mirror of
https://github.com/cozystack/cozystack.git
synced 2026-03-16 11:58:56 +00:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b1dac3c3c9 | ||
|
|
ab9643c35e | ||
|
|
c720bde0e9 | ||
|
|
c7b2f60d18 | ||
|
|
2a766df6e0 | ||
|
|
d2ac669b29 | ||
|
|
e7bfa9b138 | ||
|
|
d5a5d31354 | ||
|
|
dd67bd56c4 | ||
|
|
513b2e20df | ||
|
|
8d8f7defd7 |
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:9e34fd50393b418d9516aadb488067a3a63675b045811beb1c0afc9c61e149e8
|
||||
ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:cb25e40cb665b8bbeee8cb1ec39da4c9a7452ef3f2f371912bbc0d1b1e2d40a8
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/cluster-autoscaler:0.0.0@sha256:598331326f0c2aac420187f0cc3a49fedcb22ed5de4afe50c6ccf8e05d9fa537
|
||||
ghcr.io/cozystack/cozystack/cluster-autoscaler:0.0.0@sha256:3753b735b0315bee90de54cb25cfebc63bd2cc90ad11ca4fdc0e70439abd5096
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:8f1ab4c3b2bed3a0adc40fcc823b040fa04b4722bec7735c030e79a3a2fd6c85
|
||||
ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:bb5b17044969e663c3b391f7274883735c0ffe05a9523988469bdf2974de2dea
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.33@sha256:71a74ca30f75967bae309be2758f19aa3d37c60b19426b9b622ff1c33a80362f
|
||||
ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.33@sha256:9d4ad080ef729e0f9f1f5919cb85c0c9b6dc772a22d52046b2de9ccba3772715
|
||||
|
||||
@@ -231,7 +231,6 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups: ["kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachines
|
||||
@@ -330,7 +329,6 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups: ["kubevirt.io"]
|
||||
resources:
|
||||
- virtualmachines
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/cozystack/cozystack/installer:v0.41.8@sha256:1c44186dab4ef04525532361b693731d7dd5891528b01695db79bcb35b970f17
|
||||
image: ghcr.io/cozystack/cozystack/installer:v0.41.11@sha256:ba9271deb2f6ac29dd067a1277a4b3c33504a045c375957a2175deaee6fdfec3
|
||||
|
||||
@@ -27,7 +27,7 @@ releases:
|
||||
dependsOn: [cilium]
|
||||
|
||||
- name: cozy-proxy
|
||||
releaseName: cozystack
|
||||
releaseName: cozy-proxy
|
||||
chart: cozy-cozy-proxy
|
||||
namespace: cozy-system
|
||||
optional: true
|
||||
|
||||
@@ -66,7 +66,7 @@ releases:
|
||||
dependsOn: [cilium,kubeovn]
|
||||
|
||||
- name: cozy-proxy
|
||||
releaseName: cozystack
|
||||
releaseName: cozy-proxy
|
||||
chart: cozy-cozy-proxy
|
||||
namespace: cozy-system
|
||||
dependsOn: [cilium,kubeovn,multus]
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
assets:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-assets:v0.41.8@sha256:0c12ade47b09f8504056b79b9a395992743a7a0a796e2ce6aa520fd0b756bf3e
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-assets:v0.41.11@sha256:04ca6ac7ac72f4a4d975a33436dc401abf457eb27a7e59f32a333f0b689a11e3
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.41.8@sha256:eac71ef0de3450fce96255629e77903630c63ade62b81e7055f1a689f92ee153
|
||||
image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.41.11@sha256:0eae9f519669667d60b160ebb93c127843c470ad9ca3447fceaa54604503a7ba
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/matchbox:v0.41.8@sha256:b528242e7b6abbd4ddd338d965be743623d7e1eb953c7b15b70a2e9d1e3569e2
|
||||
ghcr.io/cozystack/cozystack/matchbox:v0.41.11@sha256:d11c034f1475d40e83f94a7f51a21082203c72346fe6a35fc931de976c0546c2
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.41.8@sha256:85882ce25baeca26057b1540a44eb5479425f1698c1806fdb3f6619c2eb84d42
|
||||
ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.41.11@sha256:2a3595cd88b30af55b2000d3ca204899beecef0012b0e0402754c3914aad1f7f
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:291427de7db54a1d19dc9c2c807bdcc664a14caa9538786f31317e8c01a4a008
|
||||
ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:1f03fde12124b94b646532e3ebdebf62b8d87e42e0aa5576cd07c4559ce66403
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
cozystackAPI:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-api:v0.41.8@sha256:175c2b4b7e75a092eb0feefa96c1b11f524bd72d7f58d9df5c9a4fade694537f
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-api:v0.41.11@sha256:3a8cb618f140c60eb2a5afd3f07a5ec7e638ab4cd949ea0913abc372703a2d82
|
||||
localK8sAPIEndpoint:
|
||||
enabled: true
|
||||
replicas: 2
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
cozystackController:
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.41.8@sha256:6850a8aace4fa998faa33fc06e2ff8d6034141c31541fd0f6368156d19943838
|
||||
image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.41.11@sha256:8f1c725989e32706293afaea195d110d7690b06ad2e52742fce2bbe9f71cbe48
|
||||
debug: false
|
||||
disableTelemetry: false
|
||||
cozystackVersion: "v0.41.8"
|
||||
cozystackVersion: "v0.41.11"
|
||||
cozystackAPIKind: "DaemonSet"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{{- $brandingConfig := .Values._cluster.branding | default dict }}
|
||||
|
||||
{{- $tenantText := "v0.41.8" }}
|
||||
{{- $tenantText := "v0.41.11" }}
|
||||
{{- $footerText := "Cozystack" }}
|
||||
{{- $titleText := "Cozystack Dashboard" }}
|
||||
{{- $logoText := "" }}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
openapiUI:
|
||||
image: ghcr.io/cozystack/cozystack/openapi-ui:v0.41.8@sha256:7cb9a90f07ecb2d87b0e548e032bc5278b4e7688f265a8695469e8f5bf924e56
|
||||
image: ghcr.io/cozystack/cozystack/openapi-ui:v0.41.11@sha256:87dfcda3aaaade114e099a3bd8fbb4479a20a761d60849dd2fe47ba245db7cb8
|
||||
openapiUIK8sBff:
|
||||
image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.41.8@sha256:fda379dce49c2cd8cb8d7d2a1d8ec6f7bedb3419c058c4355ecdece1c1e937f4
|
||||
image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.41.11@sha256:0ee55b703839497b7d8264000c3f39c3688b550de1047eb754577523c810fa79
|
||||
tokenProxy:
|
||||
image: ghcr.io/cozystack/cozystack/token-proxy:v0.41.8@sha256:2e280991e07853ea48f97b0a42946afffa10d03d6a83d41099ed83e6ffc94fdc
|
||||
image: ghcr.io/cozystack/cozystack/token-proxy:v0.41.11@sha256:2e280991e07853ea48f97b0a42946afffa10d03d6a83d41099ed83e6ffc94fdc
|
||||
|
||||
@@ -38,8 +38,8 @@
|
||||
| kubeRbacProxy.args[2] | string | `"--logtostderr=true"` | |
|
||||
| kubeRbacProxy.args[3] | string | `"--v=0"` | |
|
||||
| kubeRbacProxy.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
|
||||
| kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | Image repository |
|
||||
| kubeRbacProxy.image.tag | string | `"v0.16.0"` | Version of image |
|
||||
| kubeRbacProxy.image.repository | string | `"quay.io/brancz/kube-rbac-proxy"` | Image repository |
|
||||
| kubeRbacProxy.image.tag | string | `"v0.18.1"` | Version of image |
|
||||
| kubeRbacProxy.livenessProbe | object | `{}` | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
|
||||
| kubeRbacProxy.readinessProbe | object | `{}` | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
|
||||
| kubeRbacProxy.resources | object | `{"limits":{"cpu":"250m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
|
||||
|
||||
@@ -98,13 +98,13 @@ kubeRbacProxy:
|
||||
image:
|
||||
|
||||
# -- Image repository
|
||||
repository: gcr.io/kubebuilder/kube-rbac-proxy
|
||||
repository: quay.io/brancz/kube-rbac-proxy
|
||||
|
||||
# -- Image pull policy
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Version of image
|
||||
tag: v0.16.0
|
||||
tag: v0.18.1
|
||||
|
||||
args:
|
||||
- --secure-listen-address=0.0.0.0:8443
|
||||
|
||||
@@ -3,7 +3,7 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.41.8@sha256:fe9b6bb548edfc26be8aaac65801d598a4e2f9884ddf748083b9e509fa00259e
|
||||
tag: v0.41.11@sha256:9ac09f817c67de652bacedcdc0390cd343401879b6c1a1c28131a0f109af3804
|
||||
repository: ghcr.io/cozystack/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
@@ -13,4 +13,4 @@ kamaji:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
extraArgs:
|
||||
- --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.41.8@sha256:fe9b6bb548edfc26be8aaac65801d598a4e2f9884ddf748083b9e509fa00259e
|
||||
- --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.41.11@sha256:9ac09f817c67de652bacedcdc0390cd343401879b6c1a1c28131a0f109af3804
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
portSecurity: true
|
||||
routes: ""
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.41.8@sha256:daf31b66e3264091d631ac97d9921e20a7f77ba340250909d136286c2d83f78a
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.41.11@sha256:50dcf0aa177d8b88949d15cdbbb225f4ac06677048111b5d8ff4910d6ec97d11
|
||||
ovnCentralName: ovn-central
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
portSecurity: true
|
||||
routes: ""
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.41.8@sha256:e18f9fd679e38f65362a8d0042f25468272f6d081136ad47027168d8e7e07a4a
|
||||
image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.41.11@sha256:e18f9fd679e38f65362a8d0042f25468272f6d081136ad47027168d8e7e07a4a
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
KUBEOVN_TAG=v0.40.0
|
||||
|
||||
export NAME=kubeovn
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
@@ -8,6 +6,6 @@ include ../../../scripts/package.mk
|
||||
|
||||
update:
|
||||
rm -rf charts values.yaml Chart.yaml
|
||||
tag=$(KUBEOVN_TAG) && \
|
||||
curl -sSL https://github.com/cozystack/kubeovn/archive/refs/tags/$${tag}.tar.gz | \
|
||||
tar xzvf - --strip 2 kubeovn-$${tag#*v}/chart
|
||||
tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/cozystack/kubeovn-chart | awk -F'[/^]' 'END{print $$3}') && \
|
||||
curl -sSL https://github.com/cozystack/kubeovn-chart/archive/refs/tags/$${tag}.tar.gz | \
|
||||
tar xzvf - --strip 2 kubeovn-chart-$${tag#*v}/chart
|
||||
|
||||
@@ -15,12 +15,12 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: v1.14.25
|
||||
version: v1.15.3
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.14.25"
|
||||
appVersion: "1.15.3"
|
||||
|
||||
kubeVersion: ">= 1.29.0-0"
|
||||
|
||||
@@ -69,7 +69,9 @@ Number of master nodes
|
||||
{{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
|
||||
{{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
|
||||
{{- if and (ne $newChartVersion $chartVersion) (regexMatch $versionRegex $imageVersion) -}}
|
||||
{{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.13.0" -}}
|
||||
{{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.15.0" -}}
|
||||
25.03
|
||||
{{- else if regexFind $versionRegex $imageVersion | semverCompare ">= 1.13.0" -}}
|
||||
24.03
|
||||
{{- else if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
|
||||
22.12
|
||||
|
||||
@@ -122,6 +122,7 @@ spec:
|
||||
limits:
|
||||
cpu: {{ index .Values "ovn-central" "limits" "cpu" }}
|
||||
memory: {{ index .Values "ovn-central" "limits" "memory" }}
|
||||
ephemeral-storage: {{ index .Values "ovn-central" "limits" "ephemeral-storage" }}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
|
||||
@@ -101,6 +101,7 @@ spec:
|
||||
- --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }}
|
||||
- --enable-lb={{- .Values.func.ENABLE_LB }}
|
||||
- --enable-np={{- .Values.func.ENABLE_NP }}
|
||||
- --np-enforcement={{- .Values.func.NP_ENFORCEMENT }}
|
||||
- --enable-eip-snat={{- .Values.networking.ENABLE_EIP_SNAT }}
|
||||
- --enable-external-vpc={{- .Values.func.ENABLE_EXTERNAL_VPC }}
|
||||
- --enable-ecmp={{- .Values.networking.ENABLE_ECMP }}
|
||||
@@ -117,11 +118,14 @@ spec:
|
||||
- --secure-serving={{- .Values.func.SECURE_SERVING }}
|
||||
- --enable-ovn-ipsec={{- .Values.func.ENABLE_OVN_IPSEC }}
|
||||
- --enable-anp={{- .Values.func.ENABLE_ANP }}
|
||||
- --enable-dns-name-resolver={{- .Values.func.ENABLE_DNS_NAME_RESOLVER }}
|
||||
- --ovsdb-con-timeout={{- .Values.func.OVSDB_CON_TIMEOUT }}
|
||||
- --ovsdb-inactivity-timeout={{- .Values.func.OVSDB_INACTIVITY_TIMEOUT }}
|
||||
- --enable-live-migration-optimize={{- .Values.func.ENABLE_LIVE_MIGRATION_OPTIMIZE }}
|
||||
- --enable-ovn-lb-prefer-local={{- .Values.func.ENABLE_OVN_LB_PREFER_LOCAL }}
|
||||
- --image={{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
|
||||
- --skip-conntrack-dst-cidrs={{- .Values.networking.SKIP_CONNTRACK_DST_CIDRS }}
|
||||
- --non-primary-cni-mode={{- .Values.cni_conf.NON_PRIMARY_CNI }}
|
||||
securityContext:
|
||||
runAsUser: {{ include "kubeovn.runAsUser" . }}
|
||||
privileged: false
|
||||
@@ -140,11 +144,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: KUBE_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: KUBE_NODE_NAME
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
@@ -194,6 +194,7 @@ spec:
|
||||
limits:
|
||||
cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }}
|
||||
memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }}
|
||||
ephemeral-storage: {{ index .Values "kube-ovn-controller" "limits" "ephemeral-storage" }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
volumes:
|
||||
|
||||
@@ -100,6 +100,7 @@ spec:
|
||||
limits:
|
||||
cpu: 3
|
||||
memory: 1Gi
|
||||
ephemeral-storage: 1Gi
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -81,7 +81,7 @@ spec:
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
value: "{{ .Values.networking.ENABLE_SSL }}"
|
||||
- name: KUBE_NODE_NAME
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
@@ -110,6 +110,7 @@ spec:
|
||||
limits:
|
||||
cpu: {{ index .Values "kube-ovn-monitor" "limits" "cpu" }}
|
||||
memory: {{ index .Values "kube-ovn-monitor" "limits" "memory" }}
|
||||
ephemeral-storage: {{ index .Values "kube-ovn-monitor" "limits" "ephemeral-storage" }}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
|
||||
@@ -48,10 +48,18 @@ rules:
|
||||
- switch-lb-rules/status
|
||||
- vpc-dnses
|
||||
- vpc-dnses/status
|
||||
- dnsnameresolvers
|
||||
- dnsnameresolvers/status
|
||||
- qos-policies
|
||||
- qos-policies/status
|
||||
verbs:
|
||||
- "*"
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- patch
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
@@ -84,6 +92,8 @@ rules:
|
||||
- network-attachment-definitions
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
- networking.k8s.io
|
||||
@@ -166,7 +176,11 @@ rules:
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- "*"
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- get
|
||||
- watch
|
||||
- apiGroups:
|
||||
- "kubevirt.io"
|
||||
resources:
|
||||
@@ -181,6 +195,7 @@ rules:
|
||||
resources:
|
||||
- adminnetworkpolicies
|
||||
- baselineadminnetworkpolicies
|
||||
- clusternetworkpolicies
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
@@ -276,7 +291,6 @@ rules:
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
@@ -355,12 +369,23 @@ rules:
|
||||
- "list"
|
||||
- "watch"
|
||||
- "delete"
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- "secrets"
|
||||
verbs:
|
||||
- "get"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: secret-reader-ovn-ipsec
|
||||
namespace: {{ .Values.namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- "secrets"
|
||||
resourceNames:
|
||||
- "ovn-ipsec-ca"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- "watch"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
|
||||
@@ -67,6 +67,20 @@ subjects:
|
||||
namespace: {{ .Values.namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: kube-ovn-cni-secret-reader
|
||||
namespace: {{ .Values.namespace }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kube-ovn-cni
|
||||
namespace: {{ .Values.namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: secret-reader-ovn-ipsec
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: kube-ovn-app
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
value: "{{- .Values.networking.TUNNEL_TYPE }}"
|
||||
- name: DPDK_TUNNEL_IFACE
|
||||
value: "{{- .Values.networking.DPDK_TUNNEL_IFACE }}"
|
||||
- name: KUBE_NODE_NAME
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
|
||||
@@ -122,9 +122,7 @@ spec:
|
||||
- --secure-serving={{- .Values.func.SECURE_SERVING }}
|
||||
- --enable-ovn-ipsec={{- .Values.func.ENABLE_OVN_IPSEC }}
|
||||
- --set-vxlan-tx-off={{- .Values.func.SET_VXLAN_TX_OFF }}
|
||||
{{- with .Values.mtu }}
|
||||
- --mtu={{ . }}
|
||||
{{- end }}
|
||||
- --non-primary-cni-mode={{- .Values.cni_conf.NON_PRIMARY_CNI }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: false
|
||||
@@ -143,7 +141,7 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: KUBE_NODE_NAME
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
@@ -227,6 +225,7 @@ spec:
|
||||
limits:
|
||||
cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }}
|
||||
memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }}
|
||||
ephemeral-storage: {{ index .Values "kube-ovn-cni" "limits" "ephemeral-storage" }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
volumes:
|
||||
|
||||
@@ -115,7 +115,7 @@ spec:
|
||||
value: "{{- .Values.func.HW_OFFLOAD }}"
|
||||
- name: TUNNEL_TYPE
|
||||
value: "{{- .Values.networking.TUNNEL_TYPE }}"
|
||||
- name: KUBE_NODE_NAME
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
@@ -173,6 +173,7 @@ spec:
|
||||
limits:
|
||||
cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }}
|
||||
memory: {{ index .Values "ovs-ovn" "limits" "memory" }}
|
||||
ephemeral-storage: {{ index .Values "ovs-ovn" "limits" "ephemeral-storage" }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
volumes:
|
||||
|
||||
@@ -73,7 +73,6 @@ spec:
|
||||
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
|
||||
{{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }}
|
||||
{{- end }}
|
||||
- --ds-namespace={{ .Values.namespace }}
|
||||
- --logtostderr=false
|
||||
- --alsologtostderr=true
|
||||
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
|
||||
@@ -102,6 +101,10 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
@@ -133,6 +136,7 @@ spec:
|
||||
limits:
|
||||
cpu: {{ index .Values "kube-ovn-pinger" "limits" "cpu" }}
|
||||
memory: {{ index .Values "kube-ovn-pinger" "limits" "memory" }}
|
||||
ephemeral-storage: {{ index .Values "kube-ovn-pinger" "limits" "ephemeral-storage" }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
|
||||
@@ -120,6 +120,14 @@ spec:
|
||||
- sh
|
||||
- -c
|
||||
- /kube-ovn/remove-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-finalizer.log
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 200Mi
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 500Mi
|
||||
ephemeral-storage: 1Gi
|
||||
volumeMounts:
|
||||
- mountPath: /var/log/kube-ovn
|
||||
name: kube-ovn-log
|
||||
|
||||
@@ -31,6 +31,8 @@ rules:
|
||||
- daemonsets
|
||||
verbs:
|
||||
- list
|
||||
- get
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
|
||||
@@ -7,7 +7,7 @@ metadata:
|
||||
kubernetes.io/description: |
|
||||
kube-ovn vpc-nat common config
|
||||
data:
|
||||
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }}
|
||||
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.natgateway.repository }}:{{ or .Values.global.images.natgateway.tag .Values.global.images.kubeovn.tag }}
|
||||
|
||||
---
|
||||
kind: ConfigMap
|
||||
|
||||
@@ -8,10 +8,11 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kube-ovn
|
||||
vpcRepository: vpc-nat-gateway
|
||||
tag: v1.14.25
|
||||
support_arm: true
|
||||
thirdparty: true
|
||||
tag: v1.15.3
|
||||
natgateway:
|
||||
repository: vpc-nat-gateway
|
||||
# Falls back to the same tag as kubeovn if empty
|
||||
tag: v1.15.3
|
||||
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
@@ -46,6 +47,8 @@ networking:
|
||||
ENABLE_METRICS: true
|
||||
# comma-separated string of nodelocal DNS ip addresses
|
||||
NODE_LOCAL_DNS_IP: ""
|
||||
# comma-separated list of destination IP CIDRs that should skip conntrack processing
|
||||
SKIP_CONNTRACK_DST_CIDRS: ""
|
||||
PROBE_INTERVAL: 180000
|
||||
OVN_NORTHD_PROBE_INTERVAL: 5000
|
||||
OVN_LEADER_PROBE_INTERVAL: 5
|
||||
@@ -57,6 +60,7 @@ networking:
|
||||
func:
|
||||
ENABLE_LB: true
|
||||
ENABLE_NP: true
|
||||
NP_ENFORCEMENT: standard
|
||||
ENABLE_EXTERNAL_VPC: false
|
||||
HW_OFFLOAD: false
|
||||
ENABLE_LB_SVC: false
|
||||
@@ -73,6 +77,7 @@ func:
|
||||
ENABLE_NAT_GW: true
|
||||
ENABLE_OVN_IPSEC: false
|
||||
ENABLE_ANP: false
|
||||
ENABLE_DNS_NAME_RESOLVER: false
|
||||
SET_VXLAN_TX_OFF: false
|
||||
OVSDB_CON_TIMEOUT: 3
|
||||
OVSDB_INACTIVITY_TIMEOUT: 10
|
||||
@@ -80,6 +85,10 @@ func:
|
||||
ENABLE_OVN_LB_PREFER_LOCAL: false
|
||||
|
||||
ipv4:
|
||||
POD_CIDR: "10.16.0.0/16"
|
||||
POD_GATEWAY: "10.16.0.1"
|
||||
SVC_CIDR: "10.96.0.0/12"
|
||||
JOIN_CIDR: "100.64.0.0/16"
|
||||
PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
|
||||
PINGER_EXTERNAL_DOMAIN: "kube-ovn.io."
|
||||
|
||||
@@ -116,6 +125,7 @@ cni_conf:
|
||||
CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist"
|
||||
LOCAL_BIN_DIR: "/usr/local/bin"
|
||||
MOUNT_LOCAL_BIN_DIR: false
|
||||
NON_PRIMARY_CNI: false
|
||||
|
||||
kubelet_conf:
|
||||
KUBELET_DIR: "/var/lib/kubelet"
|
||||
@@ -135,7 +145,7 @@ fullnameOverride: ""
|
||||
HYBRID_DPDK: false
|
||||
HUGEPAGE_SIZE_TYPE: hugepages-2Mi # Default
|
||||
HUGEPAGES: 1Gi
|
||||
DPDK_IMAGE_TAG: "v1.14.0-dpdk"
|
||||
DPDK_IMAGE_TAG: "v1.15.0-dpdk"
|
||||
DPDK_CPU: "1000m" # Default CPU configuration
|
||||
DPDK_MEMORY: "2Gi" # Default Memory configuration
|
||||
|
||||
@@ -146,6 +156,7 @@ ovn-central:
|
||||
limits:
|
||||
cpu: "3"
|
||||
memory: "4Gi"
|
||||
ephemeral-storage: 1Gi
|
||||
ovs-ovn:
|
||||
requests:
|
||||
cpu: "200m"
|
||||
@@ -153,6 +164,7 @@ ovs-ovn:
|
||||
limits:
|
||||
cpu: "2"
|
||||
memory: "1000Mi"
|
||||
ephemeral-storage: 1Gi
|
||||
kube-ovn-controller:
|
||||
requests:
|
||||
cpu: "200m"
|
||||
@@ -160,6 +172,7 @@ kube-ovn-controller:
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
ephemeral-storage: 1Gi
|
||||
kube-ovn-cni:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
@@ -167,6 +180,7 @@ kube-ovn-cni:
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
ephemeral-storage: 1Gi
|
||||
kube-ovn-pinger:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
@@ -174,6 +188,7 @@ kube-ovn-pinger:
|
||||
limits:
|
||||
cpu: "200m"
|
||||
memory: "400Mi"
|
||||
ephemeral-storage: 1Gi
|
||||
kube-ovn-monitor:
|
||||
requests:
|
||||
cpu: "200m"
|
||||
@@ -181,3 +196,4 @@ kube-ovn-monitor:
|
||||
limits:
|
||||
cpu: "200m"
|
||||
memory: "200Mi"
|
||||
ephemeral-storage: 1Gi
|
||||
|
||||
@@ -65,4 +65,4 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kubeovn
|
||||
tag: v1.14.25@sha256:d0b29daaf36e81cac0f9fb15d0ea6b1b49f1abba81a14c73b88a2e60ffcc5978
|
||||
tag: v1.15.3@sha256:fa53d5f254f640cb626329ad35d9e7aad647dd8e1e645e68f3f13c3659472a30
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
storageClass: replicated
|
||||
csiDriver:
|
||||
image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:8f1ab4c3b2bed3a0adc40fcc823b040fa04b4722bec7735c030e79a3a2fd6c85
|
||||
image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:bb5b17044969e663c3b391f7274883735c0ffe05a9523988469bdf2974de2dea
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
lineageControllerWebhook:
|
||||
image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v0.41.8@sha256:0bfce72a67a36b79cf718fada94809b16b4012b6703b1e053f7fe9b12a7b54f0
|
||||
image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v0.41.11@sha256:91ad700fe681c6f96e756c51ee22ff50e606536c316c608e11207bdca817e0ce
|
||||
debug: false
|
||||
localK8sAPIEndpoint:
|
||||
enabled: true
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
piraeusServer:
|
||||
image:
|
||||
repository: ghcr.io/cozystack/cozystack/piraeus-server
|
||||
tag: 1.32.3@sha256:3d1b4348c665fb88f8bead09a1fa68547e6872172ed0168449cb232c4467ad84
|
||||
tag: 1.32.3@sha256:18fac1ac740ce64c1dfb31b5ab36b6d008af8d9a70aedd451b32a726c79ca794
|
||||
linstor:
|
||||
autoDiskful:
|
||||
enabled: true
|
||||
@@ -10,4 +10,4 @@ linstor:
|
||||
linstorCSI:
|
||||
image:
|
||||
repository: ghcr.io/cozystack/cozystack/linstor-csi
|
||||
tag: v1.10.5@sha256:6e6cf48cb994f3918df946e02ec454ac64916678b3e60d78c136b431f1a26155
|
||||
tag: v1.10.5@sha256:50ab1ab0210d4e7ebfca311f445bb764516db5ddb63fc6d28536b28622eee753
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
objectstorage:
|
||||
controller:
|
||||
image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.41.8@sha256:bb2b2b95cbc3d613b077a87a6c281a3ceff8ef8655d770fb2f8fd6b5f1d0c588"
|
||||
image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.41.11@sha256:e40e94f3014cfd04cce4230597315a1acfcca2daa8051b987614d0c05da6d928"
|
||||
|
||||
@@ -177,7 +177,7 @@ seaweedfs:
|
||||
bucketClassName: "seaweedfs"
|
||||
region: ""
|
||||
sidecar:
|
||||
image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.41.8@sha256:85882ce25baeca26057b1540a44eb5479425f1698c1806fdb3f6619c2eb84d42"
|
||||
image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.41.11@sha256:2a3595cd88b30af55b2000d3ca204899beecef0012b0e0402754c3914aad1f7f"
|
||||
certificates:
|
||||
commonName: "SeaweedFS CA"
|
||||
ipAddresses: []
|
||||
|
||||
Reference in New Issue
Block a user