Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-0.21] Update Curated Packages documentation to point to latest version #9125

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions docs/content/en/docs/packages/cert-manager/v1.16.1.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
title: "v1.16.1"
linkTitle: "v1.16.1"
weight: 50
aliases:
/docs/reference/packagespec/cert-manager/v1.16.1/
description: >
---

### Configuring Cert-Manager in EKS Anywhere package spec

#### Example
```
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: my-cert-manager
namespace: eksa-packages-<cluster-name>
spec:
packageName: cert-manager
config: |
global:
logLevel: 4
```

The following table lists the configurable parameters of the cert-manager package spec and the default values.

| Parameter | Description | Default |
|--------------------------|------------------------------------------------------------------------------------------------------|----------------|
| **General** | | |
| `namespace` | The namespace to use for installing cert-manager package | `cert-manager` |
| `imagePullPolicy` | The image pull policy | `IfNotPresent` |
| **global** | | |
| `global.logLevel` | The log level: integer from 0-6 | `2` |
| **Webhook** | | |
| `webhook.timeoutSeconds` | The time in seconds to wait for the webhook to connect with the kube-api server | `0` |
12 changes: 12 additions & 0 deletions docs/content/en/docs/packages/changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@ description: >
Changelog for Curated packages release
---

## Package Bundle Release (12-26-2024)

#### Changed

- cert-manager `1.15.3` to `1.16.1`
- **Updated helm patch to include properties for eksa-packages in values.schema.json** [#4171](https://github.com/aws/eks-anywhere-build-tooling/pull/4171)
- cluster-autoscaler `9.43.0` to `9.43.2`
- credential-provider-package `0.4.4` to `0.4.5`
- **Added support to update both legacy and default path for kubelet-extra-args for ubuntu** [#1177](https://github.com/aws/eks-anywhere-packages/pull/1177)
- metallb `0.14.8` to `0.14.9`
- prometheus `2.54.1` to `2.55.1`

## Package Bundle Release (10-18-2024)

#### Changed
Expand Down
19 changes: 19 additions & 0 deletions docs/content/en/docs/packages/cluster-autoscaler/v9.43.2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
title: "v9.43.2"
linkTitle: "v9.43.2"
weight: 30
aliases:
/docs/reference/packagespec/cluster-autoscaler/v9.43.2/
description: >
---

### Configuring Cluster Autoscaler in EKS Anywhere package spec

| Parameter | Description | Default |
|---|---|---|
|**General**|||
| cloudProvider | Cluster Autoscaler cloud provider. This should always be clusterapi. <br/>Example:<br/> <pre>cloudProvider: "clusterapi"</pre>| "clusterapi"
| autoDiscovery.clusterName | Name of the kubernetes cluster this autoscaler package should autoscale. <br/>Example:<br/> <pre>autoDiscovery.clusterName: "mgmt-cluster"</pre>| false
| clusterAPIMode | Where Cluster Autoscaler should look for a kubeconfig to communicate with the cluster it will manage. See https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#connecting-cluster-autoscaler-to-cluster-api-management-and-workload-clusters <br/>Example:<br/> <pre>clusterAPIMode: "incluster-kubeconfig"</pre>| "incluster-incluster"
| clusterAPICloudConfigPath | Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig` <br/>Example:<br/> <pre>clusterAPICloudConfigPath: "/etc/kubernetes/value"</pre>| "/etc/kubernetes/mgmt-kubeconfig"
| extraVolumeSecrets | Additional volumes to mount from Secrets. <br/>Example:<br/> <pre>extraVolumeSecrets: {}</pre>| {}
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
---
title: "v0.4.5"
linkTitle: "v0.4.5"
weight: 30
aliases:
/docs/reference/packagespec/credential-provider-package/v0.4.5/
description: >
---

### Configuring Credential Provider Package in EKS Anywhere package spec

#### Example

The following is the sample configuration for the credential provider package that is installed by default with the package controller.
Please refer to [Credential Provider Package with IAM Roles Anywhere.]({{< relref "iam_roles_anywhere" >}})

```
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: ecr-credential-provider-package
namespace: eksa-packages-<clusterName>
annotations:
"helm.sh/resource-policy": keep
"anywhere.eks.aws.com/internal": "true"
spec:
packageName: credential-provider-package
targetNamespace: eksa-packages
config: |-
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
sourceRegistry: public.ecr.aws/eks-anywhere
credential:
- matchImages:
- 783794618700.dkr.ecr.us-west-2.amazonaws.com
profile: "default"
secretName: aws-secret
defaultCacheDuration: "5h"
```

In this example, the credential provider will use the secret provided in aws-secret (created automatically on cluster creation) to authenticate to the repository from which curated package images are pulled. Tolerations were also added so that the control plane nodes would also be configured with authentication.

The secret can exist in two forms: either a base64 encoding of a credential config or individual keys for fields.

Example credential
```
[default]
aws_access_key_id=EXAMPLE_ACCESS_KEY
aws_secret_access_key=EXAMPLE_SECRET_KEY
region=us-west-2
```

##### Example secret with separate keys
```
apiVersion: v1
kind: Secret
metadata:
name: aws-secret
namespace: eksa-packages
data:
AWS_ACCESS_KEY_ID: "QUtJQUlPU0ZPRE5ON0VYQU1QTEUK"
AWS_SECRET_ACCESS_KEY: "d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo="
REGION: dXMtd2VzdC0yCg==
```

##### Example secret in config form
```
apiVersion: v1
kind: Secret
metadata:
name: aws-secret
namespace: eksa-packages
data:
config: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPUFLSUFJT1NGT0ROTjdFWEFNUExFCmF3c19zZWNyZXRfYWNjZXNzX2tleT13SmFsclhVdG5GRU1JL0s3TURFTkcvYlB4UmZpQ1lFWEFNUExFS0VZCnJlZ2lvbj11cy13ZXN0LTI=
type: Opaque
```

#### Configurable parameters and default values under `spec.config`

| Parameter | Description | Default |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
| **General** | | |
| image.pullPolicy | Specifies image pull policy: `IfNotPresent`, `Always`, `Never`. | `"IfNotPresent"` |
| tolerations | [Kubernetes tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for pod scheduling | `{}` |
| **Credential** | | |
| credential | List of credential providers for authenticating with ECR. Currently only one is supported | <pre>credential: <br/> - secretName: "aws-secret"<br/> matchImages: []<br/> defaultCacheDuration: "1h"<br/> profile: "default</pre> |
| secretName | Name of secret that contains the aws credentials | `"aws-secret"` |
| profile | AWS Profile for secretName | `"default"` |
| matchImages | List of strings used to match against images. See [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/#configure-image-matching) for more info <br/>Example to match against any account across multiple regions for ECR:<br/></pre>`"*.dkr.ecr.*.amazonaws.com"`</pre> | `"[]"` |
| defaultCacheDuration | Duration the kubelet will cache credentials in-memory. For ECR it is recommended to keep this value less then 12 hours. | `"5h"` |

85 changes: 85 additions & 0 deletions docs/content/en/docs/packages/metallb/v0.14.9.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
title: "v0.14.9"
linkTitle: "v0.14.9"
weight: 30
aliases:
/docs/reference/packagespec/metallb/v0.14.9/
description: >
---

{{% pageinfo %}}
[FRRouting](https://frrouting.org/) is currently not supported for MetalLB.
{{% /pageinfo %}}

### Configuring MetalLB in EKS Anywhere package spec

#### Example
```
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages-<cluster-name>
spec:
packageName: metallb
targetNamespace: metallb-system
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.94/32
- 10.220.0.95/32
- name: bgp
addresses:
- 10.220.0.97-10.220.0.99
L2Advertisements:
- ipAddressPools:
- default
BGPAdvertisements:
- ipAddressPools:
- bgp
autoAssign: false
BGPPeers:
- myASN: 123
peerASN: 55001
peerAddress: 1.2.3.4
keepaliveTime: 30s
```

| Parameter | Description | Default | Required |
|---|---|---|---|
| IPAddressPools[] | A list of ip address pools. See **IPAddressPool**. | None | False |
| L2Advertisements[] | A list of Layer 2 advertisements. See **L2Advertisement**. | None | False |
| BGPAdvertisements[] | A list of BGP advertisements. See **BGPAdvertisement**. | None | False |
| BGPPeers[] | A list of BGP peers. See **BGPPeer**. | None | False |
|---|---|---|---|
|**IPAddressPool** | A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs.|||
| name | Name for the address pool. | None | True |
| addresses[] | A list of **string** representing CIRD or IP ranges. | None | True |
| autoAssign | AutoAssign flag used to prevent MetalLB from automatic allocation for a pool. | true | False |
|---|---|---|---|
|**L2Advertisement**|L2Advertisement allows MetalLB to advertise the LoadBalancer IPs provided by the selected pools via L2.|||
| ipAddressPools[] | The list of **IPAddressPool** names to advertise. | None | True |
| name | Name for the L2Advertisement. | None | False |
|---|---|---|---|
|**BGPAdvertisement**|BGPAdvertisement allows MetalLB to advertise the IPs coming from the selected ipAddressPools via BGP, setting the parameters of the BGP Advertisement.|||
| aggregationLength | The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. | 32 | False |
| aggregationLengthV6 | The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. | 128 | False |
| communities[] | The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. | None | False |
| ipAddressPools[] | The list of **IPAddressPool** names to be advertised via BGP. | None | True |
| localPref | The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. | None | False |
| peers[] | List of peer names. Limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. | None | False |
|---|---|---|---|
|**BGPPeer**|Peers for the BGP protocol.|||
| holdTime | Requested BGP hold time, per RFC4271. | None | False |
| keepaliveTime | Requested BGP keepalive time, per RFC4271. | None | False |
| myASN | AS number to use for the local end of the session. | None | True |
| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False |
| peerASN | AS number to expect from the remote end of the session. | None | True |
| peerAddress | Address to dial when establishing the session. | None | True |
| peerPort | Port to dial when establishing the session. | 179 | False |
| routerID | BGP router ID to advertise to the peer. | None | False |
| sourceAddress | Source address to use when establishing the session. | None | False |
| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False |
| passwordSecret | passwordSecret is a reference to the authentication secret for BGP Peer. The secret must be of type 'kubernetes.io/basic-auth' and the password stored under the "password" key. Example: <br/><pre>passwordSecret:<br/> name: mySecret<br/> namespace: metallb-system</pre> | None | False|
8 changes: 4 additions & 4 deletions docs/content/en/docs/packages/packagelist.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ description: >
| Name | Description | Versions | GitHub |
|----------------------------|----------------------------|---------------------------|-----------------------------|
| [ADOT]({{< relref "./adot" >}}) | ADOT Collector is an AWS distribution of the OpenTelemetry Collector, which provides a vendor-agnostic solution to receive, process and export telemetry data. | [v0.41.1]({{< relref "./adot/v0.41.1.md" >}}) | https://github.com/aws-observability/aws-otel-collector |
| [Cert-manager]({{< relref "./cert-manager" >}}) | Cert-manager is a certificate manager for Kubernetes clusters. | [v1.15.3]({{< relref "./cert-manager/v1.15.3.md" >}}) | https://github.com/cert-manager/cert-manager |
| [Cluster Autoscaler]({{< relref "./cluster-autoscaler" >}}) | Cluster Autoscaler is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. | [v9.43.0]({{< relref "./cluster-autoscaler/v9.43.0.md" >}}) | https://github.com/kubernetes/autoscaler |
| [Cert-manager]({{< relref "./cert-manager" >}}) | Cert-manager is a certificate manager for Kubernetes clusters. | [v1.16.1]({{< relref "./cert-manager/v1.16.1.md" >}}) | https://github.com/cert-manager/cert-manager |
| [Cluster Autoscaler]({{< relref "./cluster-autoscaler" >}}) | Cluster Autoscaler is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. | [v9.43.2]({{< relref "./cluster-autoscaler/v9.43.2.md" >}}) | https://github.com/kubernetes/autoscaler |
| [Emissary Ingress]({{< relref "./emissary" >}}) | Emissary Ingress is an open source `Ingress` supporting API Gateway + Layer 7 load balancer built on Envoy Proxy. | [v3.9.1]({{< relref "./emissary/v3.9.1.md" >}}) | https://github.com/emissary-ingress/emissary/ |
| [Harbor]({{< relref "./harbor" >}}) | Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. | [v2.11.1]({{< relref "./harbor/v2.11.1.md" >}})| https://github.com/goharbor/harbor<br>https://github.com/goharbor/harbor-helm |
| [MetalLB]({{< relref "./metallb" >}}) | MetalLB is a virtual IP provider for services of type `LoadBalancer` supporting ARP and BGP. | [v0.14.8]({{< relref "./metallb/v0.14.8.md" >}}) | https://github.com/metallb/metallb/ |
| [MetalLB]({{< relref "./metallb" >}}) | MetalLB is a virtual IP provider for services of type `LoadBalancer` supporting ARP and BGP. | [v0.14.9]({{< relref "./metallb/v0.14.9.md" >}}) | https://github.com/metallb/metallb/ |
| [Metrics Server]({{< relref "./metrics-server" >}}) | Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. | [v3.12.2]({{< relref "./metrics-server/v3.12.2.md" >}}) | https://github.com/kubernetes-sigs/metrics-server |
| [Prometheus]({{< relref "./prometheus" >}}) | Prometheus is an open-source systems monitoring and alerting toolkit that collects and stores metrics as time series data. | [v2.54.1]({{< relref "./prometheus/v2.54.1.md" >}}) | https://github.com/prometheus/prometheus |
| [Prometheus]({{< relref "./prometheus" >}}) | Prometheus is an open-source systems monitoring and alerting toolkit that collects and stores metrics as time series data. | [v2.55.1]({{< relref "./prometheus/v2.55.1.md" >}}) | https://github.com/prometheus/prometheus |

Loading
Loading