diff --git a/dependencies/cert-manager.yaml b/dependencies/cert-manager.yaml index 9c2f08c..5f5654a 100644 --- a/dependencies/cert-manager.yaml +++ b/dependencies/cert-manager.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: cert-manager - version: v1.9.1 + version: v1.13.3 sourceRef: kind: HelmRepository name: jetstack diff --git a/helm-releases/external-secrets.yaml b/helm-releases/external-secrets.yaml index 81f4c41..1045897 100644 --- a/helm-releases/external-secrets.yaml +++ b/helm-releases/external-secrets.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: external-secrets - version: 0.5.9 + version: 0.9.11 sourceRef: kind: HelmRepository name: external-secrets diff --git a/helm-releases/grafana.yaml b/helm-releases/grafana.yaml index a2b5526..f21c33e 100644 --- a/helm-releases/grafana.yaml +++ b/helm-releases/grafana.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: grafana - version: 6.52.1 + version: 7.2.4 sourceRef: kind: HelmRepository name: grafana diff --git a/helm-releases/image-builder.yaml b/helm-releases/image-builder.yaml index 4c1914f..cfe6ce4 100644 --- a/helm-releases/image-builder.yaml +++ b/helm-releases/image-builder.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: onechart - version: 0.57.0 + version: 0.64.0 sourceRef: kind: HelmRepository name: onechart diff --git a/helm-releases/ingress-nginx.yaml b/helm-releases/ingress-nginx.yaml index 2949c73..be599dd 100644 --- a/helm-releases/ingress-nginx.yaml +++ b/helm-releases/ingress-nginx.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.2.3 + version: 4.9.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/helm-releases/keda.yaml b/helm-releases/keda.yaml index 2ed1c3c..0a05baa 100644 --- a/helm-releases/keda.yaml +++ b/helm-releases/keda.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: keda - version: 2.9.3 + version: 2.13.1 sourceRef: kind: HelmRepository name: keda diff --git a/helm-releases/kyverno.yaml b/helm-releases/kyverno.yaml deleted file mode 100644 index 9304605..0000000 --- a/helm-releases/kyverno.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{ if .kyverno.enabled -}} ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: kyverno - namespace: infrastructure -spec: - interval: 60m - releaseName: kyverno - chart: - spec: - chart: kyverno - version: v2.5.1 - sourceRef: - kind: HelmRepository - name: kyverno - interval: 10m - values: - podAnnotations: - prometheus.io/port: "8000" - prometheus.io/scrape: "true" - extraArgs: - - --background-scan=30s ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: kyverno-policies - namespace: infrastructure -spec: - interval: 60m - releaseName: kyverno-policies - chart: - spec: - chart: kyverno-policies - version: v2.5.5 - sourceRef: - kind: HelmRepository - name: kyverno - interval: 10m - values: - podSecurityStandard: {{ .kyverno.podSecurityStandard }} - validationFailureAction: audit ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: kyverno-policy-reporter - namespace: infrastructure -spec: - interval: 60m - releaseName: kyverno-policy-reporter - chart: - spec: - chart: policy-reporter - version: 2.13.0 - sourceRef: - kind: HelmRepository - name: kyverno-policy-reporter - interval: 10m - values: - podAnnotations: - prometheus.io/port: "2112" - prometheus.io/scrape: "true" -{{- end }} diff --git a/helm-releases/prometheus-node-exporter.yaml b/helm-releases/prometheus-node-exporter.yaml index 57b1da8..c5d5c6c 100644 --- a/helm-releases/prometheus-node-exporter.yaml +++ b/helm-releases/prometheus-node-exporter.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: prometheus-node-exporter - version: 4.23.2 + version: 4.25.0 sourceRef: kind: HelmRepository name: prometheus diff --git a/helm-releases/prometheus.yaml b/helm-releases/prometheus.yaml index fe803dd..5f4890b 100644 --- a/helm-releases/prometheus.yaml +++ b/helm-releases/prometheus.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: prometheus - version: 25.1.0 + version: 25.10.0 sourceRef: kind: HelmRepository name: prometheus diff --git a/helm-releases/promtail.yaml b/helm-releases/promtail.yaml index 9f3cdd2..4efb09e 100644 --- a/helm-releases/promtail.yaml +++ b/helm-releases/promtail.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: promtail - version: 6.0.0 + version: 6.15.3 sourceRef: kind: HelmRepository name: grafana diff --git a/helm-releases/sealed-secrets.yaml b/helm-releases/sealed-secrets.yaml index cb183f3..8645d5e 100644 --- a/helm-releases/sealed-secrets.yaml +++ b/helm-releases/sealed-secrets.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: sealed-secrets - version: 2.13.4 + version: 2.14.2 sourceRef: kind: HelmRepository name: sealed-secrets diff --git a/helm-releases/tempo.yaml b/helm-releases/tempo.yaml deleted file mode 100644 index 92bddf0..0000000 --- a/helm-releases/tempo.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .tempo.enabled -}} ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: tempo - namespace: infrastructure -spec: - interval: 60m - releaseName: tempo - chart: - spec: - chart: tempo - version: 0.15.4 - sourceRef: - kind: HelmRepository - name: grafana - interval: 10m - values: - installCRDs: true -{{- end }} diff --git a/stack-definition.yaml b/stack-definition.yaml index af7cb49..2b1b385 100644 --- a/stack-definition.yaml +++ b/stack-definition.yaml @@ -13,7 +13,7 @@ categories: - name: "📑 Logging" id: logging - name: "🔄 Autoscaling" - id: autoscaling + id: autoscaling - name: "🔢 Metrics" id: metrics - name: "🔐 Secrets" @@ -31,7 +31,7 @@ components: variable: k3s category: cloud logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/k3s.svg - description: 'Enable k3s defaults to better integrate with locally running K3s, K3d and Rancher Desktop' + description: "Enable k3s defaults to better integrate with locally running K3s, K3d and Rancher Desktop" onePager: |- Enable k3s defaults to better integrate with locally running K3s, K3d and Rancher Desktop schema: |- @@ -96,7 +96,7 @@ components: variable: civo category: cloud logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/civo.svg - description: 'Enable CIVO Cloud defaults to better integrate into the CIVO landscape' + description: "Enable CIVO Cloud defaults to better integrate into the CIVO landscape" onePager: |- Enable CIVO Cloud defaults to better integrate into the CIVO landscape schema: |- @@ -160,7 +160,7 @@ components: variable: nginx category: ingress logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/nginx.png - description: 'An Nginx proxy server that routes traffic to your applications based on the host name or path.' + description: "An Nginx proxy server that routes traffic to your applications based on the host name or path." onePager: |- ### What do you get with Nginx? @@ -185,11 +185,11 @@ components: ``` $ kubectl get services --namespace infrastructure - + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/nginx-nginx-ingress-controller LoadBalancer 10.43.199.76 1.2.3.4 80:30377/TCP,443:31126/TCP 114s ``` - + **Using a real Kubernetes cluster** the EXTERNAL-IP field is set within a couple of minutes by your cloud provider. Once the EXTERNAL-IP is visible, point a wildcard DNS entry `*.yourdomain.com` to that address. @@ -198,7 +198,7 @@ components: First, port forward the nginx controller to your laptop with the `kubectl port-forward -n infrastructure svc/ingress-nginx-controller 8080:80` command. This will make the ingress controller reachable on the `127.0.0.1` address. However ingresses require DNS names, so we will use the nip.io dynamic DNS service for it. - + Using nip.io - 10.0.0.1.nip.io resolves to 10.0.0.1 - similarly 127.0.0.1.nip.io will resolve to 127.0.0.1 @@ -268,7 +268,7 @@ components: variable: certManager category: ingress logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/certManager.png - description: '' + description: "" onePager: |- ### What do you get with Cert Manager? @@ -382,7 +382,7 @@ components: variable: loki category: logging logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/loki.png - description: '' + description: "" onePager: |- ### What do you get with Loki? @@ -505,7 +505,7 @@ components: variable: grafanaCloud category: logging logo: https://grafana.com/static/img/menu/grafana2.svg - description: '' + description: "" onePager: |- Install Promtail to ship logs to Grafana Cloud. schema: |- @@ -560,7 +560,7 @@ components: variable: eventExporter category: logging logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/opsgenie.png - description: '' + description: "" onePager: |- Install Kubernetes Event Exporter to log all Kubernetes events. schema: |- @@ -591,7 +591,7 @@ components: variable: prometheus category: metrics logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/prometheus.svg - description: '' + description: "" onePager: |- ### What do you get with Prometheus? - Infrastructure metrics and dashboards @@ -731,7 +731,7 @@ components: variable: sealedSecrets category: secrets logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/sealedSecrets.svg - description: '' + description: "" onePager: |- ### What do you get with Sealed Secrets? - A secret manager that allows a simple secret workflow for gitops repositories. @@ -836,7 +836,7 @@ components: variable: externalSecrets category: secrets logo: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-medium.png - description: '' + description: "" onePager: |- The project extends the Kubernetes API by adding an ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself. @@ -872,128 +872,11 @@ components: "metaData": {} } ] - - name: Grafana Tempo - variable: tempo - category: tracing - logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/tempo.png - description: '' - onePager: |- - ### What do you get with Tempo? - - Grafana Tempo is an open source, easy-to-use and high-volume distributed tracing backend. Tempo is cost-efficient, requiring only object storage to operate, and is deeply integrated with Grafana, Prometheus, and Loki. - - ### How to verify the deployment? - - ``` - $ kubectl get pods --namespace infrastructure | grep tempo - - NAME READY STATUS RESTARTS AGE - tempo-0 1/1 Running 0 1m - ``` - - - schema: |- - { - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "type": "object", - "title": "The root schema", - "description": "The root schema comprises the entire JSON document.", - "properties": { - "enabled": { - "$id": "#/properties/enabled", - "type": "boolean", - "title": "Enabled" - }, - "sampleTraceData": { - "$id": "#/properties/sampleTraceData", - "type": "boolean", - "title": "Sample Trace Data" - } - } - } - uiSchema: |- - [ - { - "schemaIDs": [ - "#/properties/enabled", - "#/properties/sampleTraceData" - ], - "uiSchema": {}, - "metaData": {} - } - ] - - name: Kyverno - variable: kyverno - category: policy - logo: https://raw.githubusercontent.com/kyverno/kyverno/main/img/logo.png - description: '' - onePager: |- - ### What do you get with Kyverno? - - Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git. - - ### How to verify the deployment? - - ``` - $ kubectl get pods --namespace infrastructure | grep kyverno - - NAME READY STATUS RESTARTS AGE - kyverno-5ccd8d64b4-5vqlk 1/1 Running 0 1m - ``` - - ### Validate the deployed policies - - ``` - kubectl get policyreport -A - kubectl get clusterpolicyreport - ``` - - ### Check policy reports - - kubectl describe polr polr-ns-staging -n staging | grep "Result: \+fail" -B10 - - or in Grafana on the "Poilicy Reports" dashboard - - schema: |- - { - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "http://example.com/example.json", - "type": "object", - "title": "The root schema", - "description": "The root schema comprises the entire JSON document.", - "properties": { - "enabled": { - "$id": "#/properties/enabled", - "type": "boolean", - "title": "Enabled" - }, - "podSecurityStandard": { - "$id": "#/properties/podSecurityStandard", - "type": "string", - "title": "Security Standard", - "enum": [ - "baseline", - "restricted" - ], - "default": "baseline" - } - } - } - uiSchema: |- - [ - { - "schemaIDs": [ - "#/properties/enabled", - "#/properties/podSecurityStandard" - ], - "uiSchema": {}, - "metaData": {} - } - ] - name: OAuth2Proxy variable: oauth2Proxy category: ingress logo: https://raw.githubusercontent.com/oauth2-proxy/oauth2-proxy/master/docs/static/img/logos/OAuth2_Proxy_icon.svg - description: '' + description: "" onePager: |- ### What do you get with OAuth2Proxy? - You can authenticate your internal services with Github @@ -1101,7 +984,7 @@ components: variable: gimlet category: gimlet logo: https://gimlet.io/logo.svg - description: '' + description: "" onePager: |- schema: |- @@ -1225,7 +1108,7 @@ components: variable: gimletAgent category: gimlet logo: https://gimlet.io/logo.svg - description: '' + description: "" onePager: |- schema: |- @@ -1273,7 +1156,7 @@ components: variable: imageBuilder category: gimlet logo: https://cncf-branding.netlify.app/img/projects/buildpacks/icon/black/buildpacks-icon-black.png - description: '' + description: "" onePager: "Image builder is a simple web server application that handles file uploads and builds images from it." schema: |- @@ -1303,8 +1186,8 @@ components: - name: Namespaces variable: namespaces category: system - logo: 'https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/system.svg' - description: '' + logo: "https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/system.svg" + description: "" onePager: |- schema: |- @@ -1351,7 +1234,7 @@ components: variable: keda category: autoscaling logo: https://keda.sh/img/logos/keda-horizontal-color.png - description: '' + description: "" onePager: "KEDA is an alternative solution for Prometheus Adapter, it gives you a simple, straightforward and efficient approach to autoscale your application." schema: |- { @@ -1381,7 +1264,7 @@ components: variable: dockerRegistry category: registry logo: https://d1q6f0aelx0por.cloudfront.net/product-logos/library-registry-logo.png - description: '' + description: "" onePager: "Docker registry is a storage and distribution system for named Docker images." schema: |- { @@ -1408,7 +1291,19 @@ components: } ] changeLog: | - - 🍎 The HelmRelease kind was promoted from v2beta1 to v2beta2. + - 🦋 Upgraded all stack components to latest version possible! + - 🍏 External Secrets upgraded to v0.9.11 + - 🍏 Grafana upgraded to 10.3.1 + - 🍏 Ingress Nginx upgraded to 1.9.6 + - 🍏 Keda upgraded to 2.13.0 + - 🍏 Prometheus Node Exporter upgraded to 1.7.0 + - 🍏 Prometheus upgraded to v2.49.1 + - 🍏 Promtail upgraded to 2.9.3 + - 🍏 Sealed Secrets upgraded to 0.25.0 v1.13.3 + - 🍏 Cert Manager upgraded to v1.13.3 + - ❗ Deprication Alert: + - Kyverno and Grafana tempo are depricated and no longer supported, existing users won't face any disruptions, but they won't receive any further updates either. + message: | Hey 👋 Laszlo here, the founder of Gimlet.io @@ -1423,7 +1318,7 @@ message: | Now that you generated Kubernetes resources from your stack, maybe you are interested in how to manage it in the future - + 👉 https://gimlet.io/docs/managing-infrastructure-components Onwards!