Code Monkey home page Code Monkey logo

ks-devops-helm-chart's Introduction

ks-devops-helm-chart

License GitHub All Releases

KubeSphere official helm chart for KubeSphere DevOps.

Usage

Helm must be installed to use the charts. Please refer to Helm's documentation to get started.

Once Helm is set up properly, add the repo as follows:

helm repo add ks-devops https://kubesphere-sigs.github.io/ks-devops-helm-chart/

you can then do

helm search repo ks-devops
helm install devops ks-devops/ks-devops --namespace kubesphere-devops-system --create-namespace

Argo CD support

Install it via the following instructions:

helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd --version 4.4.0 argo/argo-cd --namespace argocd --create-namespace

or, you could use the following instrctions to unintall it:

helm uninstall --namespace argocd argocd

Configuration

See chart readme for install and config options.

Repository

You can browse the chart repository, browse the site

Or view the YAML at: index.yaml

ks-devops-helm-chart's People

Contributors

123liubao avatar chilianyi avatar daniel-hutao avatar johnniang avatar ks-ci-bot avatar linuxsuren avatar mangogoforward avatar seanly avatar yjuns avatar yudong2015 avatar zhbinary avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

linuxsuren johnniang foreverif yjuns mangogoforward shihaoh 123liubao lxm kubesphere-community chengleqi chilianyi yudong2015 sohan-cyber ks-ci-bot zhbinary niconical phamcs kubenoops

ks-devops-helm-chart's Issues

How to upgrade caBundle?

The ca root certificate has expired.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            96:f1:e6:1b:01:8b:76:5d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = KUBESPHERE
        Validity
            Not Before: Apr 26 06:08:48 2021 GMT
            Not After : Feb 14 06:08:48 2024 GMT
        Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = KUBESPHERE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)

Failed to upgrade helm chart due to invalid webhook configured

Recently, when I tried to upgrade devops helm chart, I got the following error:

╰─⠠⠵ make install-chart
helm lint charts/ks-devops
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/johnniang/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/johnniang/.kube/config
==> Linting charts/ks-devops
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, 0 chart(s) failed
helm upgrade --install ks-devops charts/ks-devops -n kubesphere-devops-system --create-namespace \
         --set image.pullPolicy=Always --set jenkins.ksAuth.enabled=true
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/johnniang/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/johnniang/.kube/config
W1031 19:52:31.019418   30641 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
W1031 19:52:31.021880   30641 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
W1031 19:52:31.035644   30641 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
Error: UPGRADE FAILED: cannot patch "binary" with kind S2iBuilderTemplate: Internal error occurred: failed calling webhook "s2ibuildertemplate.kb.io": Post "https://webhook-server-service.kubesphere-devops-system.svc:443/validate-devops-kubesphere-io-v1alpha1-s2ibuildertemplate?timeout=10s": dial tcp 10.100.103.119:443: connect: connection refused
make: *** [Makefile:5: install-chart] Error 1

/kind bug

Some built-in APIs have been deprecated in v1.19+ and will be unavailable in v1.22+

When I install ks-devops helm chart, some warnings appear. And I notice that some built-in APIs have been deprecated in v1.19+ and will be unavailable in v1.22+.

I suggest that we are suppose to fix them as soon as possible before releasing KubeSphere v3.2.

╭─johnniang at x1c in /mnt/c/Users/johnniang 21-09-13 - 18:47:41
╰─○ helm install ks-devops ks-devops/ks-devops -n kubesphere-devops-system --create-namespace \
                 --set image.pullPolicy=Always --set jenkins.ksAuth.enabled=true
W0913 18:47:45.696024    7240 warnings.go:70] networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
W0913 18:47:45.698408    7240 warnings.go:70] admissionregistration.k8s.io/v1beta1 MutatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration
W0913 18:47:45.719926    7240 warnings.go:70] admissionregistration.k8s.io/v1beta1 ValidatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration
W0913 18:47:48.392806    7240 warnings.go:70] networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
W0913 18:47:48.417016    7240 warnings.go:70] admissionregistration.k8s.io/v1beta1 MutatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration
W0913 18:47:48.593720    7240 warnings.go:70] admissionregistration.k8s.io/v1beta1 ValidatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration
NAME: ks-devops
LAST DEPLOYED: Mon Sep 13 18:47:45 2021
NAMESPACE: kubesphere-devops-system
STATUS: deployed
REVISION: 1
NOTES:
echo "Visit http://jenkins.devops.kubesphere.local:30180 to use your application"


1. Get your 'admin' user password of Jenkins by running:
  kubectl get secret --namespace kubesphere-devops-system ks-devops-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode;echo

2. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace kubesphere-devops-system -l "app.kubernetes.io/name=ks-devops,app.kubernetes.io/instance=ks-devops" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace kubesphere-devops-system port-forward $POD_NAME 8080:9090

jenkins always restart caused by OOM

1、JAVA_TOOL_OPTIONS 参数名没问题,无需修改为 JAVA_OPTS

2、JAVA_TOOL_OPTIONS 中 JVM 参数配置,-XX:MaxRAMPercentage=80 -XX:MinRAMPercentage=60,其中 MinRAMPercentage 无作用,需去掉,MaxRAMPercentage 修改为 70%,
修改为:-XX:InitialRAMPercentage=70 -XX:MaxRAMPercentage=70

3、resources 中 requests 和 limits 的 memory 保持一致,都使用 4Gi,后续需要调整时也需要注意保证两者值相同。

4、升级 Jenkins image 中 JDK 版本,>=11.0.16

[release-3.4] Fix double quotation error

Manual cherrypick required.

#124 failed to apply on top of branch "release-3.4":

Applying: Fix double quotation error
Using index info to reconstruct a base tree...
M	charts/ks-devops/templates/cluster-step-templates.yaml
Falling back to patching base and 3-way merge...
Auto-merging charts/ks-devops/templates/cluster-step-templates.yaml
CONFLICT (content): Merge conflict in charts/ks-devops/templates/cluster-step-templates.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Fix double quotation error
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

FAILED TO EXPORT CasC: ServiceAccountCredential is missing its descriptor

Got errors when I visit http://ip:30180/configuration-as-code/viewExport

        FAILED TO EXPORT
        com.cloudbees.plugins.credentials.domains.DomainCredentials#credentials: java.lang.AssertionError: class org.csanchez.jenkins.plugins.kubernetes.ServiceAccountCredential is missing its descriptor
          at jenkins.model.Jenkins.getDescriptorOrDie(Jenkins.java:1600)
          at com.cloudbees.plugins.credentials.BaseCredentials.getDescriptor(BaseCredentials.java:76)
          at com.cloudbees.plugins.credentials.BaseCredentials.getDescriptor(BaseCredentials.java:34)
          at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$6(HeteroDescribableConfigurator.java:114)
          at io.vavr.control.Option.map(Option.java:392)
          at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:109)
          at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:55)
          at io.jenkins.plugins.casc.Attribute._describe(Attribute.java:328)
          at io.jenkins.plugins.casc.Attribute.describe(Attribute.java:257)
          at io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator.describe(DataBoundConfigurator.java:316)
          at io.jenkins.plugins.casc.Attribute._describe(Attribute.java:328)
          at io.jenkins.plugins.casc.Attribute.describe(Attribute.java:257)
          at com.cloudbees.plugins.credentials.casc.SystemCredentialsProviderConfigurator.describe(SystemCredentialsProviderConfigurator.java:76)
          at com.cloudbees.plugins.credentials.casc.SystemCredentialsProviderConfigurator.describe(SystemCredentialsProviderConfigurator.java:48)
          at io.jenkins.plugins.casc.Attribute._describe(Attribute.java:328)
          at io.jenkins.plugins.casc.Attribute.describe(Attribute.java:264)
          at com.cloudbees.plugins.credentials.casc.CredentialsRootConfigurator.describe(CredentialsRootConfigurator.java:106)
          at com.cloudbees.plugins.credentials.casc.CredentialsRootConfigurator.describe(CredentialsRootConfigurator.java:59)

[release-3.4] Fix double quotation error

Manual cherrypick required.

#124 failed to apply on top of branch "release-3.4":

Applying: Fix double quotation error
Using index info to reconstruct a base tree...
M	charts/ks-devops/templates/cluster-step-templates.yaml
Falling back to patching base and 3-way merge...
Auto-merging charts/ks-devops/templates/cluster-step-templates.yaml
CONFLICT (content): Merge conflict in charts/ks-devops/templates/cluster-step-templates.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Fix double quotation error
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

[release-3.4] bugfix: the reactions not work well

Manual cherrypick required.

#117 failed to apply on top of branch "release-3.4":

Applying: bugfix: the reactions not work well
Using index info to reconstruct a base tree...
M	charts/ks-devops/templates/cluster-step-templates.yaml
Falling back to patching base and 3-way merge...
Auto-merging charts/ks-devops/templates/cluster-step-templates.yaml
CONFLICT (content): Merge conflict in charts/ks-devops/templates/cluster-step-templates.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 bugfix: the reactions not work well
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

FAILED TO EXPORT CasC: Rejected dangerous permission

Got errors when I visit http://ip:30180/configuration-as-code/viewExport

  authorizationStrategy: |-
    FAILED TO EXPORT
    hudson.model.Hudson#authorizationStrategy: java.lang.SecurityException: Rejected dangerous permission: hudson.model.Hudson.UploadPlugins
      at org.jenkinsci.plugins.rolestrategy.permissions.PermissionHelper.fromStrings(PermissionHelper.java:80)
      at com.michelin.cio.hudson.plugins.rolestrategy.Role.<init>(Role.java:98)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.getRole(RoleDefinition.java:55)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition.<init>(RoleDefinition.java:41)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.lambda$getRoleDefinition$2(RoleBasedAuthorizationStrategyConfigurator.java:86)
      at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
      at java.util.Collections$UnmodifiableMap$UnmodifiableEntrySet.lambda$entryConsumer$0(Collections.java:1577)
      at java.util.concurrent.ConcurrentSkipListMap$EntrySpliterator.forEachRemaining(ConcurrentSkipListMap.java:3535)
      at java.util.Collections$UnmodifiableMap$UnmodifiableEntrySet$UnmodifiableEntrySetSpliterator.forEachRemaining(Collections.java:1602)
      at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
      at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
      at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
      at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
      at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.getRoleDefinitions(RoleBasedAuthorizationStrategyConfigurator.java:76)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.lambda$describe$0(RoleBasedAuthorizationStrategyConfigurator.java:67)
      at io.jenkins.plugins.casc.Attribute.getValue(Attribute.java:235)
      at io.jenkins.plugins.casc.Attribute.equals(Attribute.java:337)
      at io.jenkins.plugins.casc.BaseConfigurator.compare(BaseConfigurator.java:389)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.describe(RoleBasedAuthorizationStrategyConfigurator.java:94)
      at org.jenkinsci.plugins.rolestrategy.casc.RoleBasedAuthorizationStrategyConfigurator.describe(RoleBasedAuthorizationStrategyConfigurator.java:34)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$convertToNode$de0cd4f8$1(HeteroDescribableConfigurator.java:282)
      at io.vavr.CheckedFunction0.lambda$unchecked$52349c75$1(CheckedFunction0.java:247)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.convertToNode(HeteroDescribableConfigurator.java:282)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.lambda$describe$5(HeteroDescribableConfigurator.java:107)
      at io.vavr.control.Option.map(Option.java:392)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:107)
      at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:55)
      at io.jenkins.plugins.casc.Attribute._describe(Attribute.java:328)
      at io.jenkins.plugins.casc.Attribute.describe(Attribute.java:264)
      at io.jenkins.plugins.casc.Configurator.describe(Configurator.java:183)

About the security warning. You can get more details from the following references:

[Jenkins] Jenkins restarted frequently while using latest unreleased ks-jenkins

What happened

Jenkins pod restarted frequently while using latest unreleased ks-jenkins for testing,

129dbb59d8d4dbd9de71d519efca8b8

with following JVM options:

-Xms1200m
-Xmx1600m
-XX:MaxRAM=2g
-Dhudson.slaves.NodeProvisioner.initialDelay=20
-Dhudson.slaves.NodeProvisioner.MARGIN=50
-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
-Dhudson.model.LoadStatistics.clock=5000
-Dhudson.model.LoadStatistics.decay=0.2
-Dhudson.slaves.NodeProvisioner.recurrencePeriod=5000
-Dhudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID=true
-Dio.jenkins.plugins.casc.ConfigurationAsCode.initialDelay=10000
-Djenkins.install.runSetupWizard=false
-XX:+UseG1GC
-XX:+UseStringDeduplication
-XX:+ParallelRefProcEnabled
-XX:+DisableExplicitGC
-XX:+UnlockDiagnosticVMOptions
-XX:+UnlockExperimentalVMOptions

BTW, I was using one of the following images to test ks-jenkins.

# DIGEST:sha256:7d252ffe7afb2c13bcc1b7d88f1eae7244513dfc14fe280d440e6aeb2f3ad7ff
ghcr.io/kubesphere/ks-jenkins:master
# Or
# DIGEST:sha256:d58eb71c7776f6eeccfd620b12d1bd4d3ecaad1ff7a9988d2ad5d72ed49ebe1f
kubespheredev/ks-jenkins:master

Potential solution

Use following JVM options for test:

-Xms1200m
-Xmx1600m
-XX:MaxRAM=2g
-Dhudson.slaves.NodeProvisioner.initialDelay=20
-Dhudson.slaves.NodeProvisioner.MARGIN=50
-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85
-Dhudson.model.LoadStatistics.clock=5000
-Dhudson.model.LoadStatistics.decay=0.2
-Dhudson.slaves.NodeProvisioner.recurrencePeriod=5000
-Dhudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID=true
-Dio.jenkins.plugins.casc.ConfigurationAsCode.initialDelay=10000
-Djenkins.install.runSetupWizard=false

I request all contributors to test it using this approach, and give me a feedback below. If you have any other ideas on it, feel free to express it at below.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.