update components

pull/1381/head
gjmzj 2024-05-18 15:06:04 +08:00
parent 1cc6b8c878
commit a9bd7f4163
3 changed files with 58 additions and 24 deletions

16
ezdown
View File

@ -13,14 +13,14 @@ set -o pipefail
#set -o xtrace #set -o xtrace
# default settings, can be overridden by cmd line options, see usage # default settings, can be overridden by cmd line options, see usage
DOCKER_VER=25.0.3 DOCKER_VER=26.1.3
KUBEASZ_VER=3.6.3 KUBEASZ_VER=3.6.3
K8S_BIN_VER=v1.29.2 K8S_BIN_VER=v1.30.1
# https://github.com/easzlab/dockerfile-kubeasz-ext-bin # https://github.com/easzlab/dockerfile-kubeasz-ext-bin
EXT_BIN_VER=1.10.0 EXT_BIN_VER=1.10.1
# https://github.com/easzlab/dockerfile-kubeasz-sys-pkg # https://github.com/easzlab/dockerfile-kubeasz-sys-pkg
SYS_PKG_VER=1.0.0 SYS_PKG_VER=1.0.1
HARBOR_VER=v2.8.4 HARBOR_VER=v2.10.2
REGISTRY_MIRROR=CN REGISTRY_MIRROR=CN
# images downloaded by default(with 'ezdown -D') # images downloaded by default(with 'ezdown -D')
@ -29,11 +29,11 @@ calicoVer=v3.26.4
# https://github.com/coredns/coredns # https://github.com/coredns/coredns
corednsVer=1.11.1 corednsVer=1.11.1
# https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/ # https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/
dnsNodeCacheVer=1.22.23 dnsNodeCacheVer=1.22.28
dashboardVer=v2.7.0 dashboardVer=v2.7.0
dashboardMetricsScraperVer=v1.0.8 dashboardMetricsScraperVer=v1.0.8
# https://github.com/kubernetes-sigs/metrics-server # https://github.com/kubernetes-sigs/metrics-server
metricsVer=v0.6.4 metricsVer=v0.7.1
pauseVer=3.9 pauseVer=3.9
# images not downloaded by default(only download with 'ezdown -X ***') # images not downloaded by default(only download with 'ezdown -X ***')
@ -46,7 +46,7 @@ kubeRouterVer=v1.5.4
# https://github.com/kubeovn/kube-ovn # https://github.com/kubeovn/kube-ovn
kubeOvnVer=v1.11.5 kubeOvnVer=v1.11.5
# https://github.com/rancher/local-path-provisioner # https://github.com/rancher/local-path-provisioner
localpathProvisionerVer=v0.0.24 localpathProvisionerVer=v0.0.26
# https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner # https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
nfsProvisionerVer=v4.0.2 nfsProvisionerVer=v4.0.2
#https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack #https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack

View File

@ -5,24 +5,50 @@ metadata:
name: local-path-provisioner-service-account name: local-path-provisioner-service-account
namespace: kube-system namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: local-path-provisioner-role
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: local-path-provisioner-role name: local-path-provisioner-role
rules: rules:
- apiGroups: [ "" ] - apiGroups: [""]
resources: [ "nodes", "persistentvolumeclaims", "configmaps" ] resources: ["nodes", "persistentvolumeclaims", "configmaps", "pods", "pods/log"]
verbs: [ "get", "list", "watch" ] verbs: ["get", "list", "watch"]
- apiGroups: [ "" ] - apiGroups: [""]
resources: [ "endpoints", "persistentvolumes", "pods" ] resources: ["persistentvolumes"]
verbs: [ "*" ] verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [ "" ] - apiGroups: [""]
resources: [ "events" ] resources: ["events"]
verbs: [ "create", "patch" ] verbs: ["create", "patch"]
- apiGroups: [ "storage.k8s.io" ] - apiGroups: ["storage.k8s.io"]
resources: [ "storageclasses" ] resources: ["storageclasses"]
verbs: [ "get", "list", "watch" ] verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: local-path-provisioner-bind
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: local-path-provisioner-role
subjects:
- kind: ServiceAccount
name: local-path-provisioner-service-account
namespace: kube-system
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@ -117,9 +143,12 @@ data:
metadata: metadata:
name: helper-pod name: helper-pod
spec: spec:
priorityClassName: system-node-critical
tolerations:
- key: node.kubernetes.io/disk-pressure
operator: Exists
effect: NoSchedule
containers: containers:
- name: helper-pod - name: helper-pod
image: easzlab.io.local:5000/rancher/local-path-provisioner:{{ local_path_provisioner_ver }} image: easzlab.io.local:5000/rancher/local-path-provisioner:{{ local_path_provisioner_ver }}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent

View File

@ -133,7 +133,7 @@ spec:
containers: containers:
- args: - args:
- --cert-dir=/tmp - --cert-dir=/tmp
- --secure-port=4443 - --secure-port=10250
- --kubelet-insecure-tls - --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port - --kubelet-use-node-status-port
@ -150,7 +150,7 @@ spec:
periodSeconds: 10 periodSeconds: 10
name: metrics-server name: metrics-server
ports: ports:
- containerPort: 4443 - containerPort: 10250
name: https name: https
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
@ -167,9 +167,14 @@ spec:
memory: 200Mi memory: 200Mi
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts: volumeMounts:
- mountPath: /tmp - mountPath: /tmp
name: tmp-dir name: tmp-dir