🔀 :: helm

delete :: charts.lock 🔀 :: ext-auth image 수정 Update README.md
team-xquare · Aug 26, 2023 · 7ce4d6c · 7ce4d6c
1 parent 4baa3dc
commit 7ce4d6c
Show file tree

Hide file tree

Showing 41 changed files with 310 additions and 413 deletions.
diff --git a/certificate/be-prod-cert.yaml b/certificate/be-prod-cert.yaml
diff --git a/certificate/be-stag-cert.yaml b/certificate/be-stag-cert.yaml
diff --git a/certificate/fe-prod-cert.yaml b/certificate/fe-prod-cert.yaml
diff --git a/certificate/new/cloudflare-secret.yaml b/certificate/new/cloudflare-secret.yaml
diff --git a/certificate/new/clusterissuer.yaml b/certificate/new/clusterissuer.yaml
diff --git a/certificate/selfsigned-issuer.yaml b/certificate/selfsigned-issuer.yaml
diff --git a/ext-auth.yaml b/ext-auth.yaml
@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ext-authz
-          image: 471407337433.dkr.ecr.ap-northeast-2.amazonaws.com/envoy-middleware-be-prod:prod-adbec77224a17a1125155f9e6cf19a656a599aec
+          image: 471407337433.dkr.ecr.ap-northeast-2.amazonaws.com/envoy-middleware-be-prod:prod-be720ab17a23f02b5c91e229b5bff852f77d15ae
           ports:
             - containerPort: 9000
               protocol: TCP

diff --git a/helm/aws-node-termination-handler/README.md b/helm/aws-node-termination-handler/README.md
@@ -4,7 +4,7 @@ AWS Node Termination Handler Helm chart for Kubernetes. For more information on
 
 ## Prerequisites
 
-- _Kubernetes_ >= v1.16
+- _Kubernetes_ >= v1.16 
 
 ## Installing the Chart
 

diff --git a/helm/istio/Chart.yaml b/helm/istio/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+type: application
+name: istio
+version: 1.0.0
+appVersion: "1.18.1"
+description: Istio setting for xquare
diff --git a/istio/addon/jaeger.yaml → helm/istio/templates/addon/jaeger.yaml b/istio/addon/jaeger.yaml → helm/istio/templates/addon/jaeger.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.addons.jeager.enable }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -115,3 +116,4 @@ spec:
       name: http-zipkin
   selector:
     app: jaeger
+{{- end }}
diff --git a/istio/addon/kiali.yaml → helm/istio/templates/addon/kiali.yaml b/istio/addon/kiali.yaml → helm/istio/templates/addon/kiali.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.addons.kiali.enable }}
 ---
 # Source: kiali-server/templates/serviceaccount.yaml
 apiVersion: v1
@@ -548,3 +549,4 @@ spec:
           configMap:
             name: kiali-cabundle
             optional: true
+{{- end }}
diff --git a/istio/middleware/authorization-policy.yaml → ...istio/templates/authorization-policy.yaml b/istio/middleware/authorization-policy.yaml → ...istio/templates/authorization-policy.yaml
diff --git a/istio/gateway.yaml → helm/istio/templates/gateway.yaml b/istio/gateway.yaml → helm/istio/templates/gateway.yaml
diff --git a/istio/mtls.yaml → helm/istio/templates/mtls.yaml b/istio/mtls.yaml → helm/istio/templates/mtls.yaml
diff --git a/helm/istio/templates/operator.yaml b/helm/istio/templates/operator.yaml
@@ -0,0 +1,46 @@
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+metadata:
+  name: istiocontrolplane
+  namespace: istio-system
+spec:
+  profile: {{ .Values.profile }}
+  meshConfig:
+    accessLogFile: /dev/stdout
+    extensionProviders:
+    {{- range .Values.operator.extensionProviders }}
+      - name: {{ .name }}
+        envoyExtAuthzGrpc:
+          service: {{ .envoyExtAuthzGrpc.service }}
+          port: {{ .envoyExtAuthzGrpc.port }}
+    {{- end }}
+  components:
+    ingressGateways:
+      - name: istio-ingressgateway
+        namespace: istio-system
+        enabled: true
+        label:
+          service.istio.io/canonical-name: istio-ingressgateway
+        k8s:
+          service:
+            externalTrafficPolicy: {{ .Values.operator.k8s.service.externalTrafficPolicy }}
+          hpaSpec:
+            minReplicas: {{ .Values.operator.hpaSpec.minReplicas }}
+            maxReplicas: {{ .Values.operator.hpaSpec.maxReplicas }}
+          service:
+            type: LoadBalancer
+            ports:
+            {{- range .Values.k8s.servicePorts }}
+            - name: {{ .name }}
+              port: {{ .port }}
+              targetPort: {{ .targetPort }}
+          {{- with .Values.k8s.serviceAnnotations }}
+          serviceAnnotations:
+          {{ toYaml . | indent 12 }}
+          {{- end }}
+  values:
+    sidecarInjectorWebhook:
+      rewriteAppHTTPProbe: true
+    gateways:
+      istio-ingressgateway:
+        type: ClusterIP
diff --git a/helm/istio/templates/virtualservice.yaml b/helm/istio/templates/virtualservice.yaml
@@ -0,0 +1,20 @@
+{{- range .Values.virtual-services }}
+---
+
+kind: VirtualService
+apiVersion: networking.istio.io/v1alpha3
+metadata:
+  name: {{ .name }}
+  namespace: istio-system
+spec:
+  gateways:
+    - xquare-gateway
+  hosts:
+    - {{ .host }}
+  http:
+  - route:
+    - destination:
+        host: {{ .destination.host }}
+        port:
+          number: {{ .destination.port }}
+{{- end }}
diff --git a/helm/istio/values.yaml b/helm/istio/values.yaml
@@ -0,0 +1,70 @@
+operator:
+  profile: default
+  extensionProviders:
+    - name: "xquare-middleware-grpc"
+      envoyExtAuthzGrpc:
+        service: "envoy-middleware-be-prod.xquare-prod.svc.cluster.local"
+        port: "9000"
+    - name: "sample-ext-authz-grpc"
+      envoyExtAuthzGrpc:
+        service: "ext-authz.xquare-prod.svc.cluster.local"
+        port: "9000"
+  k8s:
+    service:
+      externalTrafficPolicy: Local
+    hpaSpec:
+      minReplicas: 2
+      maxReplicas: 10
+    serviceType: LoadBalancer
+    servicePorts:
+      - name: http
+        port: 80
+        targetPort: 8080
+      - name: https
+        port: 443
+        targetPort: 8443
+      - name: helath
+        port: 15020
+        targetPort: 15020
+    serviceAnnotations:
+      service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+
+virtual-services:
+  - name: argocd-server
+    host: argo-cd.xquare.app
+    destination:
+      host: argocd-server.argocd.svc.cluster.local
+      port: 80
+  - name: kiali-server
+    host: kiali.xquare.app
+    destination:
+      host: kiali.istio-system.svc.cluster.local
+      port: 20001
+  - name: prometeus-server
+    host: prometheus.xquare.app
+    destination:
+      host: prometheus-server.prometheus.svc.cluster.local
+      port: 80
+  - name: jaeger-server
+    host: jaeger.xquare.app
+    destination:
+      host: tracing.istio-system.svc.cluster.local
+      port: 80
+  - name: grafana-server
+    host: argo-cd.xquare.app
+    destination:
+      host: argocd-server.argocd.svc.cluster.local
+      port: 80
+
+addon:
+  jeager:
+    enable: true
+  kiali:
+    enable: true
+
+
+
diff --git a/helm/karpenter/Chart.yaml b/helm/karpenter/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: karpenter
 description: A Helm chart for Karpenter, an open-source node provisioning project built for Kubernetes.
 type: application
-version: 0.30.0
+version: 1.0.1
 appVersion: 0.30.0
 keywords:
   - cluster

diff --git a/helm/karpenter/templates/provisioner.yaml b/helm/karpenter/templates/provisioner.yaml
@@ -0,0 +1,38 @@
+apiVersion: karpenter.sh/v1alpha5
+kind: Provisioner
+metadata:
+  name: {{ .Values.provisioner.name }}
+spec:
+  labels:
+    {{- range $key, $value := .Values.provisioner.spec.labels }}
+    {{ $key }}: {{ $value }}
+    {{- end }}
+  requirements:
+    {{- range .Values.provisioner.spec.requirements }}
+    - key: {{ .key | quote }}
+      operator: {{ .operator | quote }}
+      values:
+        {{- range .values }}
+        - {{ . | quote }}
+        {{- end }}
+    {{- end }}
+  limits:
+    resources:
+      cpu: {{ .Values.provisioner.spec.limits.resources.cpu }}
+      memory: {{ .Values.provisioner.spec.limits.resources.memory }}
+  providerRef:
+    name: {{ .Values.provisioner.spec.providerRef.name }}
+  consolidation:
+    enabled: {{ .Values.provisioner.spec.consolidation.enabled }}
+---
+apiVersion: karpenter.k8s.aws/v1alpha1
+kind: AWSNodeTemplate
+metadata:
+  name: {{ .Values.awsNodeTemplate.name }}
+spec:
+  subnetSelector:
+    karpenter.sh/discovery/xquare-cluster: '*'
+  securityGroupSelector:
+    aws:eks:cluster-name: {{ .Values.settings.aws.clusterName }}
+  tags:
+    karpenter.sh/discovery: {{ .Values.settings.aws.clusterName }}
diff --git a/helm/karpenter/values.yaml b/helm/karpenter/values.yaml
@@ -198,3 +198,55 @@ settings:
     # Setting driftEnabled to true enables the drift deprovisioner to watch for drift between currently deployed nodes
     # and the desired state of nodes set in provisioners and node templates
     driftEnabled: false
+
+awsNodeTemplate:
+  name: xquare
+
+provisioner:
+  name: xquare
+  spec:
+    requirements:
+      - key: kubernetes.io/os
+        operator: In
+        values:
+          - "linux"
+      - key: "karpenter.sh/capacity-type"
+        operator: In
+        values:
+          - "spot"
+      - key: "topology.kubernetes.io/zone"
+        operator: In
+        values:
+          - "ap-northeast-2a"
+          - "ap-northeast-2c"
+      - key: "karpenter.k8s.aws/instance-size"
+        operator: In
+        values:
+          - "medium"
+          - "large"
+          - "xlarge"
+          - "2xlarge"
+      - key: "karpenter.k8s.aws/instance-cpu"
+        operator: In
+        values:
+          - "1"
+          - "2"
+          - "3"
+          - "4"
+          - "8"
+      - key: "karpenter.k8s.aws/instance-category"
+        operator: In
+        values:
+          - "m"
+      - key: "kubernetes.io/arch"
+        operator: In
+        values:
+          - "amd64"
+    limits:
+      resources:
+        cpu: 1000
+        memory: 1000Gi
+    providerRef:
+      name: xquare
+    consolidation:
+      enabled: true
diff --git a/helm/redis/Chart.yaml b/helm/redis/Chart.yaml
@@ -25,4 +25,4 @@ maintainers:
 name: redis
 sources:
   - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 17.15.3
+version: 17.15.4
diff --git a/helm/redis/templates/master/service.yaml b/helm/redis/templates/master/service.yaml
@@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ printf "%s-master" (include "common.names.fullname" .) }}
+  name: {{ printf "%s" (include "common.names.fullname" .) }}
   namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
     app.kubernetes.io/component: master