From 23deb23e78e1e0936f6d9f569f31826f58573de9 Mon Sep 17 00:00:00 2001 From: sungil Date: Thu, 20 Jul 2023 05:49:38 +0000 Subject: [PATCH 01/19] bumpup lma-addons(new dashboard) --- lma/base/resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml index 850c9da..1fd2aa4 100644 --- a/lma/base/resources.yaml +++ b/lma/base/resources.yaml @@ -758,7 +758,7 @@ spec: type: helmrepo repository: https://harbor-cicd.taco-cat.xyz/chartrepo/tks name: lma-addons - version: 1.8.3 + version: 1.8.4 origin: https://openinfradev.github.io/helm-repo releaseName: addons targetNamespace: lma From c67512e9ae54833f7622eaa200055d7d2429a4a8 Mon Sep 17 00:00:00 2001 From: sungil Date: Sat, 22 Jul 2023 08:41:28 +0000 Subject: [PATCH 02/19] typo --- lma/base/resources.yaml | 2 +- lma/base/site-values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml index 1fd2aa4..a28207f 100644 --- a/lma/base/resources.yaml +++ b/lma/base/resources.yaml @@ -1233,7 +1233,7 @@ kind: HelmRelease metadata: labels: name: lma-bucket - name: lma-buket + name: lma-bucket spec: helmVersion: v3 chart: diff --git a/lma/base/site-values.yaml b/lma/base/site-values.yaml index ee821e1..b29e771 100644 --- a/lma/base/site-values.yaml +++ b/lma/base/site-values.yaml @@ -258,7 +258,7 @@ charts: - name: lma-bucket override: s3.enabled: true - s3.name: + s3.buckets: - name: $(clusterName)-tks-thanos - name: $(clusterName)-tks-loki # tks.iamRoles: arn:aws:iam::12345678:role/control-plane.cluster-api-provider-aws.sigs.k8s.io From 58d9235f8c4c637f082f54070e99cc877998ab8b Mon Sep 17 00:00:00 2001 From: sungil Date: Mon, 24 Jul 2023 06:46:19 +0000 Subject: [PATCH 03/19] s3support: change release name --- lma/base/resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml index a28207f..4b7171e 100644 --- a/lma/base/resources.yaml +++ b/lma/base/resources.yaml @@ -1241,7 +1241,7 @@ spec: repository: https://harbor-cicd.taco-cat.xyz/chartrepo/tks name: ack-resources version: v1.0.1 - releaseName: ack-resources + releaseName: lma-bucket targetNamespace: taco-system values: tks: From 115c7d312a28c127e4fedcf1a2008d9532c3be44 Mon Sep 17 00:00:00 2001 From: Sungil Im Date: Tue, 25 Jul 2023 19:23:13 +0900 Subject: [PATCH 04/19] Update resources.yaml --- lma/base/resources.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml index 478701d..33856f5 100644 --- a/lma/base/resources.yaml +++ b/lma/base/resources.yaml @@ -1088,7 +1088,7 @@ spec: type: helmrepo repository: https://harbor-cicd.taco-cat.xyz/chartrepo/tks name: thanos-config - version: 0.1.5 + version: 0.1.6 origin: https://openinfradev.github.io/helm-repo releaseName: thanos-config targetNamespace: lma @@ -1249,4 +1249,4 @@ spec: s3: enabled: true - buckets: [ ] \ No newline at end of file + buckets: [ ] From a7f95f6b348b5e6ca674545ad485c6c0a415d5a1 Mon Sep 17 00:00:00 2001 From: sungil Date: Tue, 29 Aug 2023 08:54:10 +0000 Subject: [PATCH 05/19] ingress-nginx: update default replica and resource spec --- tks-cluster/base/resources.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tks-cluster/base/resources.yaml b/tks-cluster/base/resources.yaml index 59566ef..6c80df8 100644 --- a/tks-cluster/base/resources.yaml +++ b/tks-cluster/base/resources.yaml @@ -95,7 +95,7 @@ spec: registry: harbor.taco-cat.xyz image: tks/kube-webhook-certgen digest: "" - replicaCount: 2 + replicaCount: 1 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -119,6 +119,10 @@ spec: proxy-body-size: "10m" hostPort: enabled: true + resources: + requests: + cpu: 100m + memory: 4Gi wait: true # --- # apiVersion: helm.fluxcd.io/v1 From 3398c7e09c4eb91796efcfb78b68fa8e30de1e2a Mon Sep 17 00:00:00 2001 From: Robert Choi Date: Wed, 30 Aug 2023 17:57:51 +0900 Subject: [PATCH 06/19] update lma-addson chart version --- lma/base/resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml index e172888..21dfe8c 100644 --- a/lma/base/resources.yaml +++ b/lma/base/resources.yaml @@ -757,7 +757,7 @@ spec: type: helmrepo repository: https://harbor.taco-cat.xyz/chartrepo/tks name: lma-addons - version: 1.8.4 + version: 1.8.5 origin: https://openinfradev.github.io/helm-repo releaseName: addons targetNamespace: lma From bde3d03b3af6c7acb5658b3be330b7ea5cf655b6 Mon Sep 17 00:00:00 2001 From: Robert Choi Date: Thu, 14 Sep 2023 16:38:41 +0900 Subject: [PATCH 07/19] add tks-admin-tools group --- tks-admin-tools/base/kustomization.yaml | 5 + tks-admin-tools/base/resources.yaml | 188 ++++++++++++++++++++++++ tks-admin-tools/base/site-values.yaml | 91 ++++++++++++ tks-admin-tools/image/image-values.yaml | 78 ++++++++++ 4 files changed, 362 insertions(+) create mode 100644 tks-admin-tools/base/kustomization.yaml create mode 100644 tks-admin-tools/base/resources.yaml create mode 100644 tks-admin-tools/base/site-values.yaml create mode 100644 tks-admin-tools/image/image-values.yaml diff --git a/tks-admin-tools/base/kustomization.yaml b/tks-admin-tools/base/kustomization.yaml new file mode 100644 index 0000000..fdb088d --- /dev/null +++ b/tks-admin-tools/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - resources.yaml + +transformers: + - site-values.yaml diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml new file mode 100644 index 0000000..d3d1ee8 --- /dev/null +++ b/tks-admin-tools/base/resources.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: keycloak + name: keycloak +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: keycloak + version: 15.1.6 + origin: https://github.com/bitnami/charts/tree/main/bitnami/keycloak + releaseName: keycloak + targetNamespace: keycloak + values: + global: + storageClass: "taco-storage" + auth: + adminUser: "admin" + adminPassword: password + proxy: edge + httpRelativePath: "/auth/" + production: true + replicaCount: 1 # tunable + ingress: + enabled: true + ingressClassName: nginx # tunable + hostname: TO_BE_FIXED + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: 20k + acme.cert-manager.io/http01-edit-in-place: "true" + cert-manager.io/cluster-issuer: http0issuer + tls: true + selfSigned: false + cache: + enabled: true + stackName: kubernetes + postgresql: + enabled: false + externalDatabase: + host: "postgresql.tks-db.svc" # tunable + port: 5432 + password: password + readinessProbe: + failureThreshold: 10 + extraEnvVars: + - name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY + value: "true" + +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: tks-api + name: tks-api +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: tks-api + version: 0.1.2 + origin: https://openinfradev.github.io/helm-repo + releaseName: tks-api + targetNamespace: tks + values: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: postgresql.tks-db.svc + adminUser: postgres + adminPassword: password # tunable + dbUser: tksuser + dbPassword: password # tunable + tksapi: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-api + tag: v3.0.1 + # Master org's admin password + tksAccount: + password: admin # tunable + args: + imageRegistryUrl: "harbor.taco-cat.xyz/appserving" # tunable + harborPwSecret: "harbor-core" + gitRepositoryUrl: "github.com/openinfradev" # tunable + keycloakAddress: http://keycloak.keycloak.svc:80/auth + tksbatch: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-batch + tag: v3.0.0 + tksconsole: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-console + tag: v3.0.1 + +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: harbor + name: harbor +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: harbor + version: 1.11.0 + origin: https://github.com/goharbor/harbor-helm + releaseName: harbor + targetNamespace: harbor + values: + expose: + tls: + certSource: secret + secret: + secretName: "harbor.taco-cat-tls" # tunable + ingress: + hosts: + core: TO_BE_FIXED + className: "nginx" # tunable + annotations: + cert-manager.io/cluster-issuer: http0issuer + acme.cert-manager.io/http01-edit-in-place: "true" + externalURL: TO_BE_FIXED + ####################################################### + ## all values under persistence are tunable (for HA) ## + ####################################################### + persistence: + persistentVolumeClaim: + registry: + storageClass: taco-storage + accessMode: ReadWriteOnce + size: 200Gi + chartmuseum: + storageClass: taco-storage + accessMode: ReadWriteOnce + size: 20Gi + jobservice: + jobLog: + storageClass: taco-storage + accessMode: ReadWriteOnce + scanDataExports: + storageClass: taco-storage + accessMode: ReadWriteOnce + redis: + storageClass: taco-storage + accessMode: ReadWriteOnce + trivy: + storageClass: taco-storage + database: + type: external + external: + host: "postgresql.tks-db.svc" # tunable + port: "5432" + username: "harbor" + password: password # tunable + existingSecret: "" + # "disable" - No SSL + # "require" - Always SSL (skip verification) + # "verify-ca" - Always SSL (verify that the certificate presented by the + # server was signed by a trusted CA) + # "verify-full" - Always SSL (verify that the certification presented by the + # server was signed by a trusted CA and the server host name matches the one + # in the certificate) + sslmode: "require" + notary: + enabled: false + cache: + enabled: true + core: + replicas: 1 # tunable + jobservice: + replicas: 1 # tunable + registry: + replicas: 1 # tunable + chartmuseum: + replicas: 1 # tunable + trivy: + replicas: 1 # tunable + portal: + replicas: 1 # tunable + harborAdminPassword: password # tunable diff --git a/tks-admin-tools/base/site-values.yaml b/tks-admin-tools/base/site-values.yaml new file mode 100644 index 0000000..3129cd2 --- /dev/null +++ b/tks-admin-tools/base/site-values.yaml @@ -0,0 +1,91 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: site + +global: + dbHost: ${DATABASE_HOST} + commonPassword: ${COMMON_PASSWORD} + storageClass: ${STORAGE_CLASS} + storageClassHa: ${STORAGE_CLASS_HA} + +charts: +- name: keycloak + override: + global.storageClass: $(storageClass) + auth.adminPassword: $(commonPassword) + ingress.enabled: true + ingress.hostname: TO_BE_FIXED + externalDatabase.host: $(dbHost) + externalDatabase.password: $(commonPassword) + +- name: tks-api + override: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: $(dbHost) + adminPassword: $(commonPassword) + dbUser: tksuser + dbPassword: $(commonPassword) + tksapi: + replicaCount: 1 + tksAccount: + password: $(commonPassword) + args: + imageRegistryUrl: "harbor.taco-cat.xyz/appserving" + gitRepositoryUrl: "github.com/openinfradev" + keycloakAddress: http://keycloak.keycloak.svc:80/auth + tksbatch: + replicaCount: 1 + tksconsole: + replicaCount: 1 + +- name: harbor + override: + expose: + ingress: + hosts: + core: TO_BE_FIXED + className: "nginx" + externalURL: TO_BE_FIXED + persistence: + persistentVolumeClaim: + registry: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + size: 200Gi + chartmuseum: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + size: 20Gi + jobservice: + jobLog: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + scanDataExports: + storageClass: $(storageClassHa) + accessMode: ReadWriteMany + redis: + storageClass: $(storageClass) + accessMode: ReadWriteOnce + trivy: + storageClass: $(storageClass) + database: + type: external + external: + host: $(dbHost) + password: $(commonPassword) + core: + replicas: 2 + jobservice: + replicas: 2 + registry: + replicas: 2 + chartmuseum: + replicas: 2 + trivy: + replicas: 2 + portal: + replicas: 2 + harborAdminPassword: $(commonPassword) diff --git a/tks-admin-tools/image/image-values.yaml b/tks-admin-tools/image/image-values.yaml new file mode 100644 index 0000000..cd95f60 --- /dev/null +++ b/tks-admin-tools/image/image-values.yaml @@ -0,0 +1,78 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: image + +global: + registry: harbor.taco-cat.xyz + +charts: +- name: keycloak + override: + image: + registry: $(registry) + repository: bitnami/keycloak + tag: 21.1.2-debian-11-r0 +- name: tks-api + override: + tks-api: + image: + repository: $(registry)/tks/tks-api + tag: v3.0.1 + tksbatch: + image: + repository: $(registry)/tks/tks-batch + tag: v3.0.0 + tksconsole: + image: + repository: $(registry)/tks/tks-console + tag: v3.0.1 +- name: harbor + override: + portal: + image: + repository: $(registry)/goharbor/harbor-portal + tag: v2.7.0 + core: + image: + repository: $(registry)/goharbor/harbor-core + tag: v2.7.0 + jobservice: + image: + repository: $(registry)/goharbor/harbor-jobservice + tag: v2.7.0 + registry: + registry: + image: + repository: $(registry)/goharbor/registry-photon + tag: v2.7.0 + controller: + image: + repository: $(registry)/goharbor/harbor-registryctl + tag: v2.7.0 + chartmuseum: + image: + repository: $(registry)/goharbor/chartmuseum-photon + tag: v2.7.0 + trivy: + image: + repository: $(registry)/goharbor/trivy-adapter-photon + tag: v2.7.0 + notary: + server: + image: + repository: $(registry)/goharbor/notary-server-photon + tag: v2.7.0 + signer: + image: + repository: $(registry)/goharbor/notary-signer-photon + tag: v2.7.0 + redis: + internal: + image: + repository: $(registry)/goharbor/redis-photon + tag: v2.7.0 + exporter: + image: + repository: $(registry)/goharbor/harbor-exporter + tag: v2.7.0 From a2028003a7dbad59f3ea5dacd659818e3a03ff7c Mon Sep 17 00:00:00 2001 From: sungil Date: Wed, 4 Oct 2023 04:53:04 +0000 Subject: [PATCH 08/19] policy: add a decapod app for policies --- policy/base/kustomization.yaml | 5 +++++ policy/base/resources.yaml | 37 ++++++++++++++++++++++++++++++++++ policy/base/site-values.yaml | 20 ++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 policy/base/kustomization.yaml create mode 100644 policy/base/resources.yaml create mode 100644 policy/base/site-values.yaml diff --git a/policy/base/kustomization.yaml b/policy/base/kustomization.yaml new file mode 100644 index 0000000..fdb088d --- /dev/null +++ b/policy/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - resources.yaml + +transformers: + - site-values.yaml diff --git a/policy/base/resources.yaml b/policy/base/resources.yaml new file mode 100644 index 0000000..1221fc4 --- /dev/null +++ b/policy/base/resources.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: opa-gatekeeper + name: opa-gatekeeper +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: gatekeeper + version: 3.13.0 + origin: https://open-policy-agent.github.io/gatekeeper/charts + helmVersion: v3 + releaseName: opa-gatekeeper + targetNamespace: taco-system + values: + enableDeleteOperations: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: policy-resources + name: policy-resources +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: policy-resources + version: 1.0.0 + origin: https://openinfradev.github.io/helm-charts/policy-resources + helmVersion: v3 + releaseName: policy-resources + targetNamespace: taco-system + values: {} \ No newline at end of file diff --git a/policy/base/site-values.yaml b/policy/base/site-values.yaml new file mode 100644 index 0000000..5b87ed9 --- /dev/null +++ b/policy/base/site-values.yaml @@ -0,0 +1,20 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: site + +global: + # Specify nodes to install workload + nodeSelector: + taco-lma: enabled + # Specify cluster name. It is useful in multi-cluster env. + clusterName: cluster.local + # Storageclass to install persistant + storageClassName: taco-storage + +charts: +- name: opa-gatekeeper + override: + prometheusOperator.nodeSelector: $(nodeSelector) + +- name: policy-resources From 9d5420273ee12a8b5c1f04ad1183aaf342cbe71d Mon Sep 17 00:00:00 2001 From: sungil Date: Wed, 4 Oct 2023 04:53:04 +0000 Subject: [PATCH 09/19] policy: add a decapod app for policies --- policy/base/kustomization.yaml | 5 +++++ policy/base/resources.yaml | 37 ++++++++++++++++++++++++++++++++++ policy/base/site-values.yaml | 27 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 policy/base/kustomization.yaml create mode 100644 policy/base/resources.yaml create mode 100644 policy/base/site-values.yaml diff --git a/policy/base/kustomization.yaml b/policy/base/kustomization.yaml new file mode 100644 index 0000000..fdb088d --- /dev/null +++ b/policy/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - resources.yaml + +transformers: + - site-values.yaml diff --git a/policy/base/resources.yaml b/policy/base/resources.yaml new file mode 100644 index 0000000..b846bf7 --- /dev/null +++ b/policy/base/resources.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: opa-gatekeeper + name: opa-gatekeeper +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: gatekeeper + version: 3.13.0 + origin: https://open-policy-agent.github.io/gatekeeper/charts + helmVersion: v3 + releaseName: opa-gatekeeper + targetNamespace: gatekeeper-system + values: + enableDeleteOperations: true +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: policy-resources + name: policy-resources +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: policy-resources + version: 1.0.0 + origin: https://openinfradev.github.io/helm-charts/policy-resources + helmVersion: v3 + releaseName: policy-resources + targetNamespace: gatekeeper-system + values: {} \ No newline at end of file diff --git a/policy/base/site-values.yaml b/policy/base/site-values.yaml new file mode 100644 index 0000000..8b181ee --- /dev/null +++ b/policy/base/site-values.yaml @@ -0,0 +1,27 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: site + +global: + # Specify nodes to install workload + nodeSelector: + taco-lma: enabled + # Specify cluster name. It is useful in multi-cluster env. + clusterName: cluster.local + # Storageclass to install persistant + storageClassName: taco-storage + +charts: +- name: opa-gatekeeper + override: + postUpgrade.nodeSelector: $(nodeSelector) + postInstall.nodeSelector: $(nodeSelector) + preUninstall.nodeSelector: $(nodeSelector) + controllerManager.nodeSelector: $(nodeSelector) + audit.nodeSelector: $(nodeSelector) + crds.nodeSelector: $(nodeSelector) + + enableDeleteOperations: true + +- name: policy-resources From 5f29d8f55f206a07183a97890d6c9cdc680b1a46 Mon Sep 17 00:00:00 2001 From: Jugwan Eom Date: Mon, 16 Oct 2023 08:11:52 +0000 Subject: [PATCH 10/19] tks-cluster: byoh: upgrade byoh helm chart to v0.3.0 --- tks-cluster/infra/byoh/resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tks-cluster/infra/byoh/resources.yaml b/tks-cluster/infra/byoh/resources.yaml index 6d9d2e3..5d6ba0f 100644 --- a/tks-cluster/infra/byoh/resources.yaml +++ b/tks-cluster/infra/byoh/resources.yaml @@ -11,7 +11,7 @@ spec: type: helmrepo repository: https://harbor.taco-cat.xyz/chartrepo/tks name: cluster-api-byoh - version: 0.1.0 + version: 0.3.0 releaseName: cluster-api-byoh targetNamespace: argo values: From 1f44bb328cf33d67c1d96baafbfe688212e99dc6 Mon Sep 17 00:00:00 2001 From: ktkfree Date: Thu, 19 Oct 2023 10:11:47 +0900 Subject: [PATCH 11/19] Update site-values.yaml fix typo --- tks-admin-tools/base/site-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tks-admin-tools/base/site-values.yaml b/tks-admin-tools/base/site-values.yaml index 3129cd2..170affa 100644 --- a/tks-admin-tools/base/site-values.yaml +++ b/tks-admin-tools/base/site-values.yaml @@ -19,7 +19,7 @@ charts: externalDatabase.host: $(dbHost) externalDatabase.password: $(commonPassword) -- name: tks-api +- name: tks-apis override: gitBaseUrl: https://github.com gitAccount: decapod10 From 569183db5c43642ffc76a0b12cb58ace82456f83 Mon Sep 17 00:00:00 2001 From: "taekyu.kang" Date: Thu, 19 Oct 2023 11:08:46 +0900 Subject: [PATCH 12/19] bugfix. change release name to tks-apis --- tks-admin-tools/base/resources.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml index d3d1ee8..6cb1f17 100644 --- a/tks-admin-tools/base/resources.yaml +++ b/tks-admin-tools/base/resources.yaml @@ -54,16 +54,16 @@ apiVersion: helm.fluxcd.io/v1 kind: HelmRelease metadata: labels: - name: tks-api - name: tks-api + name: tks-apis + name: tks-apis spec: chart: type: helmrepo repository: https://harbor.taco-cat.xyz/chartrepo/tks - name: tks-api + name: tks-apis version: 0.1.2 origin: https://openinfradev.github.io/helm-repo - releaseName: tks-api + releaseName: tks-apis targetNamespace: tks values: gitBaseUrl: https://github.com From bcd8bd93710819cd7ade4dce6312cdb9940a1ec8 Mon Sep 17 00:00:00 2001 From: Robert Choi Date: Tue, 10 Oct 2023 18:07:11 +0900 Subject: [PATCH 13/19] use separate ingress-nginx for tks-admin-tools --- tks-admin-tools/base/resources.yaml | 58 +++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml index 6cb1f17..92bae7a 100644 --- a/tks-admin-tools/base/resources.yaml +++ b/tks-admin-tools/base/resources.yaml @@ -186,3 +186,61 @@ spec: portal: replicas: 1 # tunable harborAdminPassword: password # tunable +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: ingress-nginx + name: ingress-nginx +spec: + helmVersion: v3 + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: ingress-nginx + version: 4.0.17 + origin: https://kubernetes.github.io/ingress-nginx + releaseName: ingress-nginx + targetNamespace: ingress-nginx + values: + controller: + image: + registry: harbor.taco-cat.xyz + image: tks/controller + digest: "" + admissionWebhooks: + patch: + image: + registry: harbor.taco-cat.xyz + image: tks/kube-webhook-certgen + digest: "" + replicaCount: 1 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - ingress-nginx + topologyKey: "kubernetes.io/hostname" + service: + externalTrafficPolicy: Local + annotations: {} + type: TO_BE_FIXED + config: + enable-underscores-in-headers: "true" + use-proxy-protocol: "false" + enable-real-ip: "true" + proxy-body-size: "10m" + hostPort: + enabled: true + resources: + requests: + cpu: 100m + memory: 4Gi + wait: true From 64d38e7dee31a9f3e908d6eaa0d35eda140a781b Mon Sep 17 00:00:00 2001 From: Robert Choi Date: Tue, 10 Oct 2023 18:14:43 +0900 Subject: [PATCH 14/19] trivial: add tunable tag --- tks-admin-tools/base/resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml index 92bae7a..abb5ef6 100644 --- a/tks-admin-tools/base/resources.yaml +++ b/tks-admin-tools/base/resources.yaml @@ -168,7 +168,7 @@ spec: # "verify-full" - Always SSL (verify that the certification presented by the # server was signed by a trusted CA and the server host name matches the one # in the certificate) - sslmode: "require" + sslmode: "require" # tunable notary: enabled: false cache: From 7f0ccf4cfcd7dd1d4d83b5dc59361e55d2ed1aa7 Mon Sep 17 00:00:00 2001 From: "taekyu.kang" Date: Thu, 19 Oct 2023 16:22:41 +0900 Subject: [PATCH 15/19] test --- tmp.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tmp.txt diff --git a/tmp.txt b/tmp.txt new file mode 100644 index 0000000..e69de29 From b14100363cb0807bf1c859e99c67fc5ab2660b8c Mon Sep 17 00:00:00 2001 From: "taekyu.kang" Date: Thu, 19 Oct 2023 16:24:31 +0900 Subject: [PATCH 16/19] test --- tmp.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 tmp.txt diff --git a/tmp.txt b/tmp.txt deleted file mode 100644 index e69de29..0000000 From 22c7449d53fef224cc215385d3604680229cf780 Mon Sep 17 00:00:00 2001 From: Seungkyu Ahn Date: Fri, 20 Oct 2023 15:31:46 +0900 Subject: [PATCH 17/19] fix msa --- service-mesh/base/resources.yaml | 5 +++-- service-mesh/base/site-values.yaml | 9 +++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/service-mesh/base/resources.yaml b/service-mesh/base/resources.yaml index 55cb349..5bbe7d9 100644 --- a/service-mesh/base/resources.yaml +++ b/service-mesh/base/resources.yaml @@ -455,11 +455,12 @@ spec: - enabled storage: type: cassandra - cassandra: - options: + options: + cassandra: servers: cassandra-dc-service.tks-msa.svc keyspace: jaeger_v1_datacenter cassandraCreateSchema: + image: harbor.taco-cat.xyz/tks/jaeger-cassandra-schema:1.35.0 datacenter: "dc" mode: "prod" timeout: "3m" diff --git a/service-mesh/base/site-values.yaml b/service-mesh/base/site-values.yaml index 0b3074a..a8d9503 100644 --- a/service-mesh/base/site-values.yaml +++ b/service-mesh/base/site-values.yaml @@ -158,10 +158,15 @@ charts: - enabled storage: type: cassandra - cassandra: - options: + options: + cassandra: servers: cassandra-dc-service.tks-msa.svc keyspace: jaeger_v1_datacenter + cassandraCreateSchema: + image: harbor.taco-cat.xyz/tks/jaeger-cassandra-schema:1.35.0 + datacenter: "dc" + mode: "prod" + timeout: "3m" dependencies: enabled: true image: harbor.taco-cat.xyz/tks/spark-dependencies:1.35.0 From c5c34823102171107aa10a2a813cb421bf46d5c3 Mon Sep 17 00:00:00 2001 From: Seungkyu Ahn Date: Fri, 20 Oct 2023 17:28:49 +0900 Subject: [PATCH 18/19] change jaeger cassandra options --- service-mesh/base/resources.yaml | 4 ++-- service-mesh/base/site-values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/service-mesh/base/resources.yaml b/service-mesh/base/resources.yaml index 5bbe7d9..8df5713 100644 --- a/service-mesh/base/resources.yaml +++ b/service-mesh/base/resources.yaml @@ -455,8 +455,8 @@ spec: - enabled storage: type: cassandra - options: - cassandra: + cassandra: + options: servers: cassandra-dc-service.tks-msa.svc keyspace: jaeger_v1_datacenter cassandraCreateSchema: diff --git a/service-mesh/base/site-values.yaml b/service-mesh/base/site-values.yaml index a8d9503..ef7c8de 100644 --- a/service-mesh/base/site-values.yaml +++ b/service-mesh/base/site-values.yaml @@ -158,8 +158,8 @@ charts: - enabled storage: type: cassandra - options: - cassandra: + cassandra: + options: servers: cassandra-dc-service.tks-msa.svc keyspace: jaeger_v1_datacenter cassandraCreateSchema: From b12821f59f87a8bb41e3e5a5601403c072b7dadf Mon Sep 17 00:00:00 2001 From: sungil Date: Mon, 23 Oct 2023 07:22:13 +0000 Subject: [PATCH 19/19] minio: update bucket names --- lma/base/site-values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lma/base/site-values.yaml b/lma/base/site-values.yaml index 3cb2094..0b563d6 100644 --- a/lma/base/site-values.yaml +++ b/lma/base/site-values.yaml @@ -173,10 +173,10 @@ charts: versioning: true objectlocking: false customCommands: - - command: ilm rule add --expire-days 90 myminio/thanos - - command: ilm rule add --expire-days 15 myminio/loki - - command: ilm ls myminio/thanos - - command: ilm ls myminio/loki + - command: ilm rule add --expire-days 90 myminio/tks-thanos + - command: ilm rule add --expire-days 15 myminio/tks-loki + - command: ilm ls myminio/tks-thanos + - command: ilm ls myminio/tks-loki persistence.storageClass: $(storageClassName) persistence.accessMode: ReadWriteOnce persistence.size: 20Gi