a58c61a45d0bb41f6af
|
||||
@@ -1 +0,0 @@
|
||||
ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.35@sha256:1c2f2430383a9b9882358c60c194465c1b6092b4aa77536a0343cf74155c0067
|
||||
@@ -0,0 +1 @@
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.35@sha256:39f626c802dd84f95720ffb54fcd80dfb8a58ac280498870d0a1aa30d4252f94
|
||||
@@ -74,7 +74,7 @@ spec:
|
||||
volumes:
|
||||
- name: system
|
||||
containerDisk:
|
||||
image: "{{ $.Files.Get (printf "images/ubuntu-container-disk-%s.tag" $.Values.version) | trim }}"
|
||||
image: "{{ $.Files.Get "images/ubuntu-container-disk.tag" | trim }}"
|
||||
- name: ephemeral
|
||||
emptyDisk:
|
||||
capacity: {{ .group.ephemeralStorage | default "20Gi" }}
|
||||
@@ -249,9 +249,6 @@ spec:
|
||||
joinConfiguration:
|
||||
nodeRegistration:
|
||||
kubeletExtraArgs: {}
|
||||
# Ignore this for 1.31
|
||||
ignorePreflightErrors:
|
||||
- FileExisting-conntrack
|
||||
discovery:
|
||||
bootstrapToken:
|
||||
apiServerEndpoint: {{ $.Release.Name }}.{{ $.Release.Namespace }}.svc:6443
|
||||
|
||||
@@ -80,6 +80,7 @@ tenant-u1
|
||||
| `etcd` | Deploy own Etcd cluster. | `bool` | `false` |
|
||||
| `monitoring` | Deploy own Monitoring Stack. | `bool` | `false` |
|
||||
| `ingress` | Deploy own Ingress Controller. | `bool` | `false` |
|
||||
| `gateway` | Deploy own Gateway API gateway (separate LB for this tenant). | `bool` | `false` |
|
||||
| `seaweedfs` | Deploy own SeaweedFS. | `bool` | `false` |
|
||||
| `resourceQuotas` | Define resource quotas for the tenant. | `map[string]quantity` | `{}` |
|
||||
|
||||
|
||||
@@ -29,6 +29,11 @@
|
||||
{{- $ingress = $tenantName }}
|
||||
{{- end }}
|
||||
|
||||
{{- $gateway := $parentNamespace.gateway | default "" }}
|
||||
{{- if .Values.gateway }}
|
||||
{{- $gateway = $tenantName }}
|
||||
{{- end }}
|
||||
|
||||
{{- $monitoring := $parentNamespace.monitoring | default "" }}
|
||||
{{- if .Values.monitoring }}
|
||||
{{- $monitoring = $tenantName }}
|
||||
@@ -55,6 +60,7 @@ metadata:
|
||||
{{/* Labels for network policies */}}
|
||||
namespace.cozystack.io/etcd: {{ $etcd | quote }}
|
||||
namespace.cozystack.io/ingress: {{ $ingress | quote }}
|
||||
namespace.cozystack.io/gateway: {{ $gateway | quote }}
|
||||
namespace.cozystack.io/monitoring: {{ $monitoring | quote }}
|
||||
namespace.cozystack.io/seaweedfs: {{ $seaweedfs | quote }}
|
||||
namespace.cozystack.io/host: {{ $computedHost | quote }}
|
||||
@@ -83,6 +89,7 @@ stringData:
|
||||
_namespace:
|
||||
etcd: {{ $etcd | quote }}
|
||||
ingress: {{ $ingress | quote }}
|
||||
gateway: {{ $gateway | quote }}
|
||||
monitoring: {{ $monitoring | quote }}
|
||||
seaweedfs: {{ $seaweedfs | quote }}
|
||||
host: {{ $computedHost | quote }}
|
||||
|
||||
@@ -7,6 +7,11 @@
|
||||
"type": "boolean",
|
||||
"default": false
|
||||
},
|
||||
"gateway": {
|
||||
"description": "Deploy own Gateway API gateway (separate LB for this tenant).",
|
||||
"type": "boolean",
|
||||
"default": false
|
||||
},
|
||||
"host": {
|
||||
"description": "The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).",
|
||||
"type": "string",
|
||||
|
||||
@@ -14,6 +14,9 @@ monitoring: false
|
||||
## @param {bool} ingress - Deploy own Ingress Controller.
|
||||
ingress: false
|
||||
|
||||
## @param {bool} gateway - Deploy own Gateway API gateway (separate LB for this tenant).
|
||||
gateway: false
|
||||
|
||||
## @param {bool} seaweedfs - Deploy own SeaweedFS.
|
||||
seaweedfs: false
|
||||
|
||||
|
||||
22
packages/core/platform/sources/cozystack-gateway.yaml
Normal file
22
packages/core/platform/sources/cozystack-gateway.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
apiVersion: cozystack.io/v1alpha1
|
||||
kind: PackageSource
|
||||
metadata:
|
||||
name: cozystack.cozystack-gateway
|
||||
spec:
|
||||
sourceRef:
|
||||
kind: OCIRepository
|
||||
name: cozystack-packages
|
||||
namespace: cozy-system
|
||||
path: /
|
||||
variants:
|
||||
- name: default
|
||||
dependsOn:
|
||||
- cozystack.networking
|
||||
- cozystack.cert-manager
|
||||
components:
|
||||
- name: cozystack-gateway
|
||||
path: system/cozystack-gateway
|
||||
install:
|
||||
namespace: cozy-gateway
|
||||
releaseName: cozystack-gateway
|
||||
@@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: cozystack.io/v1alpha1
|
||||
kind: PackageSource
|
||||
metadata:
|
||||
name: cozystack.cozystack-scheduler
|
||||
spec:
|
||||
sourceRef:
|
||||
kind: OCIRepository
|
||||
name: cozystack-packages
|
||||
namespace: cozy-system
|
||||
path: /
|
||||
variants:
|
||||
- name: default
|
||||
components:
|
||||
- name: cozystack-scheduler
|
||||
path: system/cozystack-scheduler
|
||||
install:
|
||||
namespace: kube-system
|
||||
releaseName: cozystack-scheduler
|
||||
@@ -15,6 +15,12 @@ spec:
|
||||
- name: cilium
|
||||
dependsOn: []
|
||||
components:
|
||||
- name: gateway-api-crds
|
||||
path: system/gateway-api-crds
|
||||
install:
|
||||
namespace: cozy-gateway-api-crds
|
||||
releaseName: gateway-api-crds
|
||||
dependsOn: []
|
||||
- name: cilium
|
||||
path: system/cilium
|
||||
valuesFiles:
|
||||
@@ -24,7 +30,8 @@ spec:
|
||||
privileged: true
|
||||
namespace: cozy-cilium
|
||||
releaseName: cilium
|
||||
dependsOn: []
|
||||
dependsOn:
|
||||
- gateway-api-crds
|
||||
- name: cilium-networkpolicy
|
||||
path: system/cilium-networkpolicy
|
||||
install:
|
||||
@@ -36,6 +43,12 @@ spec:
|
||||
- name: cilium-kilo
|
||||
dependsOn: []
|
||||
components:
|
||||
- name: gateway-api-crds
|
||||
path: system/gateway-api-crds
|
||||
install:
|
||||
namespace: cozy-gateway-api-crds
|
||||
releaseName: gateway-api-crds
|
||||
dependsOn: []
|
||||
- name: cilium
|
||||
path: system/cilium
|
||||
valuesFiles:
|
||||
@@ -46,7 +59,8 @@ spec:
|
||||
privileged: true
|
||||
namespace: cozy-cilium
|
||||
releaseName: cilium
|
||||
dependsOn: []
|
||||
dependsOn:
|
||||
- gateway-api-crds
|
||||
- name: kilo
|
||||
path: system/kilo
|
||||
valuesFiles:
|
||||
@@ -62,6 +76,12 @@ spec:
|
||||
- name: cilium-generic
|
||||
dependsOn: []
|
||||
components:
|
||||
- name: gateway-api-crds
|
||||
path: system/gateway-api-crds
|
||||
install:
|
||||
namespace: cozy-gateway-api-crds
|
||||
releaseName: gateway-api-crds
|
||||
dependsOn: []
|
||||
- name: cilium
|
||||
path: system/cilium
|
||||
valuesFiles:
|
||||
@@ -70,7 +90,8 @@ spec:
|
||||
privileged: true
|
||||
namespace: cozy-cilium
|
||||
releaseName: cilium
|
||||
dependsOn: []
|
||||
dependsOn:
|
||||
- gateway-api-crds
|
||||
- name: cilium-networkpolicy
|
||||
path: system/cilium-networkpolicy
|
||||
install:
|
||||
@@ -82,6 +103,12 @@ spec:
|
||||
- name: kubeovn-cilium
|
||||
dependsOn: []
|
||||
components:
|
||||
- name: gateway-api-crds
|
||||
path: system/gateway-api-crds
|
||||
install:
|
||||
namespace: cozy-gateway-api-crds
|
||||
releaseName: gateway-api-crds
|
||||
dependsOn: []
|
||||
- name: cilium
|
||||
path: system/cilium
|
||||
valuesFiles:
|
||||
@@ -92,7 +119,8 @@ spec:
|
||||
privileged: true
|
||||
namespace: cozy-cilium
|
||||
releaseName: cilium
|
||||
dependsOn: []
|
||||
dependsOn:
|
||||
- gateway-api-crds
|
||||
- name: cilium-networkpolicy
|
||||
path: system/cilium-networkpolicy
|
||||
install:
|
||||
@@ -113,6 +141,12 @@ spec:
|
||||
- name: kubeovn-cilium-generic
|
||||
dependsOn: []
|
||||
components:
|
||||
- name: gateway-api-crds
|
||||
path: system/gateway-api-crds
|
||||
install:
|
||||
namespace: cozy-gateway-api-crds
|
||||
releaseName: gateway-api-crds
|
||||
dependsOn: []
|
||||
- name: cilium
|
||||
path: system/cilium
|
||||
valuesFiles:
|
||||
@@ -122,7 +156,8 @@ spec:
|
||||
privileged: true
|
||||
namespace: cozy-cilium
|
||||
releaseName: cilium
|
||||
dependsOn: []
|
||||
dependsOn:
|
||||
- gateway-api-crds
|
||||
- name: cilium-networkpolicy
|
||||
path: system/cilium-networkpolicy
|
||||
install:
|
||||
|
||||
@@ -39,6 +39,13 @@ stringData:
|
||||
scheduling:
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
gateway-api: {{ .Values.gateway.gatewayAPI | quote }}
|
||||
gateway-name: {{ .Values.gateway.name | quote }}
|
||||
gateway-namespace: {{ .Values.gateway.namespace | quote }}
|
||||
{{- with .Values.publishing.hostnames }}
|
||||
hostnames:
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $kubeRootCa.data }}
|
||||
kube-root-ca: {{ index . "ca.crt" | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
||||
@@ -16,10 +16,14 @@
|
||||
{{- $kubeovnValues := dict "kube-ovn" $kubeovnDict -}}
|
||||
{{- $_ := set $networkingComponents "kubeovn" (dict "values" $kubeovnValues) -}}
|
||||
{{- /* For Talos (isp-full): use KubePrism endpoint and disable cgroup autoMount */ -}}
|
||||
{{- $ciliumValues := dict "cilium" (dict
|
||||
{{- $ciliumDict := dict
|
||||
"k8sServiceHost" "localhost"
|
||||
"k8sServicePort" "7445"
|
||||
"cgroup" (dict "autoMount" (dict "enabled" false))) -}}
|
||||
"cgroup" (dict "autoMount" (dict "enabled" false)) -}}
|
||||
{{- if .Values.gateway.gatewayAPI -}}
|
||||
{{- $_ := set $ciliumDict "gatewayAPI" (dict "enabled" true) -}}
|
||||
{{- end -}}
|
||||
{{- $ciliumValues := dict "cilium" $ciliumDict -}}
|
||||
{{- $_ := set $networkingComponents "cilium" (dict "values" $ciliumValues) -}}
|
||||
{{- end -}}
|
||||
{{include "cozystack.platform.package" (list "cozystack.networking" "kubeovn-cilium" $ $networkingComponents) }}
|
||||
@@ -83,10 +87,14 @@
|
||||
{{- $kubeovnValues := dict "kube-ovn" $kubeovnDict -}}
|
||||
{{- $_ := set $networkingComponents "kubeovn" (dict "values" $kubeovnValues) -}}
|
||||
{{- /* Cilium configuration - for generic k8s, always enable cgroup autoMount */ -}}
|
||||
{{- $ciliumValues := dict "cilium" (dict
|
||||
{{- $ciliumDict := dict
|
||||
"k8sServiceHost" $apiHost
|
||||
"k8sServicePort" $apiPort
|
||||
"cgroup" (dict "autoMount" (dict "enabled" true))) -}}
|
||||
"cgroup" (dict "autoMount" (dict "enabled" true)) -}}
|
||||
{{- if .Values.gateway.gatewayAPI -}}
|
||||
{{- $_ := set $ciliumDict "gatewayAPI" (dict "enabled" true) -}}
|
||||
{{- end -}}
|
||||
{{- $ciliumValues := dict "cilium" $ciliumDict -}}
|
||||
{{- $_ := set $networkingComponents "cilium" (dict "values" $ciliumValues) -}}
|
||||
{{- end -}}
|
||||
{{- /* Use kubeovn-cilium-generic variant (no values-talos.yaml) */ -}}
|
||||
@@ -118,7 +126,15 @@
|
||||
{{- end }}
|
||||
|
||||
# Common Packages
|
||||
{{include "cozystack.platform.package.default" (list "cozystack.cert-manager" $) }}
|
||||
{{- $certManagerComponents := dict -}}
|
||||
{{- if .Values.gateway.gatewayAPI -}}
|
||||
{{- $certManagerValues := dict "cert-manager" (dict "config" (dict "enableGatewayAPI" true)) -}}
|
||||
{{- $_ := set $certManagerComponents "cert-manager" (dict "values" $certManagerValues) -}}
|
||||
{{- end -}}
|
||||
{{include "cozystack.platform.package" (list "cozystack.cert-manager" "default" $ $certManagerComponents) }}
|
||||
{{- if .Values.gateway.gatewayAPI }}
|
||||
{{include "cozystack.platform.package.default" (list "cozystack.cozystack-gateway" $) }}
|
||||
{{- end }}
|
||||
{{include "cozystack.platform.package.default" (list "cozystack.flux-plunger" $) }}
|
||||
{{include "cozystack.platform.package.default" (list "cozystack.victoria-metrics-operator" $) }}
|
||||
{{- $tenantComponents := dict -}}
|
||||
@@ -148,7 +164,16 @@
|
||||
# Optional System Packages (controlled via bundles.enabledPackages)
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.nfs-driver" $) }}
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.telepresence" $) }}
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.external-dns" $) }}
|
||||
{{- $externalDnsComponents := dict -}}
|
||||
{{- if .Values.gateway.gatewayAPI -}}
|
||||
{{- $externalDnsValues := dict "external-dns" (dict "sources" (list "service" "ingress" "gateway-httproute")) -}}
|
||||
{{- $_ := set $externalDnsComponents "external-dns" (dict "values" $externalDnsValues) -}}
|
||||
{{- end -}}
|
||||
{{- $disabled := default (list) .Values.bundles.disabledPackages -}}
|
||||
{{- $enabled := default (list) .Values.bundles.enabledPackages -}}
|
||||
{{- if and (has "cozystack.external-dns" $enabled) (not (has "cozystack.external-dns" $disabled)) -}}
|
||||
{{include "cozystack.platform.package" (list "cozystack.external-dns" "default" $ $externalDnsComponents) }}
|
||||
{{- end }}
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.external-dns-application" $) }}
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.external-secrets-operator" $) }}
|
||||
{{- if has "cozystack.bootbox" (default (list) .Values.bundles.enabledPackages) }}
|
||||
@@ -156,6 +181,5 @@
|
||||
{{include "cozystack.platform.package.default" (list "cozystack.bootbox" $) }}
|
||||
{{- end }}
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.hetzner-robotlb" $) }}
|
||||
{{include "cozystack.platform.package.optional.default" (list "cozystack.cozystack-scheduler" $) }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
@@ -34,6 +34,16 @@ networking:
|
||||
# Set this to comma-separated list of master node IPs to override.
|
||||
kubeovn:
|
||||
MASTER_NODES: ""
|
||||
# Gateway configuration
|
||||
# ingress and gatewayAPI can be enabled independently;
|
||||
# future work will wire gateway.ingress into ingress controller selection
|
||||
gateway:
|
||||
ingress: true
|
||||
gatewayAPI: false
|
||||
# Gateway name and namespace for system-level Gateway resource
|
||||
# Components reference this Gateway via parentRefs
|
||||
name: cozystack
|
||||
namespace: cozy-gateway
|
||||
# Service publishing and ingress configuration
|
||||
publishing:
|
||||
host: "example.org"
|
||||
@@ -43,6 +53,15 @@ publishing:
|
||||
- dashboard
|
||||
- vm-exportproxy
|
||||
- cdi-uploadproxy
|
||||
# Hostname overrides for system services
|
||||
# By default, hostname = {service-name}.{host}
|
||||
# Override individual hostnames when the convention doesn't fit
|
||||
#
|
||||
# Example:
|
||||
# hostnames:
|
||||
# keycloak: "auth.example.org"
|
||||
# dashboard: "panel.example.org"
|
||||
hostnames: {}
|
||||
apiServerEndpoint: "" # example: "https://api.example.org"
|
||||
externalIPs: []
|
||||
certificates:
|
||||
|
||||
75
packages/extra/bootbox/templates/matchbox/httproute.yaml
Normal file
75
packages/extra/bootbox/templates/matchbox/httproute.yaml
Normal file
@@ -0,0 +1,75 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
|
||||
{{- $gateway := .Values._namespace.gateway | default "" }}
|
||||
{{- $host := .Values._namespace.host }}
|
||||
{{- $bootboxHost := printf "bootbox.%s" (.Values.host | default $host) }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: bootbox
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: {{ $gateway }}
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
hostname: {{ $bootboxHost | quote }}
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
- name: https
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ $bootboxHost | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: bootbox-gateway-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: bootbox-redirect-to-https
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: bootbox
|
||||
sectionName: http
|
||||
hostnames:
|
||||
- {{ $bootboxHost | quote }}
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: bootbox
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: bootbox
|
||||
sectionName: https
|
||||
hostnames:
|
||||
- {{ $bootboxHost | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: bootbox
|
||||
port: 8080
|
||||
{{- end }}
|
||||
41
packages/extra/seaweedfs/templates/tlsroute.yaml
Normal file
41
packages/extra/seaweedfs/templates/tlsroute.yaml
Normal file
@@ -0,0 +1,41 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $gateway := .Values._namespace.gateway | default "" }}
|
||||
{{- $host := .Values._namespace.host }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (ne $gateway "") (not (eq .Values.topology "Client")) (.Values.filer.grpcHost) }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: seaweedfs-filer
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: {{ $gateway }}
|
||||
listeners:
|
||||
- name: tls-passthrough
|
||||
protocol: TLS
|
||||
port: 443
|
||||
hostname: {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) | quote }}
|
||||
tls:
|
||||
mode: Passthrough
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
name: seaweedfs-filer
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: seaweedfs-filer
|
||||
sectionName: tls-passthrough
|
||||
hostnames:
|
||||
- {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) | quote }}
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: {{ $.Release.Name }}-filer-external
|
||||
port: 18888
|
||||
{{- end }}
|
||||
@@ -1,12 +1,3 @@
|
||||
{{- $endpoint := printf "s3.%s" .Values._namespace.host }}
|
||||
{{- range $name, $user := .Values.users }}
|
||||
{{- $secretName := printf "%s-%s" $.Values.bucketName $name }}
|
||||
{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }}
|
||||
{{- if $existingSecret }}
|
||||
{{- $bucketInfo := fromJson (b64dec (index $existingSecret.data "BucketInfo")) }}
|
||||
{{- $endpoint = trimPrefix "https://" (index $bucketInfo.spec.secretS3 "endpoint") }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@@ -26,6 +17,6 @@ spec:
|
||||
image: "{{ $.Files.Get "images/s3manager.tag" | trim }}"
|
||||
env:
|
||||
- name: ENDPOINT
|
||||
value: {{ $endpoint | quote }}
|
||||
value: "s3.{{ .Values._namespace.host }}"
|
||||
- name: SKIP_SSL_VERIFICATION
|
||||
value: "true"
|
||||
|
||||
75
packages/system/bucket/templates/httproute.yaml
Normal file
75
packages/system/bucket/templates/httproute.yaml
Normal file
@@ -0,0 +1,75 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
|
||||
{{- $gateway := .Values._namespace.gateway | default "" }}
|
||||
{{- $host := .Values._namespace.host }}
|
||||
{{- $bucketHost := printf "%s.%s" .Values.bucketName $host }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: {{ .Values.bucketName }}-ui
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: {{ $gateway }}
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
hostname: {{ $bucketHost | quote }}
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
- name: https
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ $bucketHost | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: {{ .Values.bucketName }}-ui-gateway-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: {{ .Values.bucketName }}-ui-redirect-to-https
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ .Values.bucketName }}-ui
|
||||
sectionName: http
|
||||
hostnames:
|
||||
- {{ $bucketHost | quote }}
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: {{ .Values.bucketName }}-ui
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ .Values.bucketName }}-ui
|
||||
sectionName: https
|
||||
hostnames:
|
||||
- {{ $bucketHost | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: {{ .Values.bucketName }}-ui
|
||||
port: 8080
|
||||
{{- end }}
|
||||
@@ -0,0 +1 @@
|
||||
cert-manager: {}
|
||||
|
||||
25
packages/system/cozystack-api/templates/api-tlsroute.yaml
Normal file
25
packages/system/cozystack-api/templates/api-tlsroute.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $host := index .Values._cluster "root-host" }}
|
||||
{{- $hostnames := .Values._cluster.hostnames | default dict }}
|
||||
{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
|
||||
{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
|
||||
{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (has "api" $exposeServices) }}
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
name: kubernetes-api
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ $gatewayName }}
|
||||
namespace: {{ $gatewayNamespace }}
|
||||
sectionName: tls-passthrough-api
|
||||
hostnames:
|
||||
- {{ index $hostnames "api" | default (printf "api.%s" $host) | quote }}
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: kubernetes
|
||||
port: 443
|
||||
{{- end }}
|
||||
@@ -16,5 +16,6 @@ stringData:
|
||||
host: {{ index .Values._cluster "root-host" | quote }}
|
||||
etcd: tenant-root
|
||||
ingress: tenant-root
|
||||
gateway: tenant-root
|
||||
monitoring: tenant-root
|
||||
seaweedfs: tenant-root
|
||||
|
||||
3
packages/system/cozystack-gateway/Chart.yaml
Normal file
3
packages/system/cozystack-gateway/Chart.yaml
Normal file
@@ -0,0 +1,3 @@
|
||||
apiVersion: v2
|
||||
name: cozy-cozystack-gateway
|
||||
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
|
||||
99
packages/system/cozystack-gateway/templates/gateway.yaml
Normal file
99
packages/system/cozystack-gateway/templates/gateway.yaml
Normal file
@@ -0,0 +1,99 @@
|
||||
{{- $rootHost := index .Values._cluster "root-host" }}
|
||||
{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
|
||||
{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
|
||||
{{- $oidcEnabled := (index .Values._cluster "oidc-enabled") | default "false" }}
|
||||
{{- $hostnames := .Values._cluster.hostnames | default dict }}
|
||||
{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: {{ $gatewayName }}
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: tenant-root
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
{{- if has "dashboard" $exposeServices }}
|
||||
- name: https-dashboard
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ index $hostnames "dashboard" | default (printf "dashboard.%s" $rootHost) | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: gateway-dashboard-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
{{- end }}
|
||||
{{- if eq $oidcEnabled "true" }}
|
||||
- name: https-keycloak
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ index $hostnames "keycloak" | default (printf "keycloak.%s" $rootHost) | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: gateway-keycloak-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
{{- end }}
|
||||
{{- if has "api" $exposeServices }}
|
||||
- name: tls-passthrough-api
|
||||
protocol: TLS
|
||||
port: 443
|
||||
hostname: {{ index $hostnames "api" | default (printf "api.%s" $rootHost) | quote }}
|
||||
tls:
|
||||
mode: Passthrough
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
{{- end }}
|
||||
{{- if has "vm-exportproxy" $exposeServices }}
|
||||
- name: tls-passthrough-vm-exportproxy
|
||||
protocol: TLS
|
||||
port: 443
|
||||
hostname: {{ index $hostnames "vm-exportproxy" | default (printf "vm-exportproxy.%s" $rootHost) | quote }}
|
||||
tls:
|
||||
mode: Passthrough
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
{{- end }}
|
||||
{{- if has "cdi-uploadproxy" $exposeServices }}
|
||||
- name: tls-passthrough-cdi-uploadproxy
|
||||
protocol: TLS
|
||||
port: 443
|
||||
hostname: {{ index $hostnames "cdi-uploadproxy" | default (printf "cdi-uploadproxy.%s" $rootHost) | quote }}
|
||||
tls:
|
||||
mode: Passthrough
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: {{ $gatewayName }}-redirect-to-https
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ $gatewayName }}
|
||||
sectionName: http
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
1
packages/system/cozystack-gateway/values.yaml
Normal file
1
packages/system/cozystack-gateway/values.yaml
Normal file
@@ -0,0 +1 @@
|
||||
_cluster: {}
|
||||
@@ -1,3 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: cozy-cozystack-scheduler
|
||||
version: 0.1.0
|
||||
@@ -1,10 +0,0 @@
|
||||
export NAME=cozystack-scheduler
|
||||
export NAMESPACE=kube-system
|
||||
|
||||
include ../../../hack/package.mk
|
||||
|
||||
update:
|
||||
rm -rf crds templates values.yaml Chart.yaml
|
||||
tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/cozystack/cozystack-scheduler | awk -F'[/^]' 'END{print $$3}') && \
|
||||
curl -sSL https://github.com/cozystack/cozystack-scheduler/archive/refs/tags/$${tag}.tar.gz | \
|
||||
tar xzvf - --strip 2 cozystack-scheduler-$${tag#*v}/chart
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,9 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cozystack-scheduler
|
||||
rules:
|
||||
- apiGroups: ["cozystack.io"]
|
||||
resources:
|
||||
- schedulingclasses
|
||||
verbs: ["get", "list", "watch"]
|
||||
@@ -1,38 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: cozystack-scheduler:kube-scheduler
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:kube-scheduler
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: cozystack-scheduler:volume-scheduler
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:volume-scheduler
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: cozystack-scheduler
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cozystack-scheduler
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -1,54 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: cozystack-scheduler-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
data:
|
||||
scheduler-config.yaml: |
|
||||
apiVersion: kubescheduler.config.k8s.io/v1
|
||||
kind: KubeSchedulerConfiguration
|
||||
leaderElection:
|
||||
leaderElect: true
|
||||
resourceNamespace: {{ .Release.Namespace }}
|
||||
resourceName: cozystack-scheduler
|
||||
profiles:
|
||||
- schedulerName: cozystack-scheduler
|
||||
plugins:
|
||||
preFilter:
|
||||
disabled:
|
||||
- name: InterPodAffinity
|
||||
- name: NodeAffinity
|
||||
- name: PodTopologySpread
|
||||
enabled:
|
||||
- name: CozystackInterPodAffinity
|
||||
- name: CozystackNodeAffinity
|
||||
- name: CozystackPodTopologySpread
|
||||
- name: CozystackSchedulingClass
|
||||
filter:
|
||||
disabled:
|
||||
- name: InterPodAffinity
|
||||
- name: NodeAffinity
|
||||
- name: PodTopologySpread
|
||||
enabled:
|
||||
- name: CozystackInterPodAffinity
|
||||
- name: CozystackNodeAffinity
|
||||
- name: CozystackPodTopologySpread
|
||||
- name: CozystackSchedulingClass
|
||||
preScore:
|
||||
disabled:
|
||||
- name: InterPodAffinity
|
||||
- name: NodeAffinity
|
||||
- name: PodTopologySpread
|
||||
enabled:
|
||||
- name: CozystackInterPodAffinity
|
||||
- name: CozystackNodeAffinity
|
||||
- name: CozystackPodTopologySpread
|
||||
score:
|
||||
disabled:
|
||||
- name: InterPodAffinity
|
||||
- name: NodeAffinity
|
||||
- name: PodTopologySpread
|
||||
enabled:
|
||||
- name: CozystackInterPodAffinity
|
||||
- name: CozystackNodeAffinity
|
||||
- name: CozystackPodTopologySpread
|
||||
@@ -1,37 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cozystack-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cozystack-scheduler
|
||||
spec:
|
||||
serviceAccountName: cozystack-scheduler
|
||||
containers:
|
||||
- name: cozystack-scheduler
|
||||
image: {{ .Values.image }}
|
||||
command:
|
||||
- /cozystack-scheduler
|
||||
- --config=/etc/kubernetes/scheduler-config.yaml
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 10259
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 15
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/kubernetes/scheduler-config.yaml
|
||||
subPath: scheduler-config.yaml
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: cozystack-scheduler-config
|
||||
@@ -1,40 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: cozystack-scheduler:extension-apiserver-authentication-reader
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: extension-apiserver-authentication-reader
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: cozystack-scheduler:leader-election
|
||||
namespace: {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["create", "get", "list", "update", "watch"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leasecandidates"]
|
||||
verbs: ["create", "get", "list", "update", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: cozystack-scheduler:leader-election
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: cozystack-scheduler:leader-election
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -1,5 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: cozystack-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -1,2 +0,0 @@
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-scheduler:v0.1.0@sha256:5f7150c82177478467ff80628acb5a400291aff503364aa9e26fc346d79a73cf
|
||||
replicas: 1
|
||||
28
packages/system/dashboard/templates/httproute.yaml
Normal file
28
packages/system/dashboard/templates/httproute.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $host := index .Values._cluster "root-host" }}
|
||||
{{- $hostnames := .Values._cluster.hostnames | default dict }}
|
||||
{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
|
||||
{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
|
||||
{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (has "dashboard" $exposeServices) }}
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: dashboard-web
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ $gatewayName }}
|
||||
namespace: {{ $gatewayNamespace }}
|
||||
sectionName: https-dashboard
|
||||
hostnames:
|
||||
- {{ index $hostnames "dashboard" | default (printf "dashboard.%s" $host) | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: incloud-web-gatekeeper
|
||||
port: 8000
|
||||
{{- end }}
|
||||
@@ -6,4 +6,4 @@ include ../../../hack/package.mk
|
||||
update:
|
||||
rm -rf templates
|
||||
mkdir templates
|
||||
kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.2.0" > templates/crds-experimental.yaml
|
||||
kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.5.0" > templates/crds-experimental.yaml
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
30
packages/system/keycloak/templates/httproute.yaml
Normal file
30
packages/system/keycloak/templates/httproute.yaml
Normal file
@@ -0,0 +1,30 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $host := index .Values._cluster "root-host" }}
|
||||
{{- $hostnames := .Values._cluster.hostnames | default dict }}
|
||||
{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
|
||||
{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
|
||||
{{- $keycloakHost := .Values.ingress.host | default (index $hostnames "keycloak") | default (printf "keycloak.%s" $host) }}
|
||||
|
||||
{{- $oidcEnabled := (index .Values._cluster "oidc-enabled") | default "false" }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (eq $oidcEnabled "true") }}
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: keycloak
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ $gatewayName }}
|
||||
namespace: {{ $gatewayNamespace }}
|
||||
sectionName: https-keycloak
|
||||
hostnames:
|
||||
- {{ $keycloakHost | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: keycloak-http
|
||||
port: 80
|
||||
{{- end }}
|
||||
@@ -0,0 +1,24 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $host := index .Values._cluster "root-host" }}
|
||||
{{- $hostnames := .Values._cluster.hostnames | default dict }}
|
||||
{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
|
||||
{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
|
||||
{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (has "cdi-uploadproxy" $exposeServices) }}
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
name: cdi-uploadproxy
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ $gatewayName }}
|
||||
namespace: {{ $gatewayNamespace }}
|
||||
sectionName: tls-passthrough-cdi-uploadproxy
|
||||
hostnames:
|
||||
- {{ index $hostnames "cdi-uploadproxy" | default (printf "cdi-uploadproxy.%s" $host) | quote }}
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: cdi-uploadproxy
|
||||
port: 443
|
||||
{{- end }}
|
||||
@@ -0,0 +1,24 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $host := index .Values._cluster "root-host" }}
|
||||
{{- $hostnames := .Values._cluster.hostnames | default dict }}
|
||||
{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
|
||||
{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
|
||||
{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (has "vm-exportproxy" $exposeServices) }}
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: TLSRoute
|
||||
metadata:
|
||||
name: vm-exportproxy
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: {{ $gatewayName }}
|
||||
namespace: {{ $gatewayNamespace }}
|
||||
sectionName: tls-passthrough-vm-exportproxy
|
||||
hostnames:
|
||||
- {{ index $hostnames "vm-exportproxy" | default (printf "vm-exportproxy.%s" $host) | quote }}
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: vm-exportproxy
|
||||
port: 443
|
||||
{{- end }}
|
||||
75
packages/system/monitoring/templates/alerta/httproute.yaml
Normal file
75
packages/system/monitoring/templates/alerta/httproute.yaml
Normal file
@@ -0,0 +1,75 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
|
||||
{{- $gateway := .Values._namespace.gateway | default "" }}
|
||||
{{- $host := .Values._namespace.host }}
|
||||
{{- $alertaHost := printf "alerta.%s" (.Values.host | default $host) }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: alerta
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: {{ $gateway }}
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
hostname: {{ $alertaHost | quote }}
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
- name: https
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ $alertaHost | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: alerta-gateway-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: alerta-redirect-to-https
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: alerta
|
||||
sectionName: http
|
||||
hostnames:
|
||||
- {{ $alertaHost | quote }}
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: alerta
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: alerta
|
||||
sectionName: https
|
||||
hostnames:
|
||||
- {{ $alertaHost | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: alerta
|
||||
port: 80
|
||||
{{- end }}
|
||||
75
packages/system/monitoring/templates/grafana/httproute.yaml
Normal file
75
packages/system/monitoring/templates/grafana/httproute.yaml
Normal file
@@ -0,0 +1,75 @@
|
||||
{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
|
||||
{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
|
||||
{{- $gateway := .Values._namespace.gateway | default "" }}
|
||||
{{- $host := .Values._namespace.host }}
|
||||
{{- $grafanaHost := printf "grafana.%s" (.Values.host | default $host) }}
|
||||
|
||||
{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: grafana
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
|
||||
spec:
|
||||
gatewayClassName: cilium
|
||||
infrastructure:
|
||||
labels:
|
||||
cozystack.io/gateway: {{ $gateway }}
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
hostname: {{ $grafanaHost | quote }}
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
- name: https
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
hostname: {{ $grafanaHost | quote }}
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- name: grafana-gateway-tls
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: grafana-redirect-to-https
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: grafana
|
||||
sectionName: http
|
||||
hostnames:
|
||||
- {{ $grafanaHost | quote }}
|
||||
rules:
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: grafana
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: grafana
|
||||
sectionName: https
|
||||
hostnames:
|
||||
- {{ $grafanaHost | quote }}
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- name: grafana-service
|
||||
port: 3000
|
||||
{{- end }}
|
||||
@@ -8,7 +8,7 @@ spec:
|
||||
singular: tenant
|
||||
plural: tenants
|
||||
openAPISchema: |-
|
||||
{"title":"Chart Values","type":"object","properties":{"etcd":{"description":"Deploy own Etcd cluster.","type":"boolean","default":false},"host":{"description":"The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).","type":"string","default":""},"ingress":{"description":"Deploy own Ingress Controller.","type":"boolean","default":false},"monitoring":{"description":"Deploy own Monitoring Stack.","type":"boolean","default":false},"resourceQuotas":{"description":"Define resource quotas for the tenant.","type":"object","default":{},"additionalProperties":{"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}},"seaweedfs":{"description":"Deploy own SeaweedFS.","type":"boolean","default":false}}}
|
||||
{"title":"Chart Values","type":"object","properties":{"etcd":{"description":"Deploy own Etcd cluster.","type":"boolean","default":false},"gateway":{"description":"Deploy own Gateway API gateway (separate LB for this tenant).","type":"boolean","default":false},"host":{"description":"The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).","type":"string","default":""},"ingress":{"description":"Deploy own Ingress Controller.","type":"boolean","default":false},"monitoring":{"description":"Deploy own Monitoring Stack.","type":"boolean","default":false},"resourceQuotas":{"description":"Define resource quotas for the tenant.","type":"object","default":{},"additionalProperties":{"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}},"seaweedfs":{"description":"Deploy own SeaweedFS.","type":"boolean","default":false}}}
|
||||
release:
|
||||
prefix: tenant-
|
||||
labels:
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
plural: Tenants
|
||||
description: Separated tenant namespace
|
||||
icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQwMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDAzKSI+CjxwYXRoIGQ9Ik03MiAyOUM2Ni4zOTI2IDI5IDYxLjAxNDggMzEuMjM4OCA1Ny4wNDk3IDM1LjIyNEM1My4wODQ3IDM5LjIwOTEgNTAuODU3MSA0NC42MTQxIDUwLjg1NzEgNTAuMjVDNTAuODU3MSA1NS44ODU5IDUzLjA4NDcgNjEuMjkwOSA1Ny4wNDk3IDY1LjI3NkM2MS4wMTQ4IDY5LjI2MTIgNjYuMzkyNiA3MS41IDcyIDcxLjVDNzcuNjA3NCA3MS41IDgyLjk4NTIgNjkuMjYxMiA4Ni45NTAzIDY1LjI3NkM5MC45MTUzIDYxLjI5MDkgOTMuMTQyOSA1NS44ODU5IDkzLjE0MjkgNTAuMjVDOTMuMTQyOSA0NC42MTQxIDkwLjkxNTMgMzkuMjA5MSA4Ni45NTAzIDM1LjIyNEM4Mi45ODUyIDMxLjIzODggNzcuNjA3NCAyOSA3MiAyOVpNNjAuOTgyNiA4My4zMDM3QzYwLjQ1NCA4Mi41ODk4IDU5LjU5NTEgODIuMTkxNCA1OC43MTk2IDgyLjI3NDRDNDUuMzg5NyA4My43MzU0IDM1IDk1LjEwNzQgMzUgMTA4LjkwM0MzNSAxMTEuNzI2IDM3LjI3OTUgMTE0IDQwLjA3MSAxMTRIMTAzLjkyOUMxMDYuNzM3IDExNCAxMDkgMTExLjcwOSAxMDkgMTA4LjkwM0MxMDkgOTUuMTA3NCA5OC42MTAzIDgzLjc1MiA4NS4yNjM4IDgyLjI5MUM4NC4zODg0IDgyLjE5MTQgODMuNTI5NSA4Mi42MDY0IDgzLjAwMDkgODMuMzIwM0w3NC4wOTc4IDk1LjI0MDJDNzMuMDQwNiA5Ni42NTE0IDcwLjkyNjMgOTYuNjUxNCA2OS44NjkyIDk1LjI0MDJMNjAuOTY2MSA4My4zMjAzTDYwLjk4MjYgODMuMzAzN1oiIGZpbGw9ImJsYWNrIi8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODdfMzQwMyIgeDE9IjcyIiB5MT0iMTQ0IiB4Mj0iLTEuMjgxN2UtMDUiIHkyPSI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNDMEQ2RkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjMiIHN0b3AtY29sb3I9IiNDNERBRkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjY1IiBzdG9wLWNvbG9yPSIjRDNFOUZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U5RkZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zNDAzIj4KPHJlY3Qgd2lkdGg9Ijc0IiBoZWlnaHQ9Ijg1IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzUgMjkpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg==
|
||||
keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "resourceQuotas"]]
|
||||
keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "gateway"], ["spec", "seaweedfs"], ["spec", "resourceQuotas"]]
|
||||
secrets:
|
||||
exclude: []
|
||||
include: []
|
||||
|
||||
@@ -224,8 +224,8 @@ func buildPostProcessV3(kindSchemas map[string]string) func(*spec3.OpenAPI) (*sp
|
||||
base, ok1 := doc.Components.Schemas[baseRef]
|
||||
list, ok2 := doc.Components.Schemas[baseListRef]
|
||||
stat, ok3 := doc.Components.Schemas[baseStatusRef]
|
||||
if !(ok1 && ok2 && ok3) {
|
||||
return doc, nil // not the apps GV — nothing to patch
|
||||
if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 {
|
||||
return doc, fmt.Errorf("base Application* schemas not found")
|
||||
}
|
||||
|
||||
// Clone base schemas for each kind
|
||||
@@ -339,8 +339,8 @@ func buildPostProcessV2(kindSchemas map[string]string) func(*spec.Swagger) (*spe
|
||||
base, ok1 := defs[baseRef]
|
||||
list, ok2 := defs[baseListRef]
|
||||
stat, ok3 := defs[baseStatusRef]
|
||||
if !(ok1 && ok2 && ok3) {
|
||||
return sw, nil // not the apps GV — nothing to patch
|
||||
if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 {
|
||||
return sw, fmt.Errorf("base Application* schemas not found")
|
||||
}
|
||||
|
||||
for kind, raw := range kindSchemas {
|
||||
|
||||
Reference in New Issue
Block a user