Skip to content

Commit

Permalink
feat: add onpremises kind schema and plugins support - release 1.26.2 (
Browse files Browse the repository at this point in the history 
…#120)

* feat: add onpremises kind schema

* lint: fix lll linter

* feat: complete onpremises schema

* feat: add onpremises templates

* feat: rename key to keyPath, remove pki from playbook

* feat: rename key to keyPath

* feat: add proxy config

* feat: bump versions

* feat: add haproxy.cfg template

* feat: update delete playbook

* chores: add header on delete-playbook

* feat: change taints from string to object

* chores: remove furyagent.yml

* feat: add stats user and password settings

* feat: remove none value from networking.type

* feat: remove default networking.type

* feat: filtering installation of stateful components if no storageClass is available. (.checks.storageClassAvailable comes from furyctl during the execution)

* feat: add advertise address and bump installer version

* feat: add plugins using helmfile (#124)

* feat: Add plugins using helmfile

* feat: add plugins to eks and format with 2 spaces

* feat: add kustomize namespace

* feat: move plugins template to dedicated folder

* feat: add plugin support to all kinds

* fix: onpremises schema

* fix: if proxy is not present, do not trigger template error

* feat: put the correct on prem version to kfd.yaml

* fix: refactor ifs on helmfile.yaml template file

* feat: add new field "additionalConfig" on loadBalancers to add more configs on haproxy.cfg

* feat: add advanced schema fields

* feat: add new fields for advanced configurations

* fix: onpremises schema auth checks

* feat: WIP new fields for onpremises

* feat: add defaults for onpremises (oidcKubernetesAuth and gangway override)

* feat: adapt auth kustomize project for the oidcKubernetesAuth feature

* feat: add oidcKubernetesAuth also on sso type

* feat: fix template for plugins

* feat: add defaults for the new auth structure

* feat: add plugins defaults

* docs: WIP version 1.26.2

* feat: add releases v1.26.2, finalize versions on kfd.yaml

* fix: linting

* feat: test kustomize plugin apply with ... kustomize

* feat: remove kustomization.yaml wrapper, replace with an "intelligent" apply script

* feat: remove namespace from kustomize plugins

* feat: remove node labels

* fix: wrong role for worker nodes

* feat: update apply script to apply multiple kustomize projects

* feat: use file:// to load files

* fix: remove ids from schemas

* feat: reformat all yaml files

* Revert "feat: reformat all yaml files"

This reverts commit 0c67bea.

* feat: ignore templates/* files

* fix: taint regex in public schema (#133)

* fix(schema): allow '-' into taint regexp

* chore: release 1.25.8

* chore: bump eks-installer to v2.0.2

* Release 1.26 (#128)

* Add 1.26 to consolidate branch (#125)

* feat: update core modules with various rcs

* feat: update auth to v0.0.4-rc.0

* fix: missing `v` on monitoring version

* feat: update deprecation check

* feat: update e2e to 1.26

* feat: add docs and files for v1.26.0-rc.0 pre-release

* feat: update aws module, bump to v1.26.0-rc.1

* chores: remove rc releases from releases folders

* feat: update to 1.26.0.rc.2

* feat: update monitring to rc.6

* feat: update monitoring to rc.7

* docs: update compatibility matrix, add infos on v0.26.0 on upgrade path

* feat: relax aws cli requirement

* feat: bump distro version to 1.26.0-rc.5

* Add EKS addons to consolidate 1.26 (#126)

* feat: update core modules with various rcs

* feat: update auth to v0.0.4-rc.0

* fix: missing `v` on monitoring version

* feat: update deprecation check

* feat: update e2e to 1.26

* feat: add docs and files for v1.26.0-rc.0 pre-release

* feat: update aws module, bump to v1.26.0-rc.1

* chores: remove rc releases from releases folders

* feat: update to 1.26.0.rc.2

* feat: add EKS addons

* feat: update EKS addons

* feat: update dr

* feat: update ingress

* Change ingress upgrade script

---------

Co-authored-by: Simone Bruzzese <sbruzzese@sighup.io>

* feat: add snapshot-controller back to the templates

* feat: bump versions on Furyfile and kfd yaml files

* feat: bump to rc200

* feat: bump to rc.201

* feat: bump to rc.202

* feat: bump to rc.203

* fix: wrong version tag

* docs: add upgrade guide for EKSCluster when using furyctl

* docs: align docs for 1.26

* merge (#121) (#127)

* feat: finalize module versions for 1.26

* docs: add upgrade guide for manual installation

* docs: add "provider" on upgrade guide

---------

Co-authored-by: Simone Bruzzese <sbruzzese@sighup.io>

* chore: release 1.26.2

---------

Co-authored-by: Samuele Chiocca <samuele@nutellino.it>
Co-authored-by: Simone Bruzzese <sbruzzese@sighup.io>

* feat: regenerate schemas

* docs: update docs for 1.26.2

* feat: schema docs (#122)

* feat: first stub of eks schemas docs

* chore: finished eks docs

* feat: added kfd distro doc

* fix: linting

* fix: linting trailing spaces

* docs: change first sentence on the docs/schemas

* docs: update titles

* docs: add link for the example files

* feat: added docs for on-premises kind

---------

Co-authored-by: Samuele Chiocca <samuele@sighup.io>

* docs: remove removed fields from the onpremises schema

---------

Co-authored-by: Samuele Chiocca <samuele@sighup.io>
Co-authored-by: Giuseppe Iannelli <94362884+g-iannelli@users.noreply.github.com>
Co-authored-by: Samuele Chiocca <samuele@nutellino.it>
Co-authored-by: Simone Bruzzese <sbruzzese@sighup.io>
Co-authored-by: Alessio Pragliola <83355398+Al-Pragliola@users.noreply.github.com>
  • Loading branch information
@alessiodionisi @nutellinoit
@g-iannelli @Al-Pragliola
6 people authored Oct 6, 2023
1 parent 4d199ba commit 932f263
Show file tree
Hide file tree
Showing 60 changed files with 23,418 additions and 6,279 deletions.
3 changes: 1 addition & 2 deletions .drone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ steps:
# Disable go linting, we use the one included in the go image
VALIDATE_GO: "false"
# Exclude template files from linting. The linter does not understand Go template.
FILTER_REGEX_EXCLUDE: (templates/distribution/)
FILTER_REGEX_EXCLUDE: (templates/)
depends_on:
- license-check
- schema-check
Expand Down Expand Up @@ -224,7 +224,6 @@ trigger:
- refs/tags/**-docs*

steps:

- name: prepare-release-manifests
image: quay.io/sighup/e2e-testing:1.1.0_0.7.0_3.1.1_1.9.4_1.24.1_3.8.7_4.21.1
pull: always
Expand Down
1 change: 1 addition & 0 deletions .rules/.markdown-lint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ MD007:
indent: 2 # Unordered list indentation
MD013:
line_length: 808 # Line length
MD024: false # Multiple headers with the same content
MD026:
punctuation: ".,;:!。,;:" # List of not allowed
MD029: false # Ordered list item prefix
Expand Down
5 changes: 5 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ generate-go-models: dump-private-schema
--resolve-extension json \
--output pkg/apis/kfddistribution/v1alpha2/public/schema.go \
schemas/public/kfddistribution-kfd-v1alpha2.json
@go-jsonschema \
--package public \
--resolve-extension json \
--output pkg/apis/onpremises/v1alpha2/public/schema.go \
schemas/public/onpremises-kfd-v1alpha2.json

dump-private-schema:
@cat schemas/public/ekscluster-kfd-v1alpha2.json | \
Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
<p align="center">Kubernetes Fury Distribution (KFD) is a certified battle-tested Kubernetes distribution based purely on upstream Kubernetes.</p>
<!-- markdownlint-enable MD033 -->

[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.26.0)](http://ci.sighup.io/sighupio/fury-distribution)
[![Release](https://img.shields.io/badge/release-v1.26.0-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.26.2)](http://ci.sighup.io/sighupio/fury-distribution)
[![Release](https://img.shields.io/badge/release-v1.26.2-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
[![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack)](https://kubernetes.slack.com/archives/C0154HYTAQH)
[![License](https://img.shields.io/github/license/sighupio/fury-distribution)](https://github.com/sighupio/fury-distribution/blob/main/LICENSE)

Expand Down Expand Up @@ -95,7 +95,7 @@ Current supported versions of KFD are:

| KFD Version | Kubernetes Version |
| :----------------------------------------------------------------------------: | :----------------: |
| [`1.26.0`](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.0) | `1.26.x` |
| [`1.26.2`](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.2) | `1.26.x` |
| [`1.25.7`](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.7) | `1.25.7` |
| [`1.24.1`](https://github.com/sighupio/fury-distribution/releases/tag/v1.24.1) | `1.24.1` |

Expand Down
6 changes: 6 additions & 0 deletions defaults/ekscluster-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,9 @@ data:
dex:
host: ""
ingressClass: ""
gangway: # only needed as default
host: ""
ingressClass: ""
tolerations: null
provider:
# can be none, basicAuth or sso. SSO uses pomerium+dex
Expand All @@ -194,6 +197,9 @@ data:
dex:
# see dex documentation for more information
connectors: []
oidcKubernetesAuth: # only needed as default
enabled: false
baseDomain: ""

templates:
includes:
Expand Down
6 changes: 6 additions & 0 deletions defaults/kfddistribution-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,9 @@ data:
dex:
host: ""
ingressClass: ""
gangway: # only needed as default
host: ""
ingressClass: ""
tolerations: null
provider:
# can be none, basicAuth or sso. SSO uses pomerium+dex
Expand All @@ -181,6 +184,9 @@ data:
dex:
# see dex documentation for more information
connectors: []
oidcKubernetesAuth: # only needed as default
enabled: false
baseDomain: ""

templates:
includes:
Expand Down
196 changes: 196 additions & 0 deletions defaults/onpremises-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

data:
customPatches:
configMapGenerator: []
secretGenerator: []
patches: []
patchesStrategicMerge: []
# the common section will be used by all the templates in all modules, everything defined here is something used by all the KFD modules.
common:
# where all the KFD modules are downloaded
relativeVendorPath: "../../vendor"
provider:
type: none

# the module section will be used to fine tune each module behaviour and configuration
modules:
# ingress module configuration
ingress:
overrides:
nodeSelector: null
tolerations: null
# override ingresses parameters
ingresses:
forecastle:
# disable authentication if set globally on auth module
disableAuth: false
# if empty, will use the default packageName + baseDomain from common configurations
host: ""
ingressClass: ""

baseDomain: example.dev
dns:
public:
name: ""
# if create is false, a data source will be used to get the public DNS, otherwise a public zone will be created
create: false
# private is used only when ingress.nginx.type is "dual"
private:
# required to be set by the user, ex: internal.fury-demo.sighup.io
name: ""
create: true
# internal field, should be either the VPC ID taken from the kubernetes
# phase or the ID of the created VPC in the Ifra phase
vpcId: ""
# common configuration for nginx ingress controller
nginx:
# can be single or dual
type: single
tls:
# can be certManager, secret or none
provider: certManager # it uses the configuration below as default when certManager is chosen
secret: #if we want to use custom certificates, the template should create a secret and set it as default certificate in NGINX, so patch nginx deployment accordingly
cert: |
value
key: |
value
ca: |
value
# the standard configuration for cert-manager on the ingress module
certManager:
# to create the clusterIssuer, this is an additional clusterIssuer than the two provided by cert-manager, for simplicity
clusterIssuer:
name: letsencrypt-fury
email: engineering+fury-distribution@sighup.io
type: null
# logging module configuration
logging:
overrides:
nodeSelector: null
tolerations: null
ingresses:
opensearchDashboards:
disableAuth: false
host: ""
ingressClass: ""
cerebro:
disableAuth: false
host: ""
ingressClass: ""
minio:
disableAuth: false
host: ""
ingressClass: ""
# can be opensearch or loki
type: opensearch
opensearch:
# can be single or triple
type: single
# if set, it will override the volumeClaimTemplates in the opensearch statefulSet
storageSize: 150Gi
minio:
# define the size for each minio disk, total disks to be created: 6
storageSize: 20Gi
# override ingresses parameters
# monitoring module configuration
monitoring:
overrides:
nodeSelector: null
tolerations: null
# override ingresses parameters
ingresses:
prometheus:
disableAuth: false
host: ""
ingressClass: ""
alertmanager:
disableAuth: false
host: ""
ingressClass: ""
grafana:
disableAuth: false
host: ""
ingressClass: ""
prometheus:
retentionTime: 30d
retentionSize: 120GB
storageSize: 150Gi
alertmanager:
deadManSwitchWebhookUrl: ""
slackWebhookUrl: ""
# networking module configuration
networking:
overrides:
nodeSelector: null
tolerations: null
# policy module configuration
policy:
overrides:
nodeSelector: null
tolerations: null
# override ingresses parameters
ingresses:
gpm:
disableAuth: false
host: ""
ingressClass: ""
# the standard configuration for gatekeeper on the policy module
gatekeeper:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
# dr module configuration
dr:
overrides:
nodeSelector: null
tolerations: null
# the standard configuration for velero on the dr module
velero: {}
# auth module configuration
auth:
overrides:
nodeSelector: null
# override ingresses parameters
ingresses:
pomerium:
# disableAuth: false <- This doesn't make sense here.
host: ""
ingressClass: ""
dex:
host: ""
ingressClass: ""
gangway:
host: ""
ingressClass: ""
tolerations: null
provider:
# can be none, basicAuth or sso. SSO uses pomerium+dex
type: none
basicAuth:
username: admin
password: admin
pomerium:
policy: ""
secrets:
# override environment variables here
##COOKIE_SECRET is obtained with `head -c32 /dev/urandom | base64` see https://www.pomerium.io/reference/#cookie-secret
COOKIE_SECRET: ""
##IDP_CLIENT_SECRET is the secret configured in the pomerium Dex static client
IDP_CLIENT_SECRET: ""
##SHARED_SECRET is obtained with `head -c32 /dev/urandom | base64` see https://www.pomerium.io/reference/#shared-secret
SHARED_SECRET: ""
dex:
# see dex documentation for more information
connectors: []
oidcKubernetesAuth:
enabled: false
baseDomain: ""

templates:
includes:
- ".*\\.yaml"
- ".*\\.yml"
suffix: ".tpl"
processFilename: true
43 changes: 30 additions & 13 deletions docs/COMPATIBILITY_MATRIX.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@ For a complete list of all KFD releases and their compatibility with Kubernetes
ℹ️ **Use the latest patch release for your desired version whenever it's possible**. See [the versioning file](VERSIONING.md) for more information.

| KFD / Kubernetes Version | v1.26.X | 1.25.X | 1.24.X | 1.23.X |
| ----------------------------------------------------------------------------- | ------------------ | ------------------ | ------------------ | ------------------ |
| [v1.26.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.0) | :white_check_mark: | | | |
|-------------------------------------------------------------------------------| ------------------ | ------------------ | ------------------ | ------------------ |
| [v1.26.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.2) | :white_check_mark: | | | |
| [v1.26.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.1) | :white_check_mark: | | | |
| [v1.26.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.0) | :white_check_mark: | | | |
| [v1.25.8](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.8) | | :white_check_mark: | | |
| [v1.25.7](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.7) | | :white_check_mark: | | |
| [v1.25.6](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.6) | | :white_check_mark: | | |
| [v1.25.5](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.5) | | :white_check_mark: | | |
Expand All @@ -34,24 +36,39 @@ For a complete list of all KFD releases and their compatibility with Kubernetes
| :warning: | Has known issues |
| :x: | Incompatible |

### Warnings

- :x: version `v1.23.0` has a known bug that breaks upgrades. Do not use.

### Furyctl and KFD compatibility

| Furyctl / KFD | 1.26.1 | 1.26.0 | 1.25.7 | 1.25.6 | 1.25.5 | 1.25.4 | 1.25.3 | 1.25.2 |
| -------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
| 0.26.0 | :white_check_mark: | :white_check_mark: | | | | | | |
| 0.25.2 | :warning: | :warning: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.1 | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0 | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0-beta.0 | | | | | | | :white_check_mark: | |
| 0.25.0-alpha.1 | | | | | | | | :white_check_mark: |
| Furyctl / KFD | 1.26.2 | 1.26.1 | 1.26.0 | 1.25.8 | 1.25.7 | 1.25.6 | 1.25.5 | 1.25.4 | 1.25.3 | 1.25.2 |
| -------------- |--------------------| ------------------ | ------------------ |--------------------| ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
| 0.26.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | |
| 0.26.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | |
| 0.26.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | |
| 0.25.2 | :warning: | :warning: | :warning: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.1 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0-beta.0 | | | | | | | | | :white_check_mark: | |
| 0.25.0-alpha.1 | | | | | | | | | | :white_check_mark: |

See [Furyctl](https://github.com/sighupio/furyctl) repository for more informations on it's usage.

> We suggest to always use the latest furyctl and KFD versions available
### Warnings

- :x: version `v1.23.0` has a known bug that breaks upgrades. Do not use.
### Furyctl and Providers compatibility

| Furyctl / Providers | EKSCluster | KFDDistribution | OnPremises |
| ------------------- | ------------------ | ------------------ | ------------------ |
| 0.26.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 0.26.1 | :white_check_mark: | :white_check_mark: | |
| 0.26.0 | :white_check_mark: | :white_check_mark: | |
| 0.25.2 | :white_check_mark: | :white_check_mark: | |
| 0.25.1 | :white_check_mark: | :white_check_mark: | |
| 0.25.0 | :white_check_mark: | :white_check_mark: | |
| 0.25.0-beta.0 | :white_check_mark: | | |
| 0.25.0-alpha.1 | :white_check_mark: | | |

## Unmaintained releases 🗄️

Expand Down
16 changes: 16 additions & 0 deletions docs/releases/v1.25.8.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Kubernetes Fury Distribution Release v1.25.8

Welcome to KFD release `v1.25.8`.

The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.io/) it is battle tested in production environments.

With this release, a single hotfix has been added

## New Features since `v1.25.7`

- Fix: wrong taint regex in public eks-cluster schema
- Bump: fury-eks-installer version to v2.0.2

## Upgrade procedure

Check the [v1.25.7-to-v1.25.8 upgrade guide](../upgrades/v1.25.7-to-v1.25.8.md) for the detailed procedure.
6 changes: 3 additions & 3 deletions docs/releases/v1.26.1.md
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Kubernetes Fury Distribution Release v1.26.0
# Kubernetes Fury Distribution Release v1.26.1

Welcome to KFD release `v1.26.0`.
Welcome to KFD release `v1.26.1`.

The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.io/) it is battle tested in production environments.

With this release, a single hotfix has been added

## New Features since `v1.26.1`
## New Features since `v1.26.0`

- Fix: gotemplate error on manual secrets for ingresses

Expand Down
Loading

0 comments on commit 932f263

Please sign in to comment.