From 38fd2ef00d7d54ffb1b1fb7da02b84ca68085f0e Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Fri, 10 May 2024 11:19:03 +0900 Subject: [PATCH 01/11] merge --- observation/overlays/local/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/observation/overlays/local/kustomization.yaml b/observation/overlays/local/kustomization.yaml index 9093676..b50679e 100644 --- a/observation/overlays/local/kustomization.yaml +++ b/observation/overlays/local/kustomization.yaml @@ -4,7 +4,6 @@ resources: - ../../base - ./alloy/config.yaml - ./prometheus/application.yaml - - ./tempo/application.yaml patches: - path: ./grafana/patch.yaml - path: ./loki/patch.yaml From 2361011aafa7d9da207e63b665e96a4b0053e91a Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 13:42:07 +0900 Subject: [PATCH 02/11] nautible/issues#151 update keycloak --- auth/base/keycloak-deploy.yaml | 125 ++++++++++++++++++--------------- 1 file changed, 69 insertions(+), 56 deletions(-) diff --git a/auth/base/keycloak-deploy.yaml b/auth/base/keycloak-deploy.yaml index 1a0096e..071efa6 100644 --- a/auth/base/keycloak-deploy.yaml +++ b/auth/base/keycloak-deploy.yaml @@ -27,52 +27,61 @@ spec: app.kubernetes.io/managed-by: manual spec: containers: - - name: keycloak - image: quay.io/keycloak/keycloak:18.0.0 - args: ["start","--import-realm","--hostname-strict=false","--auto-build","--db=postgres","--http-relative-path /auth","--proxy edge"] - # args: ["start-dev","--import-realm","--hostname-strict=false","--db=postgres","--http-relative-path /auth"] - securityContext: - runAsNonRoot: true - runAsUser: 1000 - env: - - name: KC_IMPORT_VAL_FRONTEND_URL - value: http://localhost:8080/api/v1.0/nautible-auth/auth # fix me - - name: KC_IMPORT_VAL_ROOT_URL - value: http://localhost:3000 # fix me - - name: KEYCLOAK_ADMIN - valueFrom: - secretKeyRef: - name: secret-keycloak - key: KEYCLOAK_USER - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: secret-keycloak - key: KEYCLOAK_PASSWORD - - name: KC_DB_USERNAME - valueFrom: - secretKeyRef: - name: secret-keycloak - key: DB_USER - - name: KC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: secret-keycloak - key: DB_PASSWORD - - name: KC_DB_URL_HOST - valueFrom: - secretKeyRef: - name: secret-keycloak - key: DB_HOST - - name: PROXY_ADDRESS_FORWARDING - value: "true" - volumeMounts: - - name: realm - mountPath: "/opt/keycloak/data/import" - readOnly: true - ports: - - name: http - containerPort: 8080 + - name: keycloak + image: quay.io/keycloak/keycloak:25.0.0 + args: + [ + 'start', + '--import-realm', + '--hostname-strict=false', + '--auto-build', + '--db=postgres', + '--http-relative-path /auth', + '--proxy edge', + ] + # args: ["start-dev","--import-realm","--hostname-strict=false","--db=postgres","--http-relative-path /auth"] + securityContext: + runAsNonRoot: true + runAsUser: 1000 + env: + - name: KC_IMPORT_VAL_FRONTEND_URL + value: http://localhost:8080/api/v1.0/nautible-auth/auth # fix me + - name: KC_IMPORT_VAL_ROOT_URL + value: http://localhost:3000 # fix me + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: secret-keycloak + key: KEYCLOAK_USER + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: secret-keycloak + key: KEYCLOAK_PASSWORD + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + name: secret-keycloak + key: DB_USER + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: secret-keycloak + key: DB_PASSWORD + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + name: secret-keycloak + key: DB_HOST + - name: PROXY_ADDRESS_FORWARDING + value: 'true' + volumeMounts: + - name: realm + mountPath: '/opt/keycloak/data/import' + readOnly: true + ports: + - name: http + containerPort: 8080 volumes: - name: realm emptyDir: {} @@ -80,13 +89,17 @@ spec: secret: secretName: secret-keycloak-realm initContainers: - - name: touch - image: busybox - command: ["sh", "-c","cp /secret-keycloak-realm/realm.json /realm/realm.json"] - volumeMounts: - - name: realm - mountPath: /realm - - name: secret-keycloak-realm - mountPath: "/secret-keycloak-realm" - readOnly: true - + - name: touch + image: busybox + command: + [ + 'sh', + '-c', + 'cp /secret-keycloak-realm/realm.json /realm/realm.json', + ] + volumeMounts: + - name: realm + mountPath: /realm + - name: secret-keycloak-realm + mountPath: '/secret-keycloak-realm' + readOnly: true From 5c724278b7391645ee95a296286c76b42d64c19d Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 13:44:26 +0900 Subject: [PATCH 03/11] nautible/issues#155 update istio --- service-mesh/base/istio-base/application.yaml | 2 +- service-mesh/base/istio-egress/application.yaml | 4 ++-- service-mesh/base/istio-ingress/application.yaml | 4 ++-- service-mesh/base/istio-operator/application.yaml | 4 ++-- service-mesh/base/istiod/application.yaml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/service-mesh/base/istio-base/application.yaml b/service-mesh/base/istio-base/application.yaml index a121d2f..0ba61f6 100644 --- a/service-mesh/base/istio-base/application.yaml +++ b/service-mesh/base/istio-base/application.yaml @@ -10,7 +10,7 @@ spec: source: path: 'manifests/charts/base' repoURL: 'https://github.com/istio/istio' - targetRevision: 1.18.1 + targetRevision: 1.22.1 project: default syncPolicy: automated: diff --git a/service-mesh/base/istio-egress/application.yaml b/service-mesh/base/istio-egress/application.yaml index 64210f0..f187551 100644 --- a/service-mesh/base/istio-egress/application.yaml +++ b/service-mesh/base/istio-egress/application.yaml @@ -10,13 +10,13 @@ spec: source: path: 'manifests/charts/gateways/istio-egress' repoURL: 'https://github.com/istio/istio' - targetRevision: 1.18.1 + targetRevision: 1.22.1 helm: parameters: - name: 'global.hub' value: 'docker.io/istio' - name: 'global.tag' - value: '1.18.1' + value: '1.22.1' project: default syncPolicy: automated: diff --git a/service-mesh/base/istio-ingress/application.yaml b/service-mesh/base/istio-ingress/application.yaml index b93f3dd..02fe765 100644 --- a/service-mesh/base/istio-ingress/application.yaml +++ b/service-mesh/base/istio-ingress/application.yaml @@ -10,13 +10,13 @@ spec: source: path: 'manifests/charts/gateways/istio-ingress' repoURL: 'https://github.com/istio/istio' - targetRevision: 1.18.1 + targetRevision: 1.22.1 helm: parameters: - name: 'global.hub' value: 'docker.io/istio' - name: 'global.tag' - value: '1.18.1' + value: '1.22.1' project: default syncPolicy: automated: diff --git a/service-mesh/base/istio-operator/application.yaml b/service-mesh/base/istio-operator/application.yaml index 8d53cd1..dfa031b 100644 --- a/service-mesh/base/istio-operator/application.yaml +++ b/service-mesh/base/istio-operator/application.yaml @@ -10,14 +10,14 @@ spec: namespace: istio-operator source: repoURL: 'https://github.com/istio/istio' - targetRevision: 1.18.1 + targetRevision: 1.22.1 path: 'manifests/charts/istio-operator' helm: parameters: - name: 'hub' value: 'docker.io/istio' - name: 'tag' - value: '1.18.1' + value: '1.22.1' syncPolicy: automated: prune: true diff --git a/service-mesh/base/istiod/application.yaml b/service-mesh/base/istiod/application.yaml index 135bd10..b93bd8f 100644 --- a/service-mesh/base/istiod/application.yaml +++ b/service-mesh/base/istiod/application.yaml @@ -10,7 +10,7 @@ spec: source: path: 'manifests/charts/istio-control/istio-discovery' repoURL: 'https://github.com/istio/istio' - targetRevision: 1.18.1 + targetRevision: 1.22.1 helm: parameters: - name: 'global.hub' From 8540314d20e58c648a3c3de9e70f15559b60ee8b Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 13:48:15 +0900 Subject: [PATCH 04/11] nautible/issues#155 modify ingress securitygroup --- albc/ingress/manifest/ingress.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/albc/ingress/manifest/ingress.yaml b/albc/ingress/manifest/ingress.yaml index 30db0c8..07c9570 100644 --- a/albc/ingress/manifest/ingress.yaml +++ b/albc/ingress/manifest/ingress.yaml @@ -12,16 +12,15 @@ metadata: alb.ingress.kubernetes.io/healthcheck-path: '/healthz/ready' # 対象のセキュリティグループに変更する。idまたは名称を指定する。 # Blue/Greenデプロイの場合など複数バージョンのKubernetesが稼働する環境ではセキュリティグループの名前にバージョンも含めておいたほうが良い。 - alb.ingress.kubernetes.io/security-groups: 'nautible-dev-cluster-albc-sg' + alb.ingress.kubernetes.io/security-groups: 'nautible-dev-cluster-v1_29-albc-sg' spec: rules: - - - http: + - http: paths: - pathType: Prefix path: / backend: service: name: istio-ingressgateway - port: + port: number: 80 From ddc2a22d942033b5e485df18d45d7df04c19c5ca Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:04:01 +0900 Subject: [PATCH 05/11] nautible/issues#155 update istio --- service-mesh/base/istiod/application.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service-mesh/base/istiod/application.yaml b/service-mesh/base/istiod/application.yaml index b93bd8f..ac9f795 100644 --- a/service-mesh/base/istiod/application.yaml +++ b/service-mesh/base/istiod/application.yaml @@ -16,7 +16,7 @@ spec: - name: 'global.hub' value: 'docker.io/istio' - name: 'global.tag' - value: '1.18.1' + value: '1.22.1' # Enable Envoy's access logging # https://istio.io/latest/docs/tasks/observability/logs/access-log/ - name: 'meshConfig.accessLogFile' From 5f4ce73b43e306fb946fd90db7a8fa75619021dc Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:14:28 +0900 Subject: [PATCH 06/11] nautible/issues#151 update keycloark --- auth/overlays/aws/kustomization.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/auth/overlays/aws/kustomization.yaml b/auth/overlays/aws/kustomization.yaml index 12993a8..4816e86 100644 --- a/auth/overlays/aws/kustomization.yaml +++ b/auth/overlays/aws/kustomization.yaml @@ -15,10 +15,10 @@ patchesJson6902: patch: |- - op: replace path: /spec/template/spec/containers/0/env/0/value - value: https://d9sr2zchpwi7v.cloudfront.net/api/v1.0/nautible-auth/auth + value: https://d16d282u0desjz.cloudfront.net/api/v1.0/nautible-auth/auth - op: replace path: /spec/template/spec/containers/0/env/1/value - value: https://d9sr2zchpwi7v.cloudfront.net + value: https://d16d282u0desjz.cloudfront.net # see base\keycloak-istio-auth.yaml - target: group: security.istio.io @@ -29,7 +29,7 @@ patchesJson6902: patch: |- - op: replace path: /spec/jwtRules/0/issuer - value: https://d9sr2zchpwi7v.cloudfront.net/api/v1.0/nautible-auth/auth/realms/nautible-auth + value: https://d16d282u0desjz.cloudfront.net/api/v1.0/nautible-auth/auth/realms/nautible-auth # see base\keycloak-istio-auth.yaml - target: group: security.istio.io @@ -40,4 +40,4 @@ patchesJson6902: patch: |- - op: replace path: /spec/rules/0/when/0/values - value: ["https://d9sr2zchpwi7v.cloudfront.net/api/v1.0/nautible-auth/auth/realms/nautible-auth"] + value: ["https://d16d282u0desjz.cloudfront.net/api/v1.0/nautible-auth/auth/realms/nautible-auth"] From 3f0f37f70ffda9d6416c4c564a3c8f15359175e6 Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:18:11 +0900 Subject: [PATCH 07/11] nautible/issues#151 remove auto-build --- auth/base/keycloak-deploy.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/auth/base/keycloak-deploy.yaml b/auth/base/keycloak-deploy.yaml index 071efa6..79fd8a6 100644 --- a/auth/base/keycloak-deploy.yaml +++ b/auth/base/keycloak-deploy.yaml @@ -34,7 +34,6 @@ spec: 'start', '--import-realm', '--hostname-strict=false', - '--auto-build', '--db=postgres', '--http-relative-path /auth', '--proxy edge', From 2d89864bdd8a7a1a18ddc6b239bc8484a39d6d56 Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:23:59 +0900 Subject: [PATCH 08/11] nautible/issues#151 keyclark update parameter --- auth/base/keycloak-deploy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth/base/keycloak-deploy.yaml b/auth/base/keycloak-deploy.yaml index 79fd8a6..bdf2587 100644 --- a/auth/base/keycloak-deploy.yaml +++ b/auth/base/keycloak-deploy.yaml @@ -35,8 +35,8 @@ spec: '--import-realm', '--hostname-strict=false', '--db=postgres', - '--http-relative-path /auth', - '--proxy edge', + '--http-relative-path=/auth', + '--proxy=edge', ] # args: ["start-dev","--import-realm","--hostname-strict=false","--db=postgres","--http-relative-path /auth"] securityContext: From b2ed73d0a0f45bab1d39c4a6d879abfa116461fa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Jun 2024 22:30:39 +0000 Subject: [PATCH 09/11] update targetRevision --- albc/ingress/application.yaml | 2 +- app-bookinfo/application.yaml | 2 +- app-examples/base/examples-go/application.yaml | 2 +- app-examples/base/examples-java/application.yaml | 2 +- app-examples/base/examples-node/application.yaml | 2 +- app-examples/base/examples-python/application.yaml | 2 +- app-examples/overlays/aws/application.yaml | 2 +- app-examples/overlays/azure/application.yaml | 2 +- app-ms/base/customer/application.yaml | 2 +- app-ms/base/delivery/application.yaml | 2 +- app-ms/base/order/application.yaml | 2 +- app-ms/base/payment/application.yaml | 2 +- app-ms/base/product/application.yaml | 2 +- app-ms/base/stock/application.yaml | 2 +- app-ms/base/stockbatch/application.yaml | 2 +- app-ms/overlays/aws/application.yaml | 2 +- app-ms/overlays/aws/secret-parameter/application.yaml | 2 +- app-ms/overlays/azure/application.yaml | 2 +- app-ms/overlays/azure/secret-parameter/application.yaml | 2 +- auth/overlays/aws/application.yaml | 2 +- auth/overlays/azure/application.yaml | 2 +- kong-apigateway/overlays/aws/application.yaml | 2 +- metrics-server/application.yaml | 2 +- observation/overlays/aws/application.yaml | 2 +- observation/overlays/local/application.yaml | 2 +- service-mesh/base/grafana/application.yaml | 2 +- service-mesh/base/istio-controlplane/application.yaml | 2 +- service-mesh/base/jaeger/application.yaml | 2 +- service-mesh/base/kiali/application.yaml | 2 +- service-mesh/base/prometheus/application.yaml | 2 +- service-mesh/overlays/aws/application.yaml | 2 +- service-mesh/overlays/azure/application.yaml | 2 +- 32 files changed, 32 insertions(+), 32 deletions(-) diff --git a/albc/ingress/application.yaml b/albc/ingress/application.yaml index 3d11638..84e4be0 100644 --- a/albc/ingress/application.yaml +++ b/albc/ingress/application.yaml @@ -11,7 +11,7 @@ spec: source: path: albc/ingress/manifest repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-bookinfo/application.yaml b/app-bookinfo/application.yaml index 9daae13..319c9f5 100644 --- a/app-bookinfo/application.yaml +++ b/app-bookinfo/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-bookinfo/ repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-examples/base/examples-go/application.yaml b/app-examples/base/examples-go/application.yaml index a00d84d..97dc384 100644 --- a/app-examples/base/examples-go/application.yaml +++ b/app-examples/base/examples-go/application.yaml @@ -11,7 +11,7 @@ spec: source: path: nautible-app-examples-manifest-go/overlays/dev/ repoURL: https://github.com/nautible/nautible-app-examples-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-examples/base/examples-java/application.yaml b/app-examples/base/examples-java/application.yaml index 062e4a0..7a78fa9 100644 --- a/app-examples/base/examples-java/application.yaml +++ b/app-examples/base/examples-java/application.yaml @@ -11,7 +11,7 @@ spec: source: path: nautible-app-examples-manifest-java/overlays/dev/ repoURL: https://github.com/nautible/nautible-app-examples-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-examples/base/examples-node/application.yaml b/app-examples/base/examples-node/application.yaml index 4d99977..ae06b25 100644 --- a/app-examples/base/examples-node/application.yaml +++ b/app-examples/base/examples-node/application.yaml @@ -11,7 +11,7 @@ spec: source: path: nautible-app-examples-manifest-node/overlays/dev/ repoURL: https://github.com/nautible/nautible-app-examples-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-examples/base/examples-python/application.yaml b/app-examples/base/examples-python/application.yaml index 51c225d..29b42da 100644 --- a/app-examples/base/examples-python/application.yaml +++ b/app-examples/base/examples-python/application.yaml @@ -11,7 +11,7 @@ spec: source: path: nautible-app-examples-manifest-python/overlays/dev/ repoURL: https://github.com/nautible/nautible-app-examples-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-examples/overlays/aws/application.yaml b/app-examples/overlays/aws/application.yaml index 02cc7c3..ca34b55 100644 --- a/app-examples/overlays/aws/application.yaml +++ b/app-examples/overlays/aws/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-examples/overlays/aws repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-examples/overlays/azure/application.yaml b/app-examples/overlays/azure/application.yaml index 9202de1..8548520 100644 --- a/app-examples/overlays/azure/application.yaml +++ b/app-examples/overlays/azure/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-examples/overlays/azure repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/customer/application.yaml b/app-ms/base/customer/application.yaml index ba939f3..5a84830 100644 --- a/app-ms/base/customer/application.yaml +++ b/app-ms/base/customer/application.yaml @@ -11,7 +11,7 @@ spec: source: path: overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-customer-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/delivery/application.yaml b/app-ms/base/delivery/application.yaml index df05fe5..5b6e3ef 100644 --- a/app-ms/base/delivery/application.yaml +++ b/app-ms/base/delivery/application.yaml @@ -11,7 +11,7 @@ spec: source: path: overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-delivery-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/order/application.yaml b/app-ms/base/order/application.yaml index 3f325a2..972d293 100644 --- a/app-ms/base/order/application.yaml +++ b/app-ms/base/order/application.yaml @@ -11,7 +11,7 @@ spec: source: path: overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-order-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/payment/application.yaml b/app-ms/base/payment/application.yaml index 26f4d9f..e36f98b 100644 --- a/app-ms/base/payment/application.yaml +++ b/app-ms/base/payment/application.yaml @@ -11,7 +11,7 @@ spec: source: path: payment/overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-payment-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/product/application.yaml b/app-ms/base/product/application.yaml index 9a9ea5a..75b3834 100644 --- a/app-ms/base/product/application.yaml +++ b/app-ms/base/product/application.yaml @@ -11,7 +11,7 @@ spec: source: path: overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-product-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/stock/application.yaml b/app-ms/base/stock/application.yaml index a4fab9d..807701f 100644 --- a/app-ms/base/stock/application.yaml +++ b/app-ms/base/stock/application.yaml @@ -11,7 +11,7 @@ spec: source: path: overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-stock-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/base/stockbatch/application.yaml b/app-ms/base/stockbatch/application.yaml index b54218b..a80c807 100644 --- a/app-ms/base/stockbatch/application.yaml +++ b/app-ms/base/stockbatch/application.yaml @@ -11,7 +11,7 @@ spec: source: path: overlays/dev/ repoURL: https://github.com/nautible/nautible-app-ms-stock-batch-manifest - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/overlays/aws/application.yaml b/app-ms/overlays/aws/application.yaml index da417e5..939f1bb 100644 --- a/app-ms/overlays/aws/application.yaml +++ b/app-ms/overlays/aws/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-ms/overlays/aws repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/overlays/aws/secret-parameter/application.yaml b/app-ms/overlays/aws/secret-parameter/application.yaml index 00963b3..4ce859d 100644 --- a/app-ms/overlays/aws/secret-parameter/application.yaml +++ b/app-ms/overlays/aws/secret-parameter/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-ms/overlays/aws/secret-parameter repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/overlays/azure/application.yaml b/app-ms/overlays/azure/application.yaml index 67306ef..9ade804 100644 --- a/app-ms/overlays/azure/application.yaml +++ b/app-ms/overlays/azure/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-ms/overlays/azure repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/app-ms/overlays/azure/secret-parameter/application.yaml b/app-ms/overlays/azure/secret-parameter/application.yaml index fe5c6bd..f3d32e6 100644 --- a/app-ms/overlays/azure/secret-parameter/application.yaml +++ b/app-ms/overlays/azure/secret-parameter/application.yaml @@ -11,7 +11,7 @@ spec: source: path: app-ms/overlays/azure/secret-parameter repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/auth/overlays/aws/application.yaml b/auth/overlays/aws/application.yaml index a720f5a..116d79e 100644 --- a/auth/overlays/aws/application.yaml +++ b/auth/overlays/aws/application.yaml @@ -11,7 +11,7 @@ spec: source: path: auth/overlays/aws repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/auth/overlays/azure/application.yaml b/auth/overlays/azure/application.yaml index 703794d..256ef78 100644 --- a/auth/overlays/azure/application.yaml +++ b/auth/overlays/azure/application.yaml @@ -11,7 +11,7 @@ spec: source: path: auth/overlays/azure repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/kong-apigateway/overlays/aws/application.yaml b/kong-apigateway/overlays/aws/application.yaml index c5c279c..2181be9 100644 --- a/kong-apigateway/overlays/aws/application.yaml +++ b/kong-apigateway/overlays/aws/application.yaml @@ -11,7 +11,7 @@ spec: source: path: kong-apigateway/overlays/aws repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/metrics-server/application.yaml b/metrics-server/application.yaml index 47fc2ef..df5363e 100644 --- a/metrics-server/application.yaml +++ b/metrics-server/application.yaml @@ -11,7 +11,7 @@ spec: source: path: metrics-server/manifests repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/observation/overlays/aws/application.yaml b/observation/overlays/aws/application.yaml index 692bfe8..706c3a4 100644 --- a/observation/overlays/aws/application.yaml +++ b/observation/overlays/aws/application.yaml @@ -11,7 +11,7 @@ spec: source: path: observation/overlays/aws repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/observation/overlays/local/application.yaml b/observation/overlays/local/application.yaml index e47428e..5fbb1aa 100644 --- a/observation/overlays/local/application.yaml +++ b/observation/overlays/local/application.yaml @@ -11,7 +11,7 @@ spec: source: path: observation/overlays/local repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/service-mesh/base/grafana/application.yaml b/service-mesh/base/grafana/application.yaml index aae3176..b734745 100644 --- a/service-mesh/base/grafana/application.yaml +++ b/service-mesh/base/grafana/application.yaml @@ -11,7 +11,7 @@ spec: source: path: service-mesh/base/grafana/base repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/service-mesh/base/istio-controlplane/application.yaml b/service-mesh/base/istio-controlplane/application.yaml index 4271ceb..7bba012 100644 --- a/service-mesh/base/istio-controlplane/application.yaml +++ b/service-mesh/base/istio-controlplane/application.yaml @@ -10,7 +10,7 @@ spec: namespace: istio-system source: repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop path: service-mesh/base/istio-controlplane/base syncPolicy: automated: diff --git a/service-mesh/base/jaeger/application.yaml b/service-mesh/base/jaeger/application.yaml index 70fb137..836ba30 100644 --- a/service-mesh/base/jaeger/application.yaml +++ b/service-mesh/base/jaeger/application.yaml @@ -11,7 +11,7 @@ spec: source: path: service-mesh/base/jaeger/base repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/service-mesh/base/kiali/application.yaml b/service-mesh/base/kiali/application.yaml index 098c2ac..0176efe 100644 --- a/service-mesh/base/kiali/application.yaml +++ b/service-mesh/base/kiali/application.yaml @@ -11,7 +11,7 @@ spec: source: path: service-mesh/base/kiali/base repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/service-mesh/base/prometheus/application.yaml b/service-mesh/base/prometheus/application.yaml index 6b7be90..5f5ccb3 100644 --- a/service-mesh/base/prometheus/application.yaml +++ b/service-mesh/base/prometheus/application.yaml @@ -11,7 +11,7 @@ spec: source: path: service-mesh/base/prometheus/base repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/service-mesh/overlays/aws/application.yaml b/service-mesh/overlays/aws/application.yaml index c3c4603..f880716 100644 --- a/service-mesh/overlays/aws/application.yaml +++ b/service-mesh/overlays/aws/application.yaml @@ -11,7 +11,7 @@ spec: source: path: service-mesh/overlays/aws repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true diff --git a/service-mesh/overlays/azure/application.yaml b/service-mesh/overlays/azure/application.yaml index 9f7e2d4..7c781f5 100644 --- a/service-mesh/overlays/azure/application.yaml +++ b/service-mesh/overlays/azure/application.yaml @@ -11,7 +11,7 @@ spec: source: path: service-mesh/overlays/azure repoURL: https://github.com/nautible/nautible-plugin - targetRevision: HEAD + targetRevision: develop syncPolicy: automated: prune: true From c21296b757d2cd946f29d748250b1fa049703901 Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Thu, 13 Jun 2024 13:35:15 +0900 Subject: [PATCH 10/11] nautible/issues#152 upgrade argo-workflows --- container-workflow-engine/application.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container-workflow-engine/application.yaml b/container-workflow-engine/application.yaml index a16bffb..f29c31b 100644 --- a/container-workflow-engine/application.yaml +++ b/container-workflow-engine/application.yaml @@ -11,7 +11,7 @@ spec: source: chart: argo-workflows repoURL: 'https://argoproj.github.io/argo-helm' - targetRevision: 0.22.11 + targetRevision: 0.41.8 helm: version: v3 releaseName: argo-workflows From 8a6906f78a29153fde173d02aa92f96f2e120f67 Mon Sep 17 00:00:00 2001 From: Katsuhiro Yamanaka <29446925+ogis-yamanaka@users.noreply.github.com> Date: Fri, 6 Sep 2024 17:45:43 +0900 Subject: [PATCH 11/11] =?UTF-8?q?PodIdentity=E5=AF=BE=E5=BF=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- albc/README.md | 21 +++++++++++++++------ albc/application.yaml | 8 +++----- cluster-autoscaler/README.md | 16 ++++++++++------ cluster-autoscaler/application.yaml | 6 ++---- 4 files changed, 30 insertions(+), 21 deletions(-) diff --git a/albc/README.md b/albc/README.md index 37ece62..b3ab313 100644 --- a/albc/README.md +++ b/albc/README.md @@ -1,26 +1,34 @@ # AWS LoadBalancer Controller +## 0. 注意事項 + +本導入手順はnautible-infraの tag:2024.2.0 バージョン以降で構築されたEKSに対応しています。 +(2024.2.0から認証方式をIRSAからPod Identityに変更しています) + +2024.2.0より前のバージョンのnautible-infraでEKSを構築している場合、nautible-pluginのバージョンも2024.2.0より前のバージョンを利用してください。 + ## 1. 概要 AWS LoadBalancer Controllerを導入する。 -以下の理由からAWS LoadBalancer Controllerを導入する +以下の理由からAWS LoadBalancer Controllerを導入する。 - AWSのロードバランサーはCloudfrontからのリクエストのみ受け付けるように制御する(AWS Security Groupで制御)。 - Classic LoadBalancerは2022年8月で廃止 ## 2. 導入 -helm.parameters.valueの値をLoadBalancer Controllerのロールarnに変更する。 -※ロールはterraformで作成されます。terraformのoutpoutを参照してください。 +### コントローラーの導入 + +helm.parameters.valueのclusterNameにALBを導入するクラスタ名を設定する。 application.yaml ```YAML helm: parameters: - - name: 'serviceAccount.annotations.eks\.amazonaws\.com/role-arn' - value: 'arn:aws:iam::XXXXXXXXXXXX:role/XXXXXXXXXXXX-AmazonEKSLoadBalancerControllerRole' # 対象のロールarnに変更する。 + - name: 'clusterName' + value: 'nautible-dev-cluster' # 対象のクラスタ名に変更する。 ``` AWS LoadBalancer Controllerをデプロイする。 @@ -29,8 +37,9 @@ AWS LoadBalancer Controllerをデプロイする。 $ kubectl apply -f albc/application.yaml ``` +### Istio用ロードバランサの導入 + Ingressの設定でLoadBalancerに設定するセキュリティグループに変更する。 -※ロールはterraformで作成されます。terraformのoutpoutを参照してください。 albc/ingress/manifest/ingress.yaml ```YAML diff --git a/albc/application.yaml b/albc/application.yaml index a161c5a..045c4c4 100644 --- a/albc/application.yaml +++ b/albc/application.yaml @@ -11,18 +11,16 @@ spec: source: path: '' repoURL: 'https://aws.github.io/eks-charts/' - targetRevision: 1.7.0 + targetRevision: 1.7.1 chart: 'aws-load-balancer-controller' helm: parameters: - name: 'serviceAccount.create' value: 'true' - name: 'serviceAccount.name' - value: 'aws-load-balancer-controller' - - name: 'serviceAccount.annotations.eks\.amazonaws\.com/role-arn' - value: 'arn:aws:iam::XXXXXXXXXXXX:role/XXXXXXXXXXXX-AmazonEKSLoadBalancerControllerRole' # 対象のロールarnに変更する。 + value: 'aws-load-balancer-controller-sa' - name: 'clusterName' - value: 'nautible-dev-cluster' + value: 'nautible-dev-cluster' #FIXME: clusterName project: default syncPolicy: automated: diff --git a/cluster-autoscaler/README.md b/cluster-autoscaler/README.md index 6bccde3..c438c7c 100644 --- a/cluster-autoscaler/README.md +++ b/cluster-autoscaler/README.md @@ -1,6 +1,13 @@ # Cluster Autoscaler +## 0. 注意事項 + +本導入手順はnautible-infraの tag:2024.2.0 バージョン以降で構築されたEKSに対応しています。 +(2024.2.0から認証方式をIRSAからPod Identityに変更しています) + +2024.2.0より前のバージョンのnautible-infraでEKSを構築している場合、nautible-pluginのバージョンも2024.2.0より前のバージョンを利用してください。 + ## 1. 概要 データプレーン(ワーカーノード)のオートスケール機能を導入する。 @@ -11,19 +18,16 @@ Cluster AutoscalerはPodのスケジュール失敗や別ノードへの再ス ## 2. 導入 -helm.parameters.valueの値を対象のクラスタ名、ロールarnに変更する。 -※ロールはterraformで作成されます。terraformのoutputを参照してください。 +helm.parameters.valueのautoDiscovery.clusterNameにクラスタ名を設定する。 -
+```YAML
     helm:
       parameters:
         - name: 'autoDiscovery.clusterName'
           value: 'nautible-dev-cluster'      # 対象のクラスタ名に変更する
         - name: 'awsRegion'
           value: 'ap-northeast-1'
-        - name: 'rbac.serviceAccount.annotations.eks\.amazonaws\.com/role-arn'
-          value: 'arn:aws:iam::XXXXXXXXXXX:role/XXXXXXXXXX-AmazonEKSClusterAutoscalerRole' # 対象のロールarnに変更する。
-
+``` cluster-autoscalerをデプロイする。 diff --git a/cluster-autoscaler/application.yaml b/cluster-autoscaler/application.yaml index 0ecdfe7..283b8c9 100644 --- a/cluster-autoscaler/application.yaml +++ b/cluster-autoscaler/application.yaml @@ -11,16 +11,14 @@ spec: source: path: '' repoURL: 'https://kubernetes.github.io/autoscaler/' - targetRevision: 9.34.1 + targetRevision: 9.37.0 chart: cluster-autoscaler helm: parameters: - name: 'autoDiscovery.clusterName' - value: 'nautible-dev-cluster' + value: 'nautible-dev-cluster' #FIXME: clusterName - name: 'awsRegion' value: 'ap-northeast-1' - - name: 'rbac.serviceAccount.annotations.eks\.amazonaws\.com/role-arn' - value: 'arn:aws:iam::XXXXXXXXXXX:role/XXXXXXXXXX-AmazonEKSClusterAutoscalerRole' project: default syncPolicy: automated: