diff --git a/gitops/base-install/argocd/cluster-install/kustomization.yaml b/gitops/base-install/argocd/cluster-install/kustomization.yaml index 80ce540..c58320e 100644 --- a/gitops/base-install/argocd/cluster-install/kustomization.yaml +++ b/gitops/base-install/argocd/cluster-install/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.0/manifests/install.yaml +- https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.5/manifests/install.yaml namespace: argocd labels: diff --git a/gitops/base-install/argocd/ha-install/kustomization.yaml b/gitops/base-install/argocd/ha-install/kustomization.yaml index c52daf6..aac6b99 100644 --- a/gitops/base-install/argocd/ha-install/kustomization.yaml +++ b/gitops/base-install/argocd/ha-install/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.0/manifests/ha/install.yaml +- https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.5/manifests/ha/install.yaml namespace: argocd diff --git a/gitops/base-install/cert-manager/install.yaml b/gitops/base-install/cert-manager/install.yaml index b8820c5..5e058cf 100644 --- a/gitops/base-install/cert-manager/install.yaml +++ b/gitops/base-install/cert-manager/install.yaml @@ -11,7 +11,7 @@ spec: source: chart: cert-manager repoURL: https://charts.jetstack.io - targetRevision: 1.13.2 + targetRevision: 1.14.4 helm: releaseName: cert-manager valuesObject: @@ -35,6 +35,7 @@ spec: cpu: "15m" memory: "105M" webhook: + hostNetwork: true resources: requests: cpu: "15m" diff --git a/gitops/base-install/ingress-controller/kustomization.yaml b/gitops/base-install/ingress-controller/kustomization.yaml index 2c55247..d682d37 100644 --- a/gitops/base-install/ingress-controller/kustomization.yaml +++ b/gitops/base-install/ingress-controller/kustomization.yaml @@ -1,6 +1,6 @@ resources: - ./resources.yaml - - https://raw.githubusercontent.com/kubernetes/ingress-nginx/helm-chart-4.8.3/deploy/static/provider/aws/deploy.yaml + - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.0/deploy/static/provider/aws/deploy.yaml patches: - path: overlays/ingress-class-nginx-patch.yaml diff --git a/gitops/base-install/ingress-controller/overlays/nginx-ingress-controller-patch.yaml b/gitops/base-install/ingress-controller/overlays/nginx-ingress-controller-patch.yaml index 2587c00..5ccefe8 100644 --- a/gitops/base-install/ingress-controller/overlays/nginx-ingress-controller-patch.yaml +++ b/gitops/base-install/ingress-controller/overlays/nginx-ingress-controller-patch.yaml @@ -1,4 +1,5 @@ --- - {op: add, path: /spec/template/spec/containers/0/args/-, value: --enable-ssl-passthrough} - {op: replace, path: /spec/template/spec/containers/0/resources/requests/memory, value: 110M} +- {op: add, path: /spec/template/spec/hostNetwork, value: true} #- {op: add, path: /spec/template/spec/containers/0/resources/limits/memory, value: 110M} diff --git a/gitops/base-install/ingress-controller/resources.yaml b/gitops/base-install/ingress-controller/resources.yaml index 607d0c1..f4832a8 100644 --- a/gitops/base-install/ingress-controller/resources.yaml +++ b/gitops/base-install/ingress-controller/resources.yaml @@ -11,10 +11,11 @@ spec: source: chart: aws-load-balancer-controller repoURL: https://aws.github.io/eks-charts - targetRevision: 1.6.2 + targetRevision: 1.7.1 helm: releaseName: aws-load-balancer-controller valuesObject: + hostNetwork: true serviceAccount: create: "true" name: "aws-load-balancer-controller" diff --git a/gitops/components/cilium/kustomization.yaml b/gitops/components/cilium/kustomization.yaml deleted file mode 100644 index e46853e..0000000 --- a/gitops/components/cilium/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -resources: - - ./resources.yaml - -patches: - - target: - group: argoproj.io - version: v1alpha1 - kind: AppProject - name: admins - patch: |- - - op: add - path: /spec/sourceRepos/- - value: https://helm.cilium.io - - op: add - path: /spec/destinations/- - value: - namespace: cilium - server: https://kubernetes.default.svc diff --git a/gitops/components/cilium/resources.yaml b/gitops/components/cilium/resources.yaml deleted file mode 100644 index be7f68a..0000000 --- a/gitops/components/cilium/resources.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cilium - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: admins - destination: - namespace: cilium - name: in-cluster - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - source: - chart: cilium - repoURL: https://helm.cilium.io - targetRevision: 1.14.4 - helm: - releaseName: cilium - valuesObject: - cni: - exclusive: "false" - # tunnelProtocol: "" - tunnelProtocol: geneve - # routingMode: native - routingMode: tunnel - nodeSelector: - kubernetes.io/os: linux - pelo.tech/multi-home-networking: "true" - pelo.tech/uki-labs: "lab3" diff --git a/gitops/components/image-updater/kustomization.yaml b/gitops/components/image-updater/kustomization.yaml deleted file mode 100644 index 25241e5..0000000 --- a/gitops/components/image-updater/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -resources: - - resources.yaml - -replacements: - - source: - version: v1 - kind: ConfigMap - name: kustomize-environment - fieldPath: data.IMAGE_UPDATER_ROLE_ARN - targets: - - select: - group: argoproj.io - version: v1alpha1 - kind: Application - name: argocd-image-updater - fieldPaths: - - spec.source.helm.valuesObject.serviceAccount.annotations.[eks.amazonaws.com/role-arn] diff --git a/gitops/components/image-updater/resources.yaml b/gitops/components/image-updater/resources.yaml deleted file mode 100644 index c865f3b..0000000 --- a/gitops/components/image-updater/resources.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: argocd-image-updater - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: admins - destination: - namespace: argocd - name: in-cluster - syncPolicy: - automated: {} - source: - repoURL: https://argoproj.github.io/argo-helm - chart: argocd-image-updater - targetRevision: 0.9.1 - helm: - valuesObject: - # guide: https://github.com/argoproj-labs/argocd-image-updater/issues/112#issuecomment-1058465942 - config: - registries: - - name: ECR - api_url: https://530052405138.dkr.ecr.us-gov-west-1.amazonaws.com - prefix: 530052405138.dkr.ecr.us-gov-west-1.amazonaws.com - default: true - ping: true - insecure: false - credentials: ext:/scripts/ecr-login.sh - credsexpire: 6h - extraEnv: - - name: AWS_REGION - value: us-gov-west-1 - authScripts: - enabled: true - scripts: - ecr-login.sh: | - #!/bin/sh - aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d - resources: - limits: - memory: 105M - requests: - cpu: 15m - memory: 105M - serviceAccount: - create: true - name: argocd-image-updater - annotations: - eks.amazonaws.com/sts-regional-endpoints: "true" - eks.amazonaws.com/role-arn: IMAGE_UPDATER_ROLE_ARN diff --git a/gitops/components/karpenter/resources.yaml b/gitops/components/karpenter/resources.yaml index b9098bb..29afe54 100644 --- a/gitops/components/karpenter/resources.yaml +++ b/gitops/components/karpenter/resources.yaml @@ -18,10 +18,11 @@ spec: source: chart: karpenter repoURL: public.ecr.aws/karpenter - targetRevision: v0.34.0 + targetRevision: v0.35.2 helm: releaseName: karpenter valuesObject: + hostNetwork: true controller: image: repository: ghcr.io/pelotech/karpenter diff --git a/gitops/components/kube-ovn/kustomization.yaml b/gitops/components/kube-ovn/kustomization.yaml new file mode 100644 index 0000000..36d89cb --- /dev/null +++ b/gitops/components/kube-ovn/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: kube-ovn + includeCRDs: true + valuesInline: + MASTER_NODES: "172.16.0.48,172.16.1.10" # sample options - do not use this except for future example + replicaCount: "2" # sample options - do not use this except for future example + releaseName: kube-ovn + version: v1.12.11 + repo: https://kubeovn.github.io/kube-ovn + +patches: + - target: + group: argoproj.io + version: v1alpha1 + kind: AppProject + name: admins + patch: |- + - op: add + path: /spec/sourceRepos/- + value: https://kubeovn.github.io/kube-ovn diff --git a/gitops/components/multus/kustomization.yaml b/gitops/components/multus/kustomization.yaml index 10bf1cc..410547b 100644 --- a/gitops/components/multus/kustomization.yaml +++ b/gitops/components/multus/kustomization.yaml @@ -2,9 +2,31 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - - ./resources.yaml + - https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/v4.0.2/deployments/multus-daemonset.yml + +images: + - name: ghcr.io/k8snetworkplumbingwg/multus-cni + newTag: v4.0.2 patches: + - target: + group: apps + version: v1 + kind: DaemonSet + name: kube-multus-ds + path: ./overlays/multus-daemonset-tolerations.yaml + - target: + group: apps + version: v1 + kind: DaemonSet + name: kube-multus-ds + path: ./overlays/multus-daemonset-readiness.yaml + - target: + group: apps + version: v1 + kind: DaemonSet + name: kube-multus-ds + path: ./overlays/multus-daemonset-container-args.yaml - target: group: argoproj.io version: v1alpha1 @@ -14,8 +36,3 @@ patches: - op: add path: /spec/sourceRepos/- value: registry-1.docker.io/bitnamicharts - - op: add - path: /spec/destinations/- - value: - namespace: nidhogg-system - server: https://kubernetes.default.svc diff --git a/gitops/components/multus/kustomize/kustomization.yaml b/gitops/components/multus/kustomize/kustomization.yaml deleted file mode 100644 index e0aa6b3..0000000 --- a/gitops/components/multus/kustomize/kustomization.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/v4.0.2/deployments/multus-daemonset.yml - -images: - - name: ghcr.io/k8snetworkplumbingwg/multus-cni - newTag: v4.0.2 - -patches: - - target: - group: apps - version: v1 - kind: DaemonSet - name: kube-multus-ds - path: ./overlays/multus-daemonset-tolerations.yaml - - target: - group: apps - version: v1 - kind: DaemonSet - name: kube-multus-ds - path: ./overlays/multus-daemonset-readiness.yaml - - target: - group: apps - version: v1 - kind: DaemonSet - name: kube-multus-ds - path: ./overlays/multus-daemonset-container-args.yaml diff --git a/gitops/components/multus/kustomize/overlays/multus-daemonset-container-args.yaml b/gitops/components/multus/overlays/multus-daemonset-container-args.yaml similarity index 100% rename from gitops/components/multus/kustomize/overlays/multus-daemonset-container-args.yaml rename to gitops/components/multus/overlays/multus-daemonset-container-args.yaml diff --git a/gitops/components/multus/kustomize/overlays/multus-daemonset-readiness.yaml b/gitops/components/multus/overlays/multus-daemonset-readiness.yaml similarity index 100% rename from gitops/components/multus/kustomize/overlays/multus-daemonset-readiness.yaml rename to gitops/components/multus/overlays/multus-daemonset-readiness.yaml diff --git a/gitops/components/multus/kustomize/overlays/multus-daemonset-tolerations.yaml b/gitops/components/multus/overlays/multus-daemonset-tolerations.yaml similarity index 50% rename from gitops/components/multus/kustomize/overlays/multus-daemonset-tolerations.yaml rename to gitops/components/multus/overlays/multus-daemonset-tolerations.yaml index 683e301..723c8e8 100644 --- a/gitops/components/multus/kustomize/overlays/multus-daemonset-tolerations.yaml +++ b/gitops/components/multus/overlays/multus-daemonset-tolerations.yaml @@ -6,9 +6,7 @@ spec: template: spec: tolerations: - - key: nidhogg.uswitch.com/kube-system.kube-multus-ds + - effect: NoSchedule operator: Exists - - key: pelo.tech/uki-labs + - effect: NoExecute operator: Exists - nodeSelector: - pelo.tech/multi-home-networking: "true" diff --git a/gitops/components/multus/resources.yaml b/gitops/components/multus/resources.yaml deleted file mode 100644 index 27e40d7..0000000 --- a/gitops/components/multus/resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: multus - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: admins - destination: - namespace: kube-system - name: in-cluster - syncPolicy: - automated: {} - source: - repoURL: 'https://github.com/pelotech/foundation' - path: 'gitops/components/multus/kustomize' - targetRevision: main diff --git a/gitops/components/nidhogg/kustomization.yaml b/gitops/components/nidhogg/kustomization.yaml index e3f99c2..bd74d30 100644 --- a/gitops/components/nidhogg/kustomization.yaml +++ b/gitops/components/nidhogg/kustomization.yaml @@ -2,9 +2,19 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component resources: - - ./resources.yaml + - https://github.com/pelotech/nidhogg//kustomize?ref=v0.5.1 patches: + - path: overlays/nidhogg-controller-manager.yaml + target: + group: apps + kind: StatefulSet + name: nidhogg-controller-manager + version: v1 + - path: overlays/nidhogg-config-patch.yaml + target: + kind: ConfigMap + name: nidhogg-config - target: group: argoproj.io version: v1alpha1 diff --git a/gitops/components/nidhogg/kustomize/kustomization.yaml b/gitops/components/nidhogg/kustomize/kustomization.yaml deleted file mode 100644 index 7796999..0000000 --- a/gitops/components/nidhogg/kustomize/kustomization.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: nidhogg-system - -resources: - - https://github.com/pelotech/nidhogg//kustomize?ref=v0.5.1 - -patches: - - path: overlays/nidhogg-controller-manager.yaml - target: - group: apps - kind: StatefulSet - name: nidhogg-controller-manager - version: v1 - - path: overlays/nidhogg-config-patch.yaml - target: - kind: ConfigMap - name: nidhogg-config diff --git a/gitops/components/nidhogg/kustomize/overlays/nidhogg-config-patch.yaml b/gitops/components/nidhogg/overlays/nidhogg-config-patch.yaml similarity index 89% rename from gitops/components/nidhogg/kustomize/overlays/nidhogg-config-patch.yaml rename to gitops/components/nidhogg/overlays/nidhogg-config-patch.yaml index d25a22e..855fd38 100644 --- a/gitops/components/nidhogg/kustomize/overlays/nidhogg-config-patch.yaml +++ b/gitops/components/nidhogg/overlays/nidhogg-config-patch.yaml @@ -5,7 +5,7 @@ data: "taintNamePrefix": "nidhogg.uswitch.com", "taintRemovalDelayInSeconds": 10, "nodeSelector": [ - "pelo.tech/multi-home-networking" + "kubernetes.io/os=linux" ], "daemonsets": [ { diff --git a/gitops/components/nidhogg/kustomize/overlays/nidhogg-controller-manager.yaml b/gitops/components/nidhogg/overlays/nidhogg-controller-manager.yaml similarity index 71% rename from gitops/components/nidhogg/kustomize/overlays/nidhogg-controller-manager.yaml rename to gitops/components/nidhogg/overlays/nidhogg-controller-manager.yaml index 78de8e2..8216b28 100644 --- a/gitops/components/nidhogg/kustomize/overlays/nidhogg-controller-manager.yaml +++ b/gitops/components/nidhogg/overlays/nidhogg-controller-manager.yaml @@ -5,3 +5,6 @@ operator: Exists - key: CriticalAddonsOnly operator: Exists +- op: add + path: /spec/template/spec/hostNetwork + value: true diff --git a/gitops/components/nidhogg/resources.yaml b/gitops/components/nidhogg/resources.yaml deleted file mode 100644 index b41647e..0000000 --- a/gitops/components/nidhogg/resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: nidhogg - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: admins - destination: - namespace: kube-system - name: in-cluster - syncPolicy: - automated: {} - source: - repoURL: 'https://github.com/pelotech/foundation' - path: 'gitops/components/nidhogg/kustomize' - targetRevision: main diff --git a/gitops/components/whereabouts/kustomization.yaml b/gitops/components/whereabouts/kustomization.yaml deleted file mode 100644 index 15b7213..0000000 --- a/gitops/components/whereabouts/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -resources: - - ./resources.yaml - -patches: - - target: - group: argoproj.io - version: v1alpha1 - kind: AppProject - name: admins - patch: |- - - op: add - path: /spec/sourceRepos/- - value: registry-1.docker.io/bitnamicharts diff --git a/gitops/components/whereabouts/resources.yaml b/gitops/components/whereabouts/resources.yaml deleted file mode 100644 index 6fc5524..0000000 --- a/gitops/components/whereabouts/resources.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: whereabouts - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: admins - destination: - namespace: kube-system - name: in-cluster - syncPolicy: - automated: {} - source: - chart: whereabouts - repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 0.10.1 - helm: - releaseName: whereabouts - valuesObject: - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: nidhogg.uswitch.com/kube-system.kube-multus-ds - operator: Exists - - key: pelo.tech/uki-labs - operator: Exists