V1.27: Istio bump to 1.19.4 incl. hardening settings, latest network CNI, initial operators and telemetry chart
This commit is contained in:
parent
698df3b556
commit
214d758fbc
@ -150,13 +150,25 @@ echo "Adjust kubezero values as needed:"
|
|||||||
# shellcheck disable=SC2015
|
# shellcheck disable=SC2015
|
||||||
argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
||||||
|
|
||||||
control_plane_upgrade "apply_network, apply_addons, apply_storage"
|
# We need to restore the network ready file as cilium decided to rename it
|
||||||
|
control_plane_upgrade apply_network
|
||||||
|
echo "Wait for all CNI agents to be running ..."
|
||||||
|
waitSystemPodsRunning
|
||||||
|
all_nodes_upgrade "cd /host/etc/cni/net.d && ln -s 05-cilium.conflist 05-cilium.conf || true"
|
||||||
|
|
||||||
|
# now the rest
|
||||||
|
control_plane_upgrade "apply_addons, apply_storage"
|
||||||
|
|
||||||
echo "Checking that all pods in kube-system are running ..."
|
echo "Checking that all pods in kube-system are running ..."
|
||||||
waitSystemPodsRunning
|
waitSystemPodsRunning
|
||||||
|
|
||||||
echo "Applying remaining KubeZero modules..."
|
echo "Applying remaining KubeZero modules..."
|
||||||
|
|
||||||
|
### Cleanup of some deprecated Istio Crds
|
||||||
|
for crd in clusterrbacconfigs.rbac.istio.io rbacconfigs.rbac.istio.io servicerolebindings.rbac.istio.io serviceroles.rbac.istio.io; do
|
||||||
|
kubectl delete crds $crd || true
|
||||||
|
done
|
||||||
|
|
||||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd"
|
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd"
|
||||||
|
|
||||||
# Trigger backup of upgraded cluster state
|
# Trigger backup of upgraded cluster state
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-istio-gateway
|
name: kubezero-istio-gateway
|
||||||
description: KubeZero Umbrella Chart for Istio gateways
|
description: KubeZero Umbrella Chart for Istio gateways
|
||||||
type: application
|
type: application
|
||||||
version: 0.18.3
|
version: 0.19.4
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-istio-gateway
|
# kubezero-istio-gateway
|
||||||
|
|
||||||
![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.19.4](https://img.shields.io/badge/Version-0.19.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Istio gateways
|
KubeZero Umbrella Chart for Istio gateways
|
||||||
|
|
||||||
@ -16,12 +16,12 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed !
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.25.0`
|
Kubernetes: `>= 1.26.0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.17.2 |
|
| https://istio-release.storage.googleapis.com/charts | gateway | 1.19.4 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
@ -33,12 +33,14 @@ Kubernetes: `>= 1.25.0`
|
|||||||
| gateway.autoscaling.minReplicas | int | `1` | |
|
| gateway.autoscaling.minReplicas | int | `1` | |
|
||||||
| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
||||||
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | |
|
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | |
|
||||||
|
| gateway.priorityClassName | string | `"system-cluster-critical"` | |
|
||||||
| gateway.replicaCount | int | `1` | |
|
| gateway.replicaCount | int | `1` | |
|
||||||
| gateway.resources.limits.memory | string | `"512Mi"` | |
|
| gateway.resources.limits.memory | string | `"512Mi"` | |
|
||||||
| gateway.resources.requests.cpu | string | `"50m"` | |
|
| gateway.resources.requests.cpu | string | `"50m"` | |
|
||||||
| gateway.resources.requests.memory | string | `"64Mi"` | |
|
| gateway.resources.requests.memory | string | `"64Mi"` | |
|
||||||
| gateway.service.externalTrafficPolicy | string | `"Local"` | |
|
| gateway.service.externalTrafficPolicy | string | `"Local"` | |
|
||||||
| gateway.service.type | string | `"NodePort"` | |
|
| gateway.service.type | string | `"NodePort"` | |
|
||||||
|
| gateway.terminationGracePeriodSeconds | int | `120` | |
|
||||||
| proxyProtocol | bool | `true` | |
|
| proxyProtocol | bool | `true` | |
|
||||||
| telemetry.enabled | bool | `false` | |
|
| telemetry.enabled | bool | `false` | |
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.18.2
|
appVersion: 1.19.4
|
||||||
description: Helm chart for deploying Istio gateways
|
description: Helm chart for deploying Istio gateways
|
||||||
icon: https://istio.io/latest/favicons/android-192x192.png
|
icon: https://istio.io/latest/favicons/android-192x192.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -9,4 +9,4 @@ name: gateway
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/istio/istio
|
- https://github.com/istio/istio
|
||||||
type: application
|
type: application
|
||||||
version: 1.18.2
|
version: 1.19.4
|
||||||
|
@ -9,7 +9,9 @@ metadata:
|
|||||||
{{- .Values.annotations | toYaml | nindent 4 }}
|
{{- .Values.annotations | toYaml | nindent 4 }}
|
||||||
spec:
|
spec:
|
||||||
{{- if not .Values.autoscaling.enabled }}
|
{{- if not .Values.autoscaling.enabled }}
|
||||||
replicas: {{ .Values.replicaCount }}
|
{{- with .Values.replicaCount }}
|
||||||
|
replicas: {{ . }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# Give the LB 120s to detect and take into service
|
# Give the LB 120s to detect and take into service
|
||||||
# should only be 40s by we are on AWS so ...
|
# should only be 40s by we are on AWS so ...
|
||||||
@ -34,7 +36,6 @@ spec:
|
|||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
terminationGracePeriodSeconds: 120
|
|
||||||
serviceAccountName: {{ include "gateway.serviceAccountName" . }}
|
serviceAccountName: {{ include "gateway.serviceAccountName" . }}
|
||||||
securityContext:
|
securityContext:
|
||||||
{{- if .Values.securityContext }}
|
{{- if .Values.securityContext }}
|
||||||
@ -113,6 +114,10 @@ spec:
|
|||||||
topologySpreadConstraints:
|
topologySpreadConstraints:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }}
|
||||||
|
{{- with .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ . }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.volumes }}
|
{{- with .Values.volumes }}
|
||||||
volumes:
|
volumes:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
@ -15,6 +15,13 @@ spec:
|
|||||||
{{- with .Values.service.loadBalancerIP }}
|
{{- with .Values.service.loadBalancerIP }}
|
||||||
loadBalancerIP: "{{ . }}"
|
loadBalancerIP: "{{ . }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with .Values.service.ipFamilyPolicy }}
|
||||||
|
ipFamilyPolicy: "{{ . }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.service.ipFamilies }}
|
||||||
|
ipFamilies:
|
||||||
|
{{ toYaml . | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
{{- with .Values.service.loadBalancerSourceRanges }}
|
||||||
loadBalancerSourceRanges:
|
loadBalancerSourceRanges:
|
||||||
{{ toYaml . | indent 4 }}
|
{{ toYaml . | indent 4 }}
|
||||||
|
@ -81,7 +81,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"replicaCount": {
|
"replicaCount": {
|
||||||
"type": "integer"
|
"type": [ "integer", "null" ]
|
||||||
},
|
},
|
||||||
"resources": {
|
"resources": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
@ -135,6 +135,16 @@
|
|||||||
"loadBalancerSourceRanges": {
|
"loadBalancerSourceRanges": {
|
||||||
"type": "array"
|
"type": "array"
|
||||||
},
|
},
|
||||||
|
"ipFamilies" : {
|
||||||
|
"items": {
|
||||||
|
"type": "string",
|
||||||
|
"enum": ["IPv4", "IPv6"]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ipFamilyPolicy" : {
|
||||||
|
"type": "string",
|
||||||
|
"enum": ["", "SingleStack", "PreferDualStack", "RequireDualStack"]
|
||||||
|
},
|
||||||
"ports": {
|
"ports": {
|
||||||
"type": "array",
|
"type": "array",
|
||||||
"items": {
|
"items": {
|
||||||
@ -220,6 +230,12 @@
|
|||||||
"enum": ["", "IfHealthyBudget", "AlwaysAllow"]
|
"enum": ["", "IfHealthyBudget", "AlwaysAllow"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"terminationGracePeriodSeconds": {
|
||||||
|
"type": "number"
|
||||||
|
},
|
||||||
|
"priorityClassName": {
|
||||||
|
"type": "string"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,9 @@ name: ""
|
|||||||
# revision declares which revision this gateway is a part of
|
# revision declares which revision this gateway is a part of
|
||||||
revision: ""
|
revision: ""
|
||||||
|
|
||||||
replicaCount: 1
|
# Controls the spec.replicas setting for the Gateway deployment if set.
|
||||||
|
# Otherwise defaults to Kubernetes Deployment default (1).
|
||||||
|
replicaCount:
|
||||||
|
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
|
||||||
@ -55,6 +57,8 @@ service:
|
|||||||
loadBalancerSourceRanges: []
|
loadBalancerSourceRanges: []
|
||||||
externalTrafficPolicy: ""
|
externalTrafficPolicy: ""
|
||||||
externalIPs: []
|
externalIPs: []
|
||||||
|
ipFamilyPolicy: ""
|
||||||
|
ipFamilies: []
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@ -125,3 +129,11 @@ imagePullSecrets: []
|
|||||||
# podDisruptionBudget: {}
|
# podDisruptionBudget: {}
|
||||||
#
|
#
|
||||||
podDisruptionBudget: {}
|
podDisruptionBudget: {}
|
||||||
|
|
||||||
|
terminationGracePeriodSeconds: 30
|
||||||
|
|
||||||
|
# Configure this to a higher priority class in order to make sure your Istio gateway pods
|
||||||
|
# will not be killed because of low priority class.
|
||||||
|
# Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
||||||
|
# for more detail.
|
||||||
|
priorityClassName: ""
|
||||||
|
@ -11,14 +11,6 @@ diff -tubr charts/gateway.orig/templates/deployment.yaml charts/gateway/template
|
|||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
{{- include "gateway.selectorLabels" . | nindent 6 }}
|
||||||
@@ -31,6 +34,7 @@
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
+ terminationGracePeriodSeconds: 120
|
|
||||||
serviceAccountName: {{ include "gateway.serviceAccountName" . }}
|
|
||||||
securityContext:
|
|
||||||
{{- if .Values.securityContext }}
|
|
||||||
@@ -86,6 +90,10 @@
|
@@ -86,6 +90,10 @@
|
||||||
name: http-envoy-prom
|
name: http-envoy-prom
|
||||||
resources:
|
resources:
|
||||||
|
@ -18,7 +18,7 @@ data:
|
|||||||
{
|
{
|
||||||
"name": "envoy.resource_monitors.fixed_heap",
|
"name": "envoy.resource_monitors.fixed_heap",
|
||||||
"threshold": {
|
"threshold": {
|
||||||
"value": 0.9
|
"value": 0.92
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
@ -29,7 +29,7 @@ data:
|
|||||||
{
|
{
|
||||||
"name": "envoy.resource_monitors.fixed_heap",
|
"name": "envoy.resource_monitors.fixed_heap",
|
||||||
"threshold": {
|
"threshold": {
|
||||||
"value": 0.99
|
"value": 0.98
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -28,11 +28,16 @@ spec:
|
|||||||
name: "envoy.filters.network.http_connection_manager"
|
name: "envoy.filters.network.http_connection_manager"
|
||||||
typed_config:
|
typed_config:
|
||||||
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
|
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
|
||||||
|
stat_prefix: ingress_http
|
||||||
|
use_remote_address: true
|
||||||
|
normalize_path: true
|
||||||
|
merge_slashes: true
|
||||||
|
path_with_escaped_slashes_action: UNESCAPE_AND_REDIRECT
|
||||||
common_http_protocol_options:
|
common_http_protocol_options:
|
||||||
idle_timeout: 3600s # 1 hour
|
idle_timeout: 3600s # 1 hour
|
||||||
# headers_with_underscores_action: REJECT_REQUEST
|
# headers_with_underscores_action: REJECT_REQUEST
|
||||||
http2_protocol_options:
|
http2_protocol_options:
|
||||||
max_concurrent_streams: 500
|
max_concurrent_streams: 100
|
||||||
initial_stream_window_size: 65536 # 64 KiB
|
initial_stream_window_size: 65536 # 64 KiB
|
||||||
initial_connection_window_size: 1048576 # 1 MiB
|
initial_connection_window_size: 1048576 # 1 MiB
|
||||||
#stream_idle_timeout: 300s # 5 mins, must be disabled for long-lived and streaming requests
|
#stream_idle_timeout: 300s # 5 mins, must be disabled for long-lived and streaming requests
|
||||||
|
@ -1,4 +1,3 @@
|
|||||||
{{- if .Values.proxyProtocol }}
|
|
||||||
apiVersion: networking.istio.io/v1alpha3
|
apiVersion: networking.istio.io/v1alpha3
|
||||||
kind: EnvoyFilter
|
kind: EnvoyFilter
|
||||||
metadata:
|
metadata:
|
||||||
@ -16,6 +15,11 @@ spec:
|
|||||||
operation: MERGE
|
operation: MERGE
|
||||||
value:
|
value:
|
||||||
listener_filters:
|
listener_filters:
|
||||||
- name: envoy.filters.listener.proxy_protocol
|
|
||||||
- name: envoy.filters.listener.tls_inspector
|
- name: envoy.filters.listener.tls_inspector
|
||||||
|
typed_config:
|
||||||
|
"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
|
||||||
|
{{- if .Values.proxyProtocol }}
|
||||||
|
- name: envoy.filters.listener.proxy_protocol
|
||||||
|
typed_config:
|
||||||
|
"@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
|
||||||
{{- end }}
|
{{- end }}
|
@ -9,3 +9,5 @@ update_helm
|
|||||||
export ISTIO_VERSION=$(yq eval '.dependencies[] | select(.name=="gateway") | .version' Chart.yaml)
|
export ISTIO_VERSION=$(yq eval '.dependencies[] | select(.name=="gateway") | .version' Chart.yaml)
|
||||||
|
|
||||||
patch_chart gateway
|
patch_chart gateway
|
||||||
|
|
||||||
|
update_docs
|
||||||
|
@ -7,6 +7,9 @@ gateway:
|
|||||||
|
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
|
terminationGracePeriodSeconds: 120
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 50m
|
cpu: 50m
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-istio
|
name: kubezero-istio
|
||||||
description: KubeZero Umbrella Chart for Istio
|
description: KubeZero Umbrella Chart for Istio
|
||||||
type: application
|
type: application
|
||||||
version: 0.18.3
|
version: 0.19.4
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-istio
|
# kubezero-istio
|
||||||
|
|
||||||
![Version: 0.18.2](https://img.shields.io/badge/Version-0.18.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.19.4](https://img.shields.io/badge/Version-0.19.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Istio
|
KubeZero Umbrella Chart for Istio
|
||||||
|
|
||||||
@ -21,9 +21,9 @@ Kubernetes: `>= 1.26.0`
|
|||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://istio-release.storage.googleapis.com/charts | base | 1.18.2 |
|
| https://istio-release.storage.googleapis.com/charts | base | 1.19.4 |
|
||||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.18.2 |
|
| https://istio-release.storage.googleapis.com/charts | istiod | 1.19.4 |
|
||||||
| https://kiali.org/helm-charts | kiali-server | 1.72.0 |
|
| https://kiali.org/helm-charts | kiali-server | 1.76.0 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
|
@ -10,7 +10,9 @@ export ISTIO_VERSION=$(yq eval '.dependencies[] | select(.name=="base") | .versi
|
|||||||
export KIALI_VERSION=$(yq eval '.dependencies[] | select(.name=="kiali-server") | .version' Chart.yaml)
|
export KIALI_VERSION=$(yq eval '.dependencies[] | select(.name=="kiali-server") | .version' Chart.yaml)
|
||||||
|
|
||||||
# Get matching istioctl
|
# Get matching istioctl
|
||||||
# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
|
[ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
|
||||||
|
|
||||||
# Fetch dashboards from Grafana.com and update ZDT CM
|
# Fetch dashboards from Grafana.com and update ZDT CM
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||||
|
|
||||||
|
update_docs
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-network
|
name: kubezero-network
|
||||||
description: KubeZero umbrella chart for all things network
|
description: KubeZero umbrella chart for all things network
|
||||||
type: application
|
type: application
|
||||||
version: 0.4.5
|
version: 0.4.6
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -19,11 +19,11 @@ dependencies:
|
|||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: cilium
|
- name: cilium
|
||||||
version: 1.13.5
|
version: 1.14.4
|
||||||
repository: https://helm.cilium.io/
|
repository: https://helm.cilium.io/
|
||||||
condition: cilium.enabled
|
condition: cilium.enabled
|
||||||
- name: metallb
|
- name: metallb
|
||||||
version: 0.13.9
|
version: 0.13.12
|
||||||
repository: https://metallb.github.io/metallb
|
repository: https://metallb.github.io/metallb
|
||||||
condition: metallb.enabled
|
condition: metallb.enabled
|
||||||
kubeVersion: ">= 1.26.0"
|
kubeVersion: ">= 1.26.0"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-network
|
# kubezero-network
|
||||||
|
|
||||||
![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.4.6](https://img.shields.io/badge/Version-0.4.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things network
|
KubeZero umbrella chart for all things network
|
||||||
|
|
||||||
@ -14,13 +14,13 @@ KubeZero umbrella chart for all things network
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.25.0`
|
Kubernetes: `>= 1.26.0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://helm.cilium.io/ | cilium | 1.13.4 |
|
| https://helm.cilium.io/ | cilium | 1.14.4 |
|
||||||
| https://metallb.github.io/metallb | metallb | 0.13.9 |
|
| https://metallb.github.io/metallb | metallb | 0.13.12 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
@ -65,5 +65,6 @@ Kubernetes: `>= 1.25.0`
|
|||||||
| multus.clusterNetwork | string | `"cilium"` | |
|
| multus.clusterNetwork | string | `"cilium"` | |
|
||||||
| multus.defaultNetworks | list | `[]` | |
|
| multus.defaultNetworks | list | `[]` | |
|
||||||
| multus.enabled | bool | `false` | |
|
| multus.enabled | bool | `false` | |
|
||||||
| multus.readinessindicatorfile | string | `"/etc/cni/net.d/05-cilium.conf"` | |
|
| multus.image.repository | string | `"ghcr.io/k8snetworkplumbingwg/multus-cni"` | |
|
||||||
| multus.tag | string | `"v3.9.3"` | |
|
| multus.image.tag | string | `"v3.9.3"` | |
|
||||||
|
| multus.readinessindicatorfile | string | `"/etc/cni/net.d/05-cilium.conflist"` | |
|
||||||
|
@ -37,10 +37,10 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: "100m"
|
cpu: "100m"
|
||||||
memory: "50Mi"
|
memory: "32Mi"
|
||||||
limits:
|
limits:
|
||||||
cpu: "100m"
|
#cpu: "100m"
|
||||||
memory: "50Mi"
|
memory: "64Mi"
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
capabilities:
|
capabilities:
|
||||||
|
@ -1,6 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
|
||||||
helm dep update
|
. ../../scripts/lib-update.sh
|
||||||
|
|
||||||
|
#login_ecr_public
|
||||||
|
update_helm
|
||||||
|
|
||||||
# Create ZDT dashboard configmap
|
# Create ZDT dashboard configmap
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||||
|
|
||||||
|
update_docs
|
||||||
|
@ -22,7 +22,7 @@ multus:
|
|||||||
|
|
||||||
clusterNetwork: "cilium"
|
clusterNetwork: "cilium"
|
||||||
defaultNetworks: []
|
defaultNetworks: []
|
||||||
readinessindicatorfile: "/etc/cni/net.d/05-cilium.conf"
|
readinessindicatorfile: "/etc/cni/net.d/05-cilium.conflist"
|
||||||
|
|
||||||
cilium:
|
cilium:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -46,8 +46,8 @@ cilium:
|
|||||||
exclusive: false
|
exclusive: false
|
||||||
|
|
||||||
# bpf:
|
# bpf:
|
||||||
# hostLegacyRouting: true
|
# autoMount:
|
||||||
# tproxy: false
|
# enabled: false
|
||||||
|
|
||||||
cluster:
|
cluster:
|
||||||
# This should match the second octet of clusterPoolIPv4PodCIDRList
|
# This should match the second octet of clusterPoolIPv4PodCIDRList
|
||||||
@ -71,7 +71,7 @@ cilium:
|
|||||||
enabled: false
|
enabled: false
|
||||||
hostRoot: "/sys/fs/cgroup"
|
hostRoot: "/sys/fs/cgroup"
|
||||||
|
|
||||||
tunnel: geneve
|
tunnelProtocol: geneve
|
||||||
|
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
23
charts/kubezero-operators/Chart.yaml
Normal file
23
charts/kubezero-operators/Chart.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: kubezero-operators
|
||||||
|
description: Various operators supported by KubeZero
|
||||||
|
type: application
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://kubezero.com
|
||||||
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
keywords:
|
||||||
|
- kubezero
|
||||||
|
- operators
|
||||||
|
- opensearch
|
||||||
|
maintainers:
|
||||||
|
- name: Stefan Reimer
|
||||||
|
email: stefan@zero-downtime.net
|
||||||
|
dependencies:
|
||||||
|
- name: kubezero-lib
|
||||||
|
version: ">= 0.1.6"
|
||||||
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
|
- name: opensearch-operator
|
||||||
|
version: 2.4.0
|
||||||
|
repository: https://opster.github.io/opensearch-k8s-operator/
|
||||||
|
condition: opensearch-operator.enabled
|
||||||
|
kubeVersion: ">= 1.26.0"
|
7
charts/kubezero-operators/update.sh
Executable file
7
charts/kubezero-operators/update.sh
Executable file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
. ../../scripts/lib-update.sh
|
||||||
|
|
||||||
|
#login_ecr_public
|
||||||
|
update_helm
|
15
charts/kubezero-operators/values.yaml
Normal file
15
charts/kubezero-operators/values.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
opensearch-operator:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# otherwise service names will be >63 chars
|
||||||
|
fullnameOverride: telemetry
|
||||||
|
|
||||||
|
# not needed for now
|
||||||
|
kubeRbacProxy:
|
||||||
|
enable: false
|
||||||
|
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
effect: NoSchedule
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
28
charts/kubezero-telemetry/Chart.yaml
Normal file
28
charts/kubezero-telemetry/Chart.yaml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: kubezero-telemetry
|
||||||
|
description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
|
||||||
|
type: application
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://kubezero.com
|
||||||
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
keywords:
|
||||||
|
- kubezero
|
||||||
|
- otel
|
||||||
|
- OpenTelemetry
|
||||||
|
- jaeger
|
||||||
|
maintainers:
|
||||||
|
- name: Stefan Reimer
|
||||||
|
email: stefan@zero-downtime.net
|
||||||
|
dependencies:
|
||||||
|
- name: kubezero-lib
|
||||||
|
version: ">= 0.1.6"
|
||||||
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
|
- name: opentelemetry-collector
|
||||||
|
version: 0.73.1
|
||||||
|
repository: https://open-telemetry.github.io/opentelemetry-helm-charts
|
||||||
|
condition: opentelemetry-collector.enabled
|
||||||
|
- name: jaeger
|
||||||
|
version: 0.72.0
|
||||||
|
repository: https://jaegertracing.github.io/helm-charts
|
||||||
|
condition: jaeger.enabled
|
||||||
|
kubeVersion: ">= 1.26.0"
|
@ -0,0 +1,20 @@
|
|||||||
|
{{- if .Values.jaeger.istio.enabled }}
|
||||||
|
apiVersion: networking.istio.io/v1beta1
|
||||||
|
kind: VirtualService
|
||||||
|
metadata:
|
||||||
|
name: {{ include "kubezero-lib.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
gateways:
|
||||||
|
- {{ .Values.jaeger.istio.gateway }}
|
||||||
|
hosts:
|
||||||
|
- {{ .Values.jaeger.istio.url }}
|
||||||
|
http:
|
||||||
|
- route:
|
||||||
|
- destination:
|
||||||
|
host: {{ .Release.Name }}-jaeger-query
|
||||||
|
port:
|
||||||
|
number: 16686
|
||||||
|
{{- end }}
|
39
charts/kubezero-telemetry/templates/opensearch/cluster.yaml
Normal file
39
charts/kubezero-telemetry/templates/opensearch/cluster.yaml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
{{- if .Values.opensearch.nodeSets }}
|
||||||
|
apiVersion: opensearch.opster.io/v1
|
||||||
|
kind: OpenSearchCluster
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kubezero-lib.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
general:
|
||||||
|
serviceName: {{ template "kubezero-lib.fullname" . }}
|
||||||
|
version: 2.11.0
|
||||||
|
dashboards:
|
||||||
|
enable: true
|
||||||
|
version: 2.11.0
|
||||||
|
replicas: 1
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "512Mi"
|
||||||
|
cpu: "200m"
|
||||||
|
limits:
|
||||||
|
memory: "512Mi"
|
||||||
|
cpu: "200m"
|
||||||
|
nodePools:
|
||||||
|
- component: nodes
|
||||||
|
replicas: 2
|
||||||
|
diskSize: "16Gi"
|
||||||
|
nodeSelector:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "2Gi"
|
||||||
|
cpu: "500m"
|
||||||
|
limits:
|
||||||
|
memory: "2Gi"
|
||||||
|
cpu: "500m"
|
||||||
|
roles:
|
||||||
|
- "cluster_manager"
|
||||||
|
- "data"
|
||||||
|
{{- end }}
|
7
charts/kubezero-telemetry/update.sh
Executable file
7
charts/kubezero-telemetry/update.sh
Executable file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
. ../../scripts/lib-update.sh
|
||||||
|
|
||||||
|
#login_ecr_public
|
||||||
|
update_helm
|
34
charts/kubezero-telemetry/values.yaml
Normal file
34
charts/kubezero-telemetry/values.yaml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
opentelemetry-collector:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
mode: deployment
|
||||||
|
|
||||||
|
jaeger:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# allInOne:
|
||||||
|
# enabled: true
|
||||||
|
# storage:
|
||||||
|
# type: none
|
||||||
|
# collector:
|
||||||
|
# enabled: false
|
||||||
|
# query:
|
||||||
|
# enabled: false
|
||||||
|
|
||||||
|
agent:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
storage:
|
||||||
|
type: elasticsearch
|
||||||
|
|
||||||
|
provisionDataStore:
|
||||||
|
cassandra: false
|
||||||
|
elasticsearch: false
|
||||||
|
|
||||||
|
istio:
|
||||||
|
enabled: false
|
||||||
|
gateway: istio-ingress/private-ingressgateway
|
||||||
|
url: jaeger.example.com
|
||||||
|
|
||||||
|
opensearch:
|
||||||
|
nodeSets: {}
|
15
charts/kubezero/templates/operators.yaml
Normal file
15
charts/kubezero/templates/operators.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{{- define "operators-values" }}
|
||||||
|
|
||||||
|
{{- with index .Values "operators" "opensearch-operator" }}
|
||||||
|
opensearch-operator:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{- define "operators-argo" }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ include "kubezero-app.app" . }}
|
42
charts/kubezero/templates/telemetry.yaml
Normal file
42
charts/kubezero/templates/telemetry.yaml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{{- define "telemetry-values" }}
|
||||||
|
|
||||||
|
{{- if .Values.telemetry.jaeger }}
|
||||||
|
jaeger:
|
||||||
|
{{- with .Values.telemetry.jaeger }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.telemetry.opensearch }}
|
||||||
|
opensearch:
|
||||||
|
{{- if .Values.telemetry.opensearch.nodeSets }}
|
||||||
|
nodeSets:
|
||||||
|
{{- with .Values.telemetry.opensearch.nodeSets }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
prometheus: {{ .Values.metrics.enabled }}
|
||||||
|
|
||||||
|
{{- if .Values.telemetry.opensearch.s3Snapshot }}
|
||||||
|
s3Snapshot:
|
||||||
|
{{- with .Values.telemetry.opensearch.s3Snapshot }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.telemetry.dashboard }}
|
||||||
|
dashboard:
|
||||||
|
{{- with .Values.telemetry.dashboard }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{- define "telemetry-argo" }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ include "kubezero-app.app" . }}
|
@ -31,7 +31,7 @@ addons:
|
|||||||
network:
|
network:
|
||||||
enabled: true
|
enabled: true
|
||||||
retain: true
|
retain: true
|
||||||
targetRevision: 0.4.5
|
targetRevision: 0.4.6
|
||||||
cilium:
|
cilium:
|
||||||
cluster: {}
|
cluster: {}
|
||||||
|
|
||||||
@ -59,13 +59,13 @@ storage:
|
|||||||
istio:
|
istio:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
targetRevision: 0.18.2
|
targetRevision: 0.19.4
|
||||||
|
|
||||||
istio-ingress:
|
istio-ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
chart: kubezero-istio-gateway
|
chart: kubezero-istio-gateway
|
||||||
namespace: istio-ingress
|
namespace: istio-ingress
|
||||||
targetRevision: 0.18.2
|
targetRevision: 0.19.4
|
||||||
gateway:
|
gateway:
|
||||||
service: {}
|
service: {}
|
||||||
|
|
||||||
@ -77,6 +77,16 @@ istio-private-ingress:
|
|||||||
gateway:
|
gateway:
|
||||||
service: {}
|
service: {}
|
||||||
|
|
||||||
|
telemetry:
|
||||||
|
enabled: false
|
||||||
|
namespace: telemetry
|
||||||
|
targetRevision: 0.1.0
|
||||||
|
|
||||||
|
operators:
|
||||||
|
enabled: false
|
||||||
|
namespace: operators
|
||||||
|
targetRevision: 0.1.0
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
|
Loading…
Reference in New Issue
Block a user