Skip to content

Commit a179be5

Browse files
AlexanderYastrebovAlexanderYastrebov
committed
all: add .Cluster prefix to .ConfigItems
See previous #6627 Signed-off-by: Alexander Yastrebov <[email protected]>
1 parent 2eefdaf commit a179be5

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+176
-176
lines changed

cluster/manifests/01-admission-control/skipper-webhook.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ webhooks:
1515
resources: ["routegroups"]
1616
clientConfig:
1717
url: "https://localhost:9085/routegroups"
18-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
18+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
1919
admissionReviewVersions: ["v1"]
2020
sideEffects: None
2121
timeoutSeconds: 5
@@ -29,7 +29,7 @@ webhooks:
2929
resources: ["ingresses"]
3030
clientConfig:
3131
url: "https://localhost:9085/ingresses"
32-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
32+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
3333
admissionReviewVersions: ["v1"]
3434
sideEffects: None
3535
timeoutSeconds: 5

cluster/manifests/01-admission-control/teapot.yaml

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ webhooks:
99
- name: pod-admitter.teapot.zalan.do
1010
clientConfig:
1111
url: "https://localhost:8085/pod"
12-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
12+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
1313
admissionReviewVersions: ["v1beta1"]
1414
failurePolicy: Fail
1515
matchPolicy: Equivalent
@@ -23,7 +23,7 @@ webhooks:
2323
- name: pod-binding-admitter.teapot.zalan.do
2424
clientConfig:
2525
url: "https://localhost:8085/pod"
26-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
26+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
2727
admissionReviewVersions: ["v1beta1"]
2828
failurePolicy: Ignore
2929
sideEffects: "NoneOnDryRun"
@@ -36,7 +36,7 @@ webhooks:
3636
- name: storageclass-admitter.teapot.zalan.do
3737
clientConfig:
3838
url: "https://localhost:8085/storageclass"
39-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
39+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
4040
admissionReviewVersions: ["v1beta1"]
4141
failurePolicy: Fail
4242
sideEffects: "NoneOnDryRun"
@@ -48,7 +48,7 @@ webhooks:
4848
- name: node-admitter.teapot.zalan.do
4949
clientConfig:
5050
url: "https://localhost:8085/node"
51-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
51+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
5252
admissionReviewVersions: ["v1beta1"]
5353
failurePolicy: Fail
5454
matchPolicy: Equivalent
@@ -61,7 +61,7 @@ webhooks:
6161
- name: configmap-admitter.teapot.zalan.do
6262
clientConfig:
6363
url: "https://localhost:8085/configmap"
64-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
64+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
6565
admissionReviewVersions: ["v1beta1"]
6666
failurePolicy: Fail
6767
matchPolicy: Equivalent
@@ -74,7 +74,7 @@ webhooks:
7474
- name: cronjob-admitter.teapot.zalan.do
7575
clientConfig:
7676
url: "https://localhost:8085/cronjob"
77-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
77+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
7878
admissionReviewVersions: ["v1beta1"]
7979
failurePolicy: Fail
8080
sideEffects: "NoneOnDryRun"
@@ -86,7 +86,7 @@ webhooks:
8686
- name: job-admitter.teapot.zalan.do
8787
clientConfig:
8888
url: "https://localhost:8085/job"
89-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
89+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
9090
admissionReviewVersions: ["v1beta1"]
9191
failurePolicy: Fail
9292
matchPolicy: Equivalent
@@ -99,7 +99,7 @@ webhooks:
9999
- name: deployment-admitter.teapot.zalan.do
100100
clientConfig:
101101
url: "https://localhost:8085/deployment"
102-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
102+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
103103
admissionReviewVersions: ["v1beta1"]
104104
failurePolicy: Fail
105105
matchPolicy: Equivalent
@@ -112,7 +112,7 @@ webhooks:
112112
- name: statefulset-admitter.teapot.zalan.do
113113
clientConfig:
114114
url: "https://localhost:8085/statefulset"
115-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
115+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
116116
admissionReviewVersions: ["v1beta1"]
117117
failurePolicy: Fail
118118
matchPolicy: Equivalent
@@ -125,7 +125,7 @@ webhooks:
125125
- name: crd-admitter.teapot.zalan.do
126126
clientConfig:
127127
url: "https://localhost:8085/crd"
128-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
128+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
129129
admissionReviewVersions: ["v1beta1"]
130130
failurePolicy: Fail
131131
matchPolicy: Equivalent
@@ -138,7 +138,7 @@ webhooks:
138138
- name: stack-admitter.teapot.zalan.do
139139
clientConfig:
140140
url: "https://localhost:8085/stack"
141-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
141+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
142142
admissionReviewVersions: ["v1beta1"]
143143
failurePolicy: Fail
144144
sideEffects: "NoneOnDryRun"
@@ -150,7 +150,7 @@ webhooks:
150150
- name: stackset-admitter.teapot.zalan.do
151151
clientConfig:
152152
url: "https://localhost:8085/stackset"
153-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
153+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
154154
admissionReviewVersions: ["v1beta1"]
155155
failurePolicy: Fail
156156
sideEffects: "NoneOnDryRun"
@@ -162,7 +162,7 @@ webhooks:
162162
- name: hpa-admitter.teapot.zalan.do
163163
clientConfig:
164164
url: "https://localhost:8085/hpa"
165-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
165+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
166166
admissionReviewVersions: ["v1beta1"]
167167
failurePolicy: Fail
168168
sideEffects: "None"
@@ -175,7 +175,7 @@ webhooks:
175175
- name: serviceaccount-admitter.teapot.zalan.do
176176
clientConfig:
177177
url: "https://localhost:8085/serviceaccount"
178-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
178+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
179179
admissionReviewVersions: ["v1beta1"]
180180
failurePolicy: Fail
181181
sideEffects: "NoneOnDryRun"
@@ -189,7 +189,7 @@ webhooks:
189189
- name: daemonset-admitter.teapot.zalan.do
190190
clientConfig:
191191
url: "https://localhost:8085/daemonset"
192-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
192+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
193193
admissionReviewVersions: ["v1beta1"]
194194
failurePolicy: Fail
195195
sideEffects: "NoneOnDryRun"
@@ -203,7 +203,7 @@ webhooks:
203203
- name: priorityclass-admitter.teapot.zalan.do
204204
clientConfig:
205205
url: "https://localhost:8085/priorityclass"
206-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
206+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
207207
admissionReviewVersions: ["v1beta1"]
208208
failurePolicy: Fail
209209
sideEffects: "NoneOnDryRun"
@@ -216,7 +216,7 @@ webhooks:
216216
- name: postgresql-admitter.teapot.zalan.do
217217
clientConfig:
218218
url: "https://localhost:8085/postgresql"
219-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
219+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
220220
admissionReviewVersions: ["v1beta1"]
221221
failurePolicy: Fail
222222
sideEffects: "NoneOnDryRun"
@@ -229,7 +229,7 @@ webhooks:
229229
- name: namespace-admitter.teapot.zalan.do
230230
clientConfig:
231231
url: "https://localhost:8085/namespace"
232-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
232+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
233233
admissionReviewVersions: ["v1beta1"]
234234
failurePolicy: Fail
235235
sideEffects: "NoneOnDryRun"
@@ -242,7 +242,7 @@ webhooks:
242242
- name: service-admitter.teapot.zalan.do
243243
clientConfig:
244244
url: "https://localhost:8085/service"
245-
caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
245+
caBundle: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
246246
admissionReviewVersions: ["v1beta1"]
247247
failurePolicy: Fail
248248
sideEffects: "NoneOnDryRun"

cluster/manifests/01-vertical-pod-autoscaler/02-secret.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,6 @@ metadata:
99
type: Opaque
1010
data:
1111
caKey.pem: ""
12-
caCert.pem: "{{ .ConfigItems.ca_cert_decompressed }}"
13-
serverCert.pem: "{{ .ConfigItems.vpa_webhook_cert }}"
14-
serverKey.pem: "{{ .ConfigItems.vpa_webhook_key }}"
12+
caCert.pem: "{{ .Cluster.ConfigItems.ca_cert_decompressed }}"
13+
serverCert.pem: "{{ .Cluster.ConfigItems.vpa_webhook_cert }}"
14+
serverKey.pem: "{{ .Cluster.ConfigItems.vpa_webhook_key }}"

cluster/manifests/02-kube-aws-iam-controller/deployment.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,11 @@ spec:
3333
- "--assume-role={{.Cluster.LocalID}}-worker"
3434
resources:
3535
limits:
36-
cpu: "{{.ConfigItems.kube_aws_iam_controller_cpu}}"
37-
memory: "{{.ConfigItems.kube_aws_iam_controller_mem_max}}"
36+
cpu: "{{.Cluster.ConfigItems.kube_aws_iam_controller_cpu}}"
37+
memory: "{{.Cluster.ConfigItems.kube_aws_iam_controller_mem_max}}"
3838
requests:
39-
cpu: "{{.ConfigItems.kube_aws_iam_controller_cpu}}"
40-
memory: "{{.ConfigItems.kube_aws_iam_controller_mem_max}}"
39+
cpu: "{{.Cluster.ConfigItems.kube_aws_iam_controller_cpu}}"
40+
memory: "{{.Cluster.ConfigItems.kube_aws_iam_controller_mem_max}}"
4141
tolerations:
4242
- key: node.kubernetes.io/role
4343
value: master

cluster/manifests/02-kube-aws-iam-controller/vpa.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,4 @@ spec:
1717
containerPolicies:
1818
- containerName: kube-aws-iam-controller
1919
maxAllowed:
20-
memory: {{.ConfigItems.kube_aws_iam_controller_mem_max}}
20+
memory: {{.Cluster.ConfigItems.kube_aws_iam_controller_mem_max}}

cluster/manifests/03-ebs-csi/controller.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -96,10 +96,10 @@ spec:
9696
resources:
9797
requests:
9898
cpu: 10m
99-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
99+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
100100
limits:
101101
cpu: 10m
102-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
102+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
103103
volumeMounts:
104104
- name: socket-dir
105105
mountPath: /var/lib/csi/sockets/pluginproxy/
@@ -118,10 +118,10 @@ spec:
118118
resources:
119119
requests:
120120
cpu: 10m
121-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
121+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
122122
limits:
123123
cpu: 10m
124-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
124+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
125125
volumeMounts:
126126
- name: socket-dir
127127
mountPath: /var/lib/csi/sockets/pluginproxy/
@@ -140,10 +140,10 @@ spec:
140140
resources:
141141
requests:
142142
cpu: 10m
143-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
143+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
144144
limits:
145145
cpu: 10m
146-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
146+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
147147
volumeMounts:
148148
- name: socket-dir
149149
mountPath: /var/lib/csi/sockets/pluginproxy/

cluster/manifests/03-ebs-csi/vpa.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ spec:
1717
containerPolicies:
1818
- containerName: csi-provisioner
1919
maxAllowed:
20-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
20+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
2121
- containerName: csi-attacher
2222
maxAllowed:
23-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
23+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}
2424
- containerName: csi-resizer
2525
maxAllowed:
26-
memory: {{ .ConfigItems.ebs_csi_controller_sidecar_memory }}
26+
memory: {{ .Cluster.ConfigItems.ebs_csi_controller_sidecar_memory }}

cluster/manifests/cluster-lifecycle-controller/deployment.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,11 @@ spec:
3737
- name: cluster-lifecycle-controller
3838
image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-34
3939
args:
40-
- --drain-grace-period={{.ConfigItems.drain_grace_period}}
41-
- --drain-min-pod-lifetime={{.ConfigItems.drain_min_pod_lifetime}}
42-
- --drain-min-healthy-sibling-lifetime={{.ConfigItems.drain_min_healthy_sibling_lifetime}}
43-
- --drain-min-unhealthy-sibling-lifetime={{.ConfigItems.drain_min_unhealthy_sibling_lifetime}}
44-
- --drain-force-evict-interval={{.ConfigItems.drain_force_evict_interval}}
40+
- --drain-grace-period={{.Cluster.ConfigItems.drain_grace_period}}
41+
- --drain-min-pod-lifetime={{.Cluster.ConfigItems.drain_min_pod_lifetime}}
42+
- --drain-min-healthy-sibling-lifetime={{.Cluster.ConfigItems.drain_min_healthy_sibling_lifetime}}
43+
- --drain-min-unhealthy-sibling-lifetime={{.Cluster.ConfigItems.drain_min_unhealthy_sibling_lifetime}}
44+
- --drain-force-evict-interval={{.Cluster.ConfigItems.drain_force_evict_interval}}
4545
resources:
4646
limits:
4747
cpu: 15m

cluster/manifests/coredns-local/configmap-local.yaml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -49,25 +49,25 @@ data:
4949
name: "5.10.in-addr.arpa."
5050
forward-addr: 127.0.0.1@9254 # coredns
5151
Corefile: |
52-
{{ if and .ConfigItems.custom_dns_zone .ConfigItems.custom_dns_zone_nameservers }}
53-
{{ .ConfigItems.custom_dns_zone }}:9254 {
52+
{{ if and .Cluster.ConfigItems.custom_dns_zone .Cluster.ConfigItems.custom_dns_zone_nameservers }}
53+
{{ .Cluster.ConfigItems.custom_dns_zone }}:9254 {
5454
errors
55-
{{ if ne .ConfigItems.coredns_max_upstream_concurrency "0" }}
56-
forward . {{ .ConfigItems.custom_dns_zone_nameservers }} {
57-
max_concurrent {{ .ConfigItems.coredns_max_upstream_concurrency }}
55+
{{ if ne .Cluster.ConfigItems.coredns_max_upstream_concurrency "0" }}
56+
forward . {{ .Cluster.ConfigItems.custom_dns_zone_nameservers }} {
57+
max_concurrent {{ .Cluster.ConfigItems.coredns_max_upstream_concurrency }}
5858
}
5959
{{ else }}
60-
forward . {{ .ConfigItems.custom_dns_zone_nameservers }}
60+
forward . {{ .Cluster.ConfigItems.custom_dns_zone_nameservers }}
6161
{{ end }}
6262
prometheus :9153
6363
ready :9155
6464
cache 30
6565
}
6666
{{ end }}
6767

68-
{{ if eq .ConfigItems.enable_skipper_eastwest_dns "true"}}
68+
{{ if eq .Cluster.ConfigItems.enable_skipper_eastwest_dns "true"}}
6969
ingress.cluster.local:9254 {
70-
{{ if eq .ConfigItems.skipper_eastwest_dns_log_enabled "true"}}
70+
{{ if eq .Cluster.ConfigItems.skipper_eastwest_dns_log_enabled "true"}}
7171
log
7272
{{ end }}
7373
template IN A {
@@ -85,11 +85,11 @@ data:
8585

8686
# Defines that this server is authority for reverse
8787
# lookups for these ranges.
88-
cluster.local:9254 10.2.0.0/15:9254 10.5.0.0/16:9254 {{ if eq .ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}{{ range $src := split .ConfigItems.tracing_coredns_global_traces_endpoint "," }}{{ $src }}:9254 {{ end }} {{ end }} {
88+
cluster.local:9254 10.2.0.0/15:9254 10.5.0.0/16:9254 {{ if eq .Cluster.ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}{{ range $src := split .Cluster.ConfigItems.tracing_coredns_global_traces_endpoint "," }}{{ $src }}:9254 {{ end }} {{ end }} {
8989
errors
90-
{{ if eq .ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}
90+
{{ if eq .Cluster.ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}
9191
{{- with $cluster := .Cluster }}
92-
{{ range $src := split .ConfigItems.tracing_coredns_global_traces_endpoint "," }}
92+
{{ range $src := split .Cluster.ConfigItems.tracing_coredns_global_traces_endpoint "," }}
9393
rewrite name exact {{ $src }} {{ $cluster.ConfigItems.tracing_coredns_local_zone_traces_endpoint }}
9494
{{ end }}
9595
{{- end }}
@@ -98,24 +98,24 @@ data:
9898
pods insecure
9999
}
100100
cache 30
101-
{{ if eq .ConfigItems.coredns_log_svc_names "true"}}
101+
{{ if eq .Cluster.ConfigItems.coredns_log_svc_names "true"}}
102102
log svc.svc.cluster.local.
103103
{{ end }}
104104
prometheus :9153
105105
ready :9155
106106
}
107107

108108
.:9254 {
109-
{{ if eq .ConfigItems.coredns_log_forward "true"}}
109+
{{ if eq .Cluster.ConfigItems.coredns_log_forward "true"}}
110110
log
111111
{{ end }}
112112
errors
113113
health :9154 # this is global for all servers
114114
ready :9155
115115
prometheus :9153
116-
{{ if ne .ConfigItems.coredns_max_upstream_concurrency "0" }}
116+
{{ if ne .Cluster.ConfigItems.coredns_max_upstream_concurrency "0" }}
117117
forward . /etc/resolv.conf {
118-
max_concurrent {{ .ConfigItems.coredns_max_upstream_concurrency }}
118+
max_concurrent {{ .Cluster.ConfigItems.coredns_max_upstream_concurrency }}
119119
}
120120
{{ else }}
121121
forward . /etc/resolv.conf

cluster/manifests/default-limits/limits.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{ if ne .ConfigItems.teapot_admission_controller_process_resources "true" }}
1+
{{ if ne .Cluster.ConfigItems.teapot_admission_controller_process_resources "true" }}
22
apiVersion: "v1"
33
kind: "LimitRange"
44
metadata:

0 commit comments

Comments
 (0)