-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/master' into partition-prometheu…
…s-role # Conflicts: # control-plane/roles/monitoring/README.md
- Loading branch information
Showing
128 changed files
with
5,450 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
--- | ||
gardener_kube_api_server_ca: | ||
gardener_kube_api_server_ca_key: | ||
gardener_kube_api_server_cert: | ||
gardener_kube_api_server_key: | ||
gardener_kube_api_server_client_cert: | ||
gardener_kube_api_server_client_key: | ||
|
||
gardener_kube_aggregator_client_cert: | ||
gardener_kube_aggregator_client_key: | ||
gardener_kube_controller_manager_client_cert: | ||
gardener_kube_controller_manager_client_key: | ||
gardener_admin_client_cert: | ||
gardener_admin_client_key: | ||
gardener_service_account_client_key: | ||
|
||
gardener_api_server_ca: | ||
gardener_api_server_cert: | ||
gardener_api_server_key: | ||
|
||
gardener_admission_controller_ca: | ||
gardener_admission_controller_cert: | ||
gardener_admission_controller_key: | ||
|
||
gardener_controller_manager_ca: | ||
gardener_controller_manager_cert: | ||
gardener_controller_manager_key: | ||
|
||
gardener_metal_admission_controller_ca: | ||
gardener_metal_admission_controller_cert: | ||
gardener_metal_admission_controller_key: | ||
|
||
gardener_etcd_ca_cert: | ||
gardener_etcd_cert: | ||
gardener_etcd_cert_key: | ||
gardener_etcd_client_cert: | ||
gardener_etcd_client_key: |
32 changes: 32 additions & 0 deletions
32
control-plane/roles/gardener/defaults/main/cloud_profile.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
gardener_cloud_profile_stage_name: "{{ metal_control_plane_stage_name }}" | ||
gardener_cloud_profile_metal_api_url: https://api.{{ metal_control_plane_ingress_dns }} | ||
gardener_cloud_profile_metal_api_hmac: | ||
gardener_cloud_profile_machine_images: "{{ metal_api_images | default([]) }}" | ||
gardener_cloud_profile_firewall_images: [] | ||
gardener_cloud_profile_firewall_images_from_machine_images: true | ||
gardener_cloud_profile_firewall_controller_versions: [] | ||
gardener_cloud_profile_kubernetes: | ||
gardener_cloud_profile_machine_types: [] | ||
gardener_cloud_profile_regions: | ||
gardener_cloud_profile_partitions: {} | ||
# <partition>: | ||
# default-machine-types: | ||
# firewall: | ||
# - c1-xlarge-x86 | ||
|
||
gardener_os_cri_mapping: | ||
ubuntu: | ||
when: | ||
cris: | ||
- name: containerd | ||
containerRuntimes: [] | ||
- name: docker | ||
containerRuntimes: [] | ||
debian: | ||
when: | ||
cris: | ||
- name: containerd | ||
containerRuntimes: [] | ||
- name: docker | ||
containerRuntimes: [] |
1 change: 1 addition & 0 deletions
1
control-plane/roles/gardener/defaults/main/control-plane-defaults
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../../control-plane-defaults/ |
60 changes: 60 additions & 0 deletions
60
control-plane/roles/gardener/defaults/main/extensions.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
gardener_os_controller_repo_ref: "{{ gardener_os_controller_image_tag }}" | ||
# TODO: the ref to the official controller can be used as soon as we are compatible with g/g 1.59 | ||
gardener_networking_cilium_repo_ref: "metal-stack/gardener-extension-networking-cilium/{{ gardener_networking_cilium_image_tag }}" | ||
|
||
gardener_metal_admission_replicas: 1 | ||
gardener_metal_admission_vpa: true | ||
|
||
gardener_extension_provider_metal_repo_ref: "{{ gardener_extension_provider_metal_image_tag }}" | ||
|
||
gardener_extension_provider_metal_cluster_audit_enabled: false | ||
gardener_extension_provider_metal_audit_to_splunk_enabled: false | ||
gardener_extension_provider_metal_audit_to_splunk: | ||
# ... | ||
# hecToken: "" | ||
# index: "" | ||
# hecHost: "" | ||
# hecPort: 443 | ||
# tlsEnabled: true | ||
# hecCAFile: "" | ||
|
||
gardener_extension_provider_metal_etcd_backup_schedule: "0,5,10,15,20,25,30,35,40,45,50,55 * * * *" | ||
gardener_extension_provider_metal_etcd_delta_snapshot_period: "0s" | ||
|
||
gardener_extension_provider_metal_internal_networks: | ||
- 10.0.0.0/8 | ||
- 100.64.0.0/10 | ||
|
||
gardener_extension_provider_metal_egress_destinations: [] | ||
|
||
gardener_extension_provider_metal_duros_storage_enabled: false | ||
gardener_extension_provider_metal_duros_storage_config: | ||
# <partition>: | ||
# apiEndpoint: | ||
# apiCA: | ||
# apiKey: | ||
# apiCert: | ||
# endpoints: [] | ||
# adminKey: | ||
# adminToken: | ||
# storageClasses: | ||
# - replicaCount: 2 | ||
# name: duros-silver | ||
# compression: true | ||
# - replicaCount: 3 | ||
# name: duros-gold | ||
# compression: false | ||
# encryption: true | ||
# ... | ||
|
||
gardener_extension_provider_metal_image_pull_policy: "{{ metal_control_plane_image_pull_policy | default('IfNotPresent') }}" | ||
gardener_extension_provider_metal_image_pull_secret: | ||
# auths: | ||
# <registry>: | ||
# username: "" | ||
# password: "" | ||
# auth: "" | ||
# ... | ||
|
||
gardener_cert_management_issuer_private_key: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
--- | ||
gardener_image_vector_overwrite: | ||
gardener_component_image_vector_overwrite: | ||
|
||
gardener_apiserver_replicas: 1 | ||
gardener_apiserver_vpa: true | ||
|
||
gardener_apiserver_resources: | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
limits: | ||
cpu: 400m | ||
memory: 1Gi | ||
|
||
gardener_controller_manager_resources: | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
limits: | ||
cpu: 750m | ||
memory: 512Mi | ||
|
||
gardener_scheduler_resources: | ||
requests: | ||
cpu: 50m | ||
memory: 50Mi | ||
limits: | ||
cpu: 300m | ||
memory: 256Mi | ||
|
||
gardener_dns_domain: | ||
gardener_dns_provider: | ||
|
||
gardener_backup_infrastructure: | ||
gardener_backup_infrastructure_secret: | ||
|
||
gardener_soil_name: "{{ metal_control_plane_stage_name }}" | ||
gardener_soil_kubeconfig_file_path: "{{ lookup('env', 'KUBECONFIG') }}" | ||
gardener_soil_vertical_pod_autoscaler_enabled: false | ||
gardener_soil_project_owner_name: admin | ||
|
||
gardener_gardenlet_shoot_concurrent_syncs: 5 | ||
gardener_gardenlet_shoot_reconcile_in_maintenance_only: false | ||
gardener_gardenlet_shoot_respect_sync_period_overwrite: true | ||
|
||
gardener_shooted_seeds: [] | ||
# - name: shoot-1 | ||
# project_id: 00000000-0000-0000-0000-000000000001 | ||
# feature_gates: | ||
# clusterAudit: false | ||
# auditToSplunk: false | ||
# region: region | ||
# partition: partition | ||
# networks: | ||
# - internet | ||
# - e77400fe-e993-47b1-a0dd-64c9b7457b76 | ||
# k8s_version: 1.23.4 | ||
# worker_groups: | ||
# - worker_count: 1 | ||
# worker_size: size | ||
# worker_cri: containerd | ||
# worker_max_surge: 3 | ||
# worker_max_unavailable: 0 | ||
# worker_image: | ||
# name: debian | ||
# version: "10.0" | ||
# firewall_size: size | ||
# firewall_image: firewall-ubuntu | ||
# firewall_controller_version: auto | ||
# api_server: | ||
# autoscaler: | ||
# min_replicas: 1 | ||
# max_replicas: 5 | ||
# verticalPodAutoscaler: false | ||
# pod_cidr: | ||
# service_cidr: | ||
|
||
gardener_shooted_seed_max_pods: 250 | ||
gardener_shooted_seed_node_cidr_mask_size: 23 | ||
# can be useful for rollouts where the shooted seed or managed seed resource changes: | ||
gardener_shooted_seed_rollout_delay_minutes: | ||
|
||
gardener_kube_api_server_kubeconfig: "{{ 'garden-kube-apiserver' | kubeconfig_from_cert(gardener_kube_api_server_ca, gardener_kube_api_server_client_cert, gardener_kube_api_server_client_key, prepend_https=true) }}" | ||
gardener_kube_apiserver_kubeconfig_path: "{{ gardener_local_tmp_dir }}/garden-kube-apiserver-kubeconfig" | ||
gardener_local_tmp_dir: "{{ playbook_dir }}/.ansible/tmp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../../../defaults |
16 changes: 16 additions & 0 deletions
16
control-plane/roles/gardener/defaults/main/virtual_garden.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
gardener_virtual_api_server_svc_cluster_ip_add: 20 | ||
gardener_virtual_api_server_public_dns: gardener-kube-apiserver.{{ metal_control_plane_ingress_dns }} | ||
gardener_virtual_api_server_healthcheck_static_token: | ||
|
||
gardener_etcd_backup_schedule: "0,5,10,15,20,25,30,35,40,45,50,55 * * * *" | ||
gardener_etcd_snapshot_period: "0" | ||
gardener_etcd_garbage_collection_period: "12h" | ||
|
||
gardener_etcd_resources: | ||
requests: | ||
cpu: 200m | ||
memory: 256Mi | ||
limits: | ||
cpu: 800m | ||
memory: 8Gi |
18 changes: 18 additions & 0 deletions
18
control-plane/roles/gardener/files/kube-apiserver/Chart.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# Copyright 2019 Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
apiVersion: v1 | ||
description: Helm chart for garden | ||
name: garden | ||
version: 0.1.0 |
76 changes: 76 additions & 0 deletions
76
control-plane/roles/gardener/files/kube-apiserver/templates/_helpers.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
# Copyright 2019 Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
{{- define "garden.kubeconfig-controller-manager" -}} | ||
apiVersion: v1 | ||
kind: Config | ||
current-context: garden | ||
contexts: | ||
- context: | ||
cluster: garden | ||
user: kube-controller-manager | ||
name: garden | ||
clusters: | ||
- cluster: | ||
certificate-authority-data: {{ .Values.tls.kubeAPIServer.ca.crt | b64enc }} | ||
server: https://localhost:443 | ||
name: garden | ||
users: | ||
- name: kube-controller-manager | ||
user: | ||
client-certificate-data: {{ .Values.tls.kubeControllerManager.crt | b64enc }} | ||
client-key-data: {{ .Values.tls.kubeControllerManager.key | b64enc }} | ||
{{- end -}} | ||
|
||
{{- define "garden.kubeconfig-gardener" -}} | ||
apiVersion: v1 | ||
kind: Config | ||
current-context: garden | ||
contexts: | ||
- context: | ||
cluster: garden | ||
user: gardener | ||
name: garden | ||
clusters: | ||
- cluster: | ||
certificate-authority-data: {{ .Values.tls.kubeAPIServer.ca.crt | b64enc }} | ||
server: https://{{ .Values.apiServer.serviceName }}:443 | ||
name: garden | ||
users: | ||
- name: gardener | ||
user: | ||
client-certificate-data: {{ .Values.tls.gardener.crt | b64enc }} | ||
client-key-data: {{ .Values.tls.gardener.key | b64enc }} | ||
{{- end -}} | ||
|
||
{{- define "garden.kubeconfig-admin" -}} | ||
apiVersion: v1 | ||
kind: Config | ||
current-context: garden | ||
contexts: | ||
- context: | ||
cluster: garden | ||
user: admin | ||
name: garden | ||
clusters: | ||
- cluster: | ||
certificate-authority-data: {{ .Values.tls.kubeAPIServer.ca.crt | b64enc }} | ||
server: https://{{ .Values.apiServer.hostname }}:443 | ||
name: garden | ||
users: | ||
- name: admin | ||
user: | ||
client-certificate-data: {{ .Values.tls.admin.crt | b64enc }} | ||
client-key-data: {{ .Values.tls.admin.key | b64enc }} | ||
{{- end -}} |
Oops, something went wrong.