diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json index 301e57ba5e..00dad1b220 100644 --- a/.github/release-please/manifest.json +++ b/.github/release-please/manifest.json @@ -1 +1 @@ -{"charts/base-cluster":"7.2.1","charts/teuto-portal-k8s-worker":"3.2.0","charts/t8s-cluster":"9.2.1","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0","charts/common":"1.4.0","charts/ckan":"1.3.1","charts/teuto-cnpg":"2.0.0"} +{"charts/base-cluster":"8.0.0","charts/teuto-portal-k8s-worker":"3.2.0","charts/t8s-cluster":"9.2.1","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0","charts/common":"1.4.0","charts/ckan":"1.3.1","charts/teuto-cnpg":"2.0.0"} diff --git a/charts/base-cluster/CHANGELOG.md b/charts/base-cluster/CHANGELOG.md index eeddbf82f2..08fe2a2589 100644 --- a/charts/base-cluster/CHANGELOG.md +++ b/charts/base-cluster/CHANGELOG.md @@ -1,5 +1,34 @@ # Changelog +## [8.0.0](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v7.2.1...base-cluster-v8.0.0) (2025-05-27) + + +### ⚠ BREAKING CHANGES + +* **base-cluster/ingress:** add option traefik for ingress controller and make it default ([#1420](https://github.com/teutonet/teutonet-helm-charts/issues/1420)) +* **base-cluster/monitoring:** migrate promtail to alloy ([#1347](https://github.com/teutonet/teutonet-helm-charts/issues/1347)) + +### Features + +* **base-cluster/ingress-nginx:** use risk-level Critical when annotations are enabled ([#1417](https://github.com/teutonet/teutonet-helm-charts/issues/1417)) ([a9d8ef2](https://github.com/teutonet/teutonet-helm-charts/commit/a9d8ef2a8a6854ac888d30d8188b7d8eaf320ecb)) +* **base-cluster/ingress:** add option traefik for ingress controller and make it default ([#1420](https://github.com/teutonet/teutonet-helm-charts/issues/1420)) ([f62b197](https://github.com/teutonet/teutonet-helm-charts/commit/f62b1971038760bc7b66c35ff78b98703fde28a1)) +* **base-cluster/ingress:** rename oauth-proxies to have a clean name ([#1434](https://github.com/teutonet/teutonet-helm-charts/issues/1434)) ([27a28d5](https://github.com/teutonet/teutonet-helm-charts/commit/27a28d5c5c3ffccb29272e8e12f22e44aeacf323)) +* **base-cluster/monitoring:** migrate promtail to alloy ([#1347](https://github.com/teutonet/teutonet-helm-charts/issues/1347)) ([24db445](https://github.com/teutonet/teutonet-helm-charts/commit/24db44516ae6eaeafa1a45460375f80d7a171fbe)) +* **base-cluster/monitoring:** rename alloy to be a generic name ([#1433](https://github.com/teutonet/teutonet-helm-charts/issues/1433)) ([3f5826a](https://github.com/teutonet/teutonet-helm-charts/commit/3f5826addfb58a96b754f6c3188753117b3e8ebd)) + + +### Bug Fixes + +* **base-cluster/cert-manager:** metrics collection ([#1397](https://github.com/teutonet/teutonet-helm-charts/issues/1397)) ([71e1189](https://github.com/teutonet/teutonet-helm-charts/commit/71e1189eb6e58d78fdbba867502318813c91fd32)) +* **base-cluster/rbac:** *RoleBindings should always be prefixed to avoid collision ([#1484](https://github.com/teutonet/teutonet-helm-charts/issues/1484)) ([75de246](https://github.com/teutonet/teutonet-helm-charts/commit/75de246c30fca500b7e8bb0bff11ed7053fc3df3)) + + +### Miscellaneous Chores + +* **base-cluster/monitoring:** remove deprecated plugin ([#1478](https://github.com/teutonet/teutonet-helm-charts/issues/1478)) ([ee22df5](https://github.com/teutonet/teutonet-helm-charts/commit/ee22df5625c2495b3d93fdc01832cf5284e9e163)) +* **base-cluster:** formatting ([#1424](https://github.com/teutonet/teutonet-helm-charts/issues/1424)) ([853f146](https://github.com/teutonet/teutonet-helm-charts/commit/853f146b1dd002a9975e3ec2ebb3ab053273d029)) +* **base-cluster:** pin all versions ([#1447](https://github.com/teutonet/teutonet-helm-charts/issues/1447)) ([ec8a430](https://github.com/teutonet/teutonet-helm-charts/commit/ec8a4301f51c336ca047f7f4acc17c17fa595bc4)) + ## [7.2.1](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v7.2.0...base-cluster-v7.2.1) (2025-02-27) diff --git a/charts/base-cluster/Chart.yaml b/charts/base-cluster/Chart.yaml index aee4d85a8f..d96fe1ea0a 100644 --- a/charts/base-cluster/Chart.yaml +++ b/charts/base-cluster/Chart.yaml @@ -16,10 +16,10 @@ maintainers: name: tasches name: base-cluster sources: - - https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v7.2.1/charts/base-cluster + - https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v8.0.0/charts/base-cluster - https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster type: application -version: 7.2.1 +version: 8.0.0 annotations: artifacthub.io/images: | - image: docker.io/aelbakry/kdave-server:1.0.4 # monitoring/HelmRelease/kdave/null/Deployment/kdave.yaml @@ -33,10 +33,10 @@ annotations: - image: docker.io/bitnami/grafana-tempo:2.7.1-debian-12-r4 # monitoring/HelmRelease/grafana-tempo/monitoring/StatefulSet/grafana-tempo-ingester.yaml - image: docker.io/bitnami/kubectl:1.31.4-debian-12-r1@sha256:64614ef8290f3fb27fed5164b338debeeb79a1e5e26c93eb920770b71abd7c48 # default/Job/flux-generate-gpg-key-secret-main.yaml - image: docker.io/bitnami/kubectl:1.31.4-debian-12-r1@sha256:64614ef8290f3fb27fed5164b338debeeb79a1e5e26c93eb920770b71abd7c48 # default/Job/prevent-uninstallation.yaml + - image: docker.io/bitnami/kubectl:1.32 # backup/HelmRelease/velero/backup/Job/velero-cleanup-crds.yaml - image: docker.io/bitnami/kubectl:1.32.3 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-clean-reports.yaml - image: docker.io/bitnami/kubectl:1.32.3 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-remove-configmap.yaml - image: docker.io/bitnami/kubectl:1.32.3 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-scale-to-zero.yaml - - image: docker.io/bitnami/kubectl:1.32 # backup/HelmRelease/velero/backup/Job/velero-cleanup-crds.yaml - image: docker.io/bitnami/memcached:1.6.37-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-memcached.yaml - image: docker.io/bitnami/metrics-server:0.7.2-debian-12-r20 # monitoring/HelmRelease/metrics-server/monitoring/Deployment/metrics-server.yaml - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-metrics.yaml @@ -50,8 +50,9 @@ annotations: - image: docker.io/emberstack/kubernetes-reflector:7.1.288 # kube-system/HelmRelease/reflector/kube-system/Deployment/reflector.yaml - image: docker.io/fluxcd/flux-cli:v2.4.0@sha256:a9cb966cddc1a0c56dc0d57dda485d9477dd397f8b45f222717b24663471fd1f # default/Job/flux-generate-ssh-key-secret-main.yaml - image: docker.io/grafana/alloy:v1.7.5 # monitoring/HelmRelease/telemetry-collector/monitoring/DaemonSet/telemetry-collector.yaml - - image: docker.io/grafana/grafana:11.3.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml - image: docker.io/grafana/grafana-image-renderer:latest # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana-image-renderer.yaml + - image: docker.io/grafana/grafana:11.3.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + - image: docker.io/grafana/loki:3.4.2 # monitoring/HelmRelease/loki/monitoring/StatefulSet/loki.yaml - image: docker.io/hjacobs/kube-janitor:23.7.0 # kube-system/HelmRelease/kube-janitor/kube-system/Deployment/kube-janitor.yaml - image: docker.io/velero/velero-plugin-for-aws:v1.7.0 # backup/HelmRelease/velero/backup/Deployment/velero.yaml - image: docker.io/velero/velero:v1.14.0 # backup/HelmRelease/velero/backup/DaemonSet/node-agent.yaml @@ -64,19 +65,19 @@ annotations: - image: quay.io/jetstack/cert-manager-startupapicheck:v1.17.2 # cert-manager/HelmRelease/cert-manager/cert-manager/Job/cert-manager-startupapicheck.yaml - image: quay.io/jetstack/cert-manager-webhook:v1.17.2 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-webhook.yaml - image: quay.io/kiwigrid/k8s-sidecar:1.28.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml - - image: quay.io/prometheus/alertmanager:v0.27.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Alertmanager/kube-prometheus-stack-alertmanager.yaml - - image: quay.io/prometheus/node-exporter:v1.8.2 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/DaemonSet/kube-prometheus-stack-prometheus-node-exporter.yaml - image: quay.io/prometheus-operator/prometheus-config-reloader:v0.81.0 # monitoring/HelmRelease/telemetry-collector/monitoring/DaemonSet/telemetry-collector.yaml - image: quay.io/prometheus-operator/prometheus-operator:v0.77.2 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-operator.yaml + - image: quay.io/prometheus/alertmanager:v0.27.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Alertmanager/kube-prometheus-stack-alertmanager.yaml + - image: quay.io/prometheus/node-exporter:v1.8.2 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/DaemonSet/kube-prometheus-stack-prometheus-node-exporter.yaml - image: quay.io/prometheus/prometheus:v2.55.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Prometheus/kube-prometheus-stack-prometheus.yaml + - image: reg.kyverno.io/kyverno/background-controller:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-background-controller.yaml + - image: reg.kyverno.io/kyverno/cleanup-controller:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-cleanup-controller.yaml + - image: reg.kyverno.io/kyverno/kyverno:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml + - image: reg.kyverno.io/kyverno/kyvernopre:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml + - image: reg.kyverno.io/kyverno/reports-controller:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-reports-controller.yaml - image: registry.k8s.io/descheduler/descheduler:v0.32.2 # kube-system/HelmRelease/descheduler/kube-system/Deployment/descheduler.yaml - image: registry.k8s.io/ingress-nginx/controller:v1.12.1@sha256:d2fbc4ec70d8aa2050dd91a91506e998765e86c96f32cffb56c503c9c34eed5b # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-create.yaml - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-patch.yaml - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-kube-state-metrics.yaml - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 # nfs-server-provisioner/HelmRelease/nfs-server-provisioner/null/StatefulSet/nfs-server-provisioner.yaml - - image: reg.kyverno.io/kyverno/background-controller:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-background-controller.yaml - - image: reg.kyverno.io/kyverno/cleanup-controller:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-cleanup-controller.yaml - - image: reg.kyverno.io/kyverno/kyvernopre:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml - - image: reg.kyverno.io/kyverno/kyverno:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml - - image: reg.kyverno.io/kyverno/reports-controller:v1.14.0 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-reports-controller.yaml diff --git a/charts/base-cluster/README.md b/charts/base-cluster/README.md index 9b88867501..5f40cbe5b9 100644 --- a/charts/base-cluster/README.md +++ b/charts/base-cluster/README.md @@ -1,6 +1,6 @@ # base-cluster -![Version: 7.2.1](https://img.shields.io/badge/Version-7.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 8.0.0](https://img.shields.io/badge/Version-8.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A common base for every kubernetes cluster @@ -23,7 +23,7 @@ The `.x.x` part of the versions can be left as is, helm uses that as a range. If git init # create empty cluster HelmRelease; -flux create helmrelease --export base-cluster -n flux-system --source HelmRepository/teuto-net.flux-system --chart base-cluster --chart-version 7.x.x > cluster.yaml +flux create helmrelease --export base-cluster -n flux-system --source HelmRepository/teuto-net.flux-system --chart base-cluster --chart-version 8.x.x > cluster.yaml # maybe use the following name for your cluster; kubectl get node -o jsonpath='{.items[0].metadata.annotations.cluster\.x-k8s\.io/cluster-name}' @@ -50,7 +50,7 @@ helm install -n flux-system flux flux2 --repo https://fluxcd-community.github.io # manual initial installation of the chart, afterwards the chart takes over # after the installation finished, follow the on-screen instructions to configure your flux, distribute KUBECONFIGs, ... -helm install -n flux-system base-cluster oci://ghcr.io/teutonet/teutonet-helm-charts/base-cluster --version 7.x.x --atomic --values <(cat cluster.yaml | yq -y .spec.values) +helm install -n flux-system base-cluster oci://ghcr.io/teutonet/teutonet-helm-charts/base-cluster --version 8.x.x --atomic --values <(cat cluster.yaml | yq -y .spec.values) # you can use this command to get the instructions again # e.g. when adding users, gitRepositories, ... @@ -108,8 +108,16 @@ which is also supported by [cert-manager](https://cert-manager.io/docs/configura ### Component [ingress](#ingress) -The included [`nginx` ingress-controller](https://docs.nginx.com/nginx-ingress-controller) -only works for the `IngressClassName: nginx`. +The chart supports two ingress controllers: + +1. [`nginx` ingress-controller](https://docs.nginx.com/nginx-ingress-controller) (default) + - Works with `IngressClassName: nginx` or if none is defined + - Provides built-in metrics and tracing support + +2. [`traefik`](https://traefik.io) (recommended) + - Works with `IngressClassName: ingress-controller` or if none is defined + - Provides built-in metrics and tracing support + - Also supports [Gateway API](https://gateway-api.sigs.k8s.io) #### TLS @@ -123,7 +131,7 @@ only works for the `IngressClassName: nginx`. If you want to make sure that, in the event of a catastrophic failure, you keep the same IP address, you should roll this out, get the assigned IP -(`kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress}'`) +(`kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress}'` for nginx or `kubectl -n ingress get svc ingress-controller -o jsonpath='{.status.loadBalancer.ingress}'` for traefik) and set `.ingress.IP=` in the values. This makes sure the IP is kept in your project (may incur cost!), which means you can reuse it later or after recovery. @@ -238,7 +246,7 @@ output of `helm -n flux-system get notes base-cluster` ## Source Code -* +* * ## Requirements @@ -325,6 +333,76 @@ upgrade, they will be recreated in version 6. This also makes kyverno HA, so be aware that kyverno will need more resources in you cluster. +### 6.x.x -> 7.0.0 + +This release allows the user to use the predefined k8s ClusterRoles +(`admin`, `edit`, `view`, ...). + +This usage might clash with custom roles named `admin`, `edit`, `view`, ... and +therefore needs to be adjusted + +### 7.x.x -> 8.0.0 + +This release migrates the now unsupported `loki-stack` to the normal `loki` helm +chart. + +This is a breaking change because, apart from a new storage engine, the deployment +also moves from the `loki` namespace to `monitoring` to keep in line with every +other monitoring deployment, which in turn also deletes the `loki` namespace + +This also replaces `promtail` and the `otel-collector` with `alloy`, using + +makes this a drop-in change. + +### 8.x.x -> 9.0.0 + +This release adds another option for ingress, [traefik](https://traefik.io)! 🎉 + +If you have disabled ingress in your configuration, you need to update your +values from: + +```yaml +ingress: + enabled: false +``` + +to: + +```yaml +ingress: + provider: none +``` + +If you are using ingress (the default), you need to either switch over to traefik +or adjust your config to use nginx. +But we do recommend using traefik, especially in light of . + +To switch to traefik you don't need to do anything. + +This will delete the old service which in turn will get you a new IP. +The `ingress-nginx` namespace will be deleted, so make sure you don't have any other +stuff deployed there or adjust its [condition](https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster/#11412--property-base-cluster-configuration--global--namespaces--additionalproperties--condition) + +Using a [DNS Provider](#component-dns) will automatically update your DNS records. + +If you want to keep the same IP, do + +beforehand. + +The switch will still create downtime, so be aware of that. + +In nginx it was possible to enable `allowNginxConfigurationSnippets` to add custom +configuration to the nginx ingress controller. +In traefik this is not possible, but you can use [gateway api](https://gateway-api.sigs.k8s.io) +instead, making this agnostic. + +If you want to keep nginx, you need to configure the following; + +```yaml +ingress: + provider: nginx +``` + # base cluster configuration **Title:** base cluster configuration @@ -675,9 +753,9 @@ bitnami/kubectl | Property | Pattern | Type | Deprecated | Definition | Title/Description | | ------------------------------------------------------- | ------- | ---------------- | ---------- | ---------- | ------------------------------------------------------------------------------------------------------------- | | - [type](#global_networkPolicy_type ) | No | enum (of string) | No | - | Which networkPolicy to create, \`auto\` tries to detect the deployed framework, checking first for \`cilium\` | -| - [metricsLabels](#global_networkPolicy_metricsLabels ) | No | object | No | - | The labels used to allow ingress from the metrics service | -| - [dnsLabels](#global_networkPolicy_dnsLabels ) | No | object | No | - | The labels used to allow egress to the DNS service | -| - [ingressLabels](#global_networkPolicy_ingressLabels ) | No | object | No | - | The labels used to allow egress to the DNS service | +| - [metricsLabels](#global_networkPolicy_metricsLabels ) | No | Combination | No | - | The labels used to allow ingress from the metrics service | +| - [dnsLabels](#global_networkPolicy_dnsLabels ) | No | Combination | No | - | The labels used to allow egress to the DNS service | +| - [ingressLabels](#global_networkPolicy_ingressLabels ) | No | Combination | No | - | The labels used to allow ingress from the ingress controller | #### 1.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > networkPolicy > type` @@ -695,18 +773,36 @@ Must be one of: #### 1.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > networkPolicy > metricsLabels` -| | | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_networkPolicy_metricsLabels_additionalProperties) | +| | | +| ------------------------- | --------------------------------------------------------------------------- | +| **Type** | `combining` | +| **Additional properties** | ![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green) | **Description:** The labels used to allow ingress from the metrics service -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| --------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | -| - [](#global_networkPolicy_metricsLabels_additionalProperties ) | No | string | No | - | - | +| One of(Option) | +| ------------------------------------------------------ | +| [item 0](#global_networkPolicy_metricsLabels_oneOf_i0) | +| [item 1](#global_networkPolicy_metricsLabels_oneOf_i1) | + +##### 1.10.2.1. Property `base cluster configuration > global > networkPolicy > metricsLabels > oneOf > item 0` -##### 1.10.2.1. Property `base cluster configuration > global > networkPolicy > metricsLabels > additionalProperties` +| | | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_networkPolicy_metricsLabels_oneOf_i0_additionalProperties) | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | ----------------- | +| - [](#global_networkPolicy_metricsLabels_oneOf_i0_additionalProperties ) | No | string | No | - | - | + +###### 1.10.2.1.1. Property `base cluster configuration > global > networkPolicy > metricsLabels > oneOf > item 0 > additionalProperties` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 1.10.2.2. Property `base cluster configuration > global > networkPolicy > metricsLabels > oneOf > item 1` | | | | -------- | -------- | @@ -714,18 +810,36 @@ Must be one of: #### 1.10.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > networkPolicy > dnsLabels` -| | | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_networkPolicy_dnsLabels_additionalProperties) | +| | | +| ------------------------- | --------------------------------------------------------------------------- | +| **Type** | `combining` | +| **Additional properties** | ![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green) | **Description:** The labels used to allow egress to the DNS service -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ----------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | -| - [](#global_networkPolicy_dnsLabels_additionalProperties ) | No | string | No | - | - | +| One of(Option) | +| -------------------------------------------------- | +| [item 0](#global_networkPolicy_dnsLabels_oneOf_i0) | +| [item 1](#global_networkPolicy_dnsLabels_oneOf_i1) | -##### 1.10.3.1. Property `base cluster configuration > global > networkPolicy > dnsLabels > additionalProperties` +##### 1.10.3.1. Property `base cluster configuration > global > networkPolicy > dnsLabels > oneOf > item 0` + +| | | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | +| **Type** | `object` | +| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_networkPolicy_dnsLabels_oneOf_i0_additionalProperties) | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [](#global_networkPolicy_dnsLabels_oneOf_i0_additionalProperties ) | No | string | No | - | - | + +###### 1.10.3.1.1. Property `base cluster configuration > global > networkPolicy > dnsLabels > oneOf > item 0 > additionalProperties` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 1.10.3.2. Property `base cluster configuration > global > networkPolicy > dnsLabels > oneOf > item 1` | | | | -------- | -------- | @@ -733,18 +847,36 @@ Must be one of: #### 1.10.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > networkPolicy > ingressLabels` -| | | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_networkPolicy_ingressLabels_additionalProperties) | +| | | +| ------------------------- | --------------------------------------------------------------------------- | +| **Type** | `combining` | +| **Additional properties** | ![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green) | -**Description:** The labels used to allow egress to the DNS service +**Description:** The labels used to allow ingress from the ingress controller -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| --------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | -| - [](#global_networkPolicy_ingressLabels_additionalProperties ) | No | string | No | - | - | +| One of(Option) | +| ------------------------------------------------------ | +| [item 0](#global_networkPolicy_ingressLabels_oneOf_i0) | +| [item 1](#global_networkPolicy_ingressLabels_oneOf_i1) | -##### 1.10.4.1. Property `base cluster configuration > global > networkPolicy > ingressLabels > additionalProperties` +##### 1.10.4.1. Property `base cluster configuration > global > networkPolicy > ingressLabels > oneOf > item 0` + +| | | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_networkPolicy_ingressLabels_oneOf_i0_additionalProperties) | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | ----------------- | +| - [](#global_networkPolicy_ingressLabels_oneOf_i0_additionalProperties ) | No | string | No | - | - | + +###### 1.10.4.1.1. Property `base cluster configuration > global > networkPolicy > ingressLabels > oneOf > item 0 > additionalProperties` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 1.10.4.2. Property `base cluster configuration > global > networkPolicy > ingressLabels > oneOf > item 1` | | | | -------- | -------- | @@ -2560,7 +2692,6 @@ Must be one of: | ------------------------------------------------------ | ------- | ---------------- | ---------- | ----------------------------------------------------------------------------- | ----------------------------------------------------------------- | | - [enabled](#monitoring_loki_enabled ) | No | boolean | No | - | - | | - [persistence](#monitoring_loki_persistence ) | No | object | No | - | - | -| - [replicas](#monitoring_loki_replicas ) | No | integer | No | - | - | | - [resourcesPreset](#monitoring_loki_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_loki_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | | - [promtail](#monitoring_loki_promtail ) | No | object | No | - | - | @@ -2600,24 +2731,14 @@ Must be one of: **Description:** The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) -#### 4.7.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > replicas` - -| | | -| -------- | --------- | -| **Type** | `integer` | - -| Restrictions | | -| ------------ | ------ | -| **Minimum** | ≥ 1 | - -#### 4.7.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resourcesPreset` +#### 4.7.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -#### 4.7.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resources` +#### 4.7.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resources` | | | | ------------------------- | --------------------------------------------------------------------------- | @@ -2627,7 +2748,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -#### 4.7.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail` +#### 4.7.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail` | | | | ------------------------- | -------------------------------------------------------------- | @@ -2639,14 +2760,14 @@ Must be one of: | - [resourcesPreset](#monitoring_loki_promtail_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_loki_promtail_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -##### 4.7.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resourcesPreset` +##### 4.7.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 4.7.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resources` +##### 4.7.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resources` | | | | ------------------------- | --------------------------------------------------------------------------- | @@ -3692,7 +3813,7 @@ Must be one of: | - [replicas](#ingress_replicas ) | No | integer | No | - | - | | - [resourcesPreset](#ingress_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#ingress_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -| - [enabled](#ingress_enabled ) | No | boolean | No | - | - | +| - [provider](#ingress_provider ) | No | enum (of string) | No | - | Which ingress controller to use | | - [allowNginxConfigurationSnippets](#ingress_allowNginxConfigurationSnippets ) | No | boolean | No | - | Please don't do it if not absolutely necessary, it goes against all best practices. Ref.: https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments#cmdoption-enable-snippets | | - [useProxyProtocol](#ingress_useProxyProtocol ) | No | boolean | No | - | - | | - [IP](#ingress_IP ) | No | string | No | - | Try to use specified IP as loadbalancer IP | @@ -3724,11 +3845,18 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -### 10.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > ingress > enabled` +### 10.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > ingress > provider` -| | | -| -------- | --------- | -| **Type** | `boolean` | +| | | +| -------- | ------------------ | +| **Type** | `enum (of string)` | + +**Description:** Which ingress controller to use + +Must be one of: +* "nginx" +* "traefik" +* "none" ### 10.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > ingress > allowNginxConfigurationSnippets`