From 23c6b7b602be7948509321b049b75023311de25a Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Fri, 22 Nov 2024 18:05:10 +0200 Subject: [PATCH] update local-path-provisioner --- _deployments/vars/coredns-local.yaml | 79 +++++++++---------- .../vars/local-path-storage-result.yaml | 44 +++++++---- _deployments/vars/local-path-storage.yaml | 14 ++-- proxmox/common.tf | 2 +- proxmox/variables.tf | 2 +- 5 files changed, 74 insertions(+), 67 deletions(-) diff --git a/_deployments/vars/coredns-local.yaml b/_deployments/vars/coredns-local.yaml index 0b1b56a..cb9b662 100644 --- a/_deployments/vars/coredns-local.yaml +++ b/_deployments/vars/coredns-local.yaml @@ -38,7 +38,6 @@ data: } kubernetes cluster.local in-addr.arpa ip6.arpa { - endpoint https://api.cluster.local:6443 kubeconfig /etc/coredns/kubeconfig.conf coredns pods insecure ttl 60 @@ -105,47 +104,47 @@ spec: serviceAccountName: coredns enableServiceLinks: false tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists hostNetwork: true containers: - - name: coredns - image: coredns/coredns:1.11.1 - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - args: [ "-conf", "/etc/coredns/Corefile.local" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - readOnly: true - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /health - port: 8091 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true + - name: coredns + image: coredns/coredns:1.11.1 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + args: ["-conf", "/etc/coredns/Corefile.local"] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + livenessProbe: + httpGet: + host: 127.0.0.1 + path: /health + port: 8091 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true dnsPolicy: Default volumes: - name: config-volume diff --git a/_deployments/vars/local-path-storage-result.yaml b/_deployments/vars/local-path-storage-result.yaml index 0192f35..50b4c43 100644 --- a/_deployments/vars/local-path-storage-result.yaml +++ b/_deployments/vars/local-path-storage-result.yaml @@ -7,9 +7,9 @@ metadata: namespace: local-path-storage labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm imagePullSecrets: --- @@ -21,9 +21,9 @@ metadata: namespace: local-path-storage labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm data: config.json: |- @@ -50,6 +50,7 @@ data: kind: Pod metadata: name: helper-pod + namespace: local-path-storage spec: priorityClassName: system-node-critical tolerations: @@ -60,6 +61,10 @@ data: - name: helper-pod image: busybox:latest imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 64Mi --- # Source: local-path-provisioner/templates/storageclass.yaml apiVersion: storage.k8s.io/v1 @@ -68,9 +73,9 @@ metadata: name: local-path labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm annotations: storageclass.kubernetes.io/is-default-class: "true" @@ -87,9 +92,9 @@ metadata: name: local-path-provisioner labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] @@ -112,9 +117,9 @@ metadata: name: local-path-provisioner labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -133,9 +138,9 @@ metadata: namespace: local-path-storage labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm rules: - apiGroups: [""] @@ -150,9 +155,9 @@ metadata: namespace: local-path-storage labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io @@ -171,9 +176,9 @@ metadata: namespace: local-path-storage labels: app.kubernetes.io/name: local-path-provisioner - helm.sh/chart: local-path-provisioner-0.0.25 + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner - app.kubernetes.io/version: "v0.0.25" + app.kubernetes.io/version: "v0.0.30" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -185,7 +190,10 @@ spec: metadata: labels: app.kubernetes.io/name: local-path-provisioner + helm.sh/chart: local-path-provisioner-0.0.30 app.kubernetes.io/instance: local-path-provisioner + app.kubernetes.io/version: "v0.0.30" + app.kubernetes.io/managed-by: Helm spec: serviceAccountName: local-path-provisioner securityContext: @@ -202,7 +210,7 @@ spec: runAsUser: 65534 seccompProfile: type: RuntimeDefault - image: "rancher/local-path-provisioner:v0.0.26" + image: "rancher/local-path-provisioner:v0.0.30" imagePullPolicy: IfNotPresent command: - local-path-provisioner @@ -224,6 +232,8 @@ spec: env: - name: POD_NAMESPACE value: local-path-storage + - name: CONFIG_MOUNT_PATH + value: /etc/config/ resources: limits: cpu: 50m diff --git a/_deployments/vars/local-path-storage.yaml b/_deployments/vars/local-path-storage.yaml index fd5ecc6..0396a57 100644 --- a/_deployments/vars/local-path-storage.yaml +++ b/_deployments/vars/local-path-storage.yaml @@ -1,8 +1,3 @@ - -image: - repository: rancher/local-path-provisioner - tag: v0.0.26 - storageClass: create: true defaultClass: true @@ -13,9 +8,6 @@ nodePathMap: paths: - /var/data -configmap: - name: local-path-config - securityContext: allowPrivilegeEscalation: false seccompProfile: @@ -34,6 +26,12 @@ resources: cpu: 50m memory: 32Mi +helperPod: + resources: + requests: + cpu: 100m + memory: 64Mi + nodeSelector: node-role.kubernetes.io/control-plane: "" tolerations: diff --git a/proxmox/common.tf b/proxmox/common.tf index 576b411..5b4fe9b 100644 --- a/proxmox/common.tf +++ b/proxmox/common.tf @@ -15,7 +15,7 @@ resource "proxmox_virtual_environment_download_file" "talos" { # Hash: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba customization: {} # Hash: 14e9b0100f05654bedf19b92313cdc224cbff52879193d24f3741f1da4a3cbb1 customization: siderolabs/binfmt-misc decompression_algorithm = "zst" - url = "https://factory.talos.dev/image/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v${var.release}/nocloud-amd64.raw.xz" + url = "https://factory.talos.dev/image/14e9b0100f05654bedf19b92313cdc224cbff52879193d24f3741f1da4a3cbb1/v${var.release}/nocloud-amd64.raw.xz" } resource "proxmox_virtual_environment_vm" "template" { diff --git a/proxmox/variables.tf b/proxmox/variables.tf index e7dd764..3920fc9 100644 --- a/proxmox/variables.tf +++ b/proxmox/variables.tf @@ -26,7 +26,7 @@ variable "vpc_main_cidr" { variable "release" { type = string description = "The version of the Talos image" - default = "1.8.2" + default = "1.8.3" } data "sops_file" "tfvars" {