ECK fixes for Kube 1.18, Redis cluster support incl. Enyoy proxy

This commit is contained in:
Stefan Reimer 2020-12-04 06:05:35 -08:00
parent 33495c83de
commit 2a56489273
17 changed files with 148 additions and 396 deletions

View File

@ -1,112 +0,0 @@
# istio-ingress
![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square)
Helm chart for deploying Istio gateways
## Source Code
* <http://github.com/istio/istio>
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| gateways.istio-ingressgateway.additionalContainers | list | `[]` | |
| gateways.istio-ingressgateway.autoscaleEnabled | bool | `true` | |
| gateways.istio-ingressgateway.autoscaleMax | int | `5` | |
| gateways.istio-ingressgateway.autoscaleMin | int | `1` | |
| gateways.istio-ingressgateway.configVolumes | list | `[]` | |
| gateways.istio-ingressgateway.cpu.targetAverageUtilization | int | `80` | |
| gateways.istio-ingressgateway.customService | bool | `false` | |
| gateways.istio-ingressgateway.env.ISTIO_META_ROUTER_MODE | string | `"sni-dnat"` | |
| gateways.istio-ingressgateway.externalTrafficPolicy | string | `""` | |
| gateways.istio-ingressgateway.ingressPorts | list | `[]` | |
| gateways.istio-ingressgateway.labels.app | string | `"istio-ingressgateway"` | |
| gateways.istio-ingressgateway.labels.istio | string | `"ingressgateway"` | |
| gateways.istio-ingressgateway.loadBalancerIP | string | `""` | |
| gateways.istio-ingressgateway.loadBalancerSourceRanges | list | `[]` | |
| gateways.istio-ingressgateway.meshExpansionPorts[0].name | string | `"tcp-istiod"` | |
| gateways.istio-ingressgateway.meshExpansionPorts[0].port | int | `15012` | |
| gateways.istio-ingressgateway.meshExpansionPorts[0].targetPort | int | `15012` | |
| gateways.istio-ingressgateway.name | string | `"istio-ingressgateway"` | |
| gateways.istio-ingressgateway.nodeSelector | object | `{}` | |
| gateways.istio-ingressgateway.podAnnotations | object | `{}` | |
| gateways.istio-ingressgateway.podAntiAffinityLabelSelector | list | `[]` | |
| gateways.istio-ingressgateway.podAntiAffinityTermLabelSelector | list | `[]` | |
| gateways.istio-ingressgateway.ports[0].name | string | `"status-port"` | |
| gateways.istio-ingressgateway.ports[0].port | int | `15021` | |
| gateways.istio-ingressgateway.ports[0].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[0].targetPort | int | `15021` | |
| gateways.istio-ingressgateway.ports[1].name | string | `"http2"` | |
| gateways.istio-ingressgateway.ports[1].port | int | `80` | |
| gateways.istio-ingressgateway.ports[1].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[1].targetPort | int | `8080` | |
| gateways.istio-ingressgateway.ports[2].name | string | `"https"` | |
| gateways.istio-ingressgateway.ports[2].port | int | `443` | |
| gateways.istio-ingressgateway.ports[2].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[2].targetPort | int | `8443` | |
| gateways.istio-ingressgateway.ports[3].name | string | `"tls"` | |
| gateways.istio-ingressgateway.ports[3].port | int | `15443` | |
| gateways.istio-ingressgateway.ports[3].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[3].targetPort | int | `15443` | |
| gateways.istio-ingressgateway.resources.limits.cpu | string | `"2000m"` | |
| gateways.istio-ingressgateway.resources.limits.memory | string | `"1024Mi"` | |
| gateways.istio-ingressgateway.resources.requests.cpu | string | `"100m"` | |
| gateways.istio-ingressgateway.resources.requests.memory | string | `"128Mi"` | |
| gateways.istio-ingressgateway.rollingMaxSurge | string | `"100%"` | |
| gateways.istio-ingressgateway.rollingMaxUnavailable | string | `"25%"` | |
| gateways.istio-ingressgateway.runAsRoot | bool | `false` | |
| gateways.istio-ingressgateway.secretVolumes[0].mountPath | string | `"/etc/istio/ingressgateway-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[0].name | string | `"ingressgateway-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[0].secretName | string | `"istio-ingressgateway-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[1].mountPath | string | `"/etc/istio/ingressgateway-ca-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[1].name | string | `"ingressgateway-ca-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[1].secretName | string | `"istio-ingressgateway-ca-certs"` | |
| gateways.istio-ingressgateway.serviceAnnotations | object | `{}` | |
| gateways.istio-ingressgateway.tolerations | list | `[]` | |
| gateways.istio-ingressgateway.type | string | `"LoadBalancer"` | |
| gateways.istio-ingressgateway.zvpn.enabled | bool | `false` | |
| gateways.istio-ingressgateway.zvpn.suffix | string | `"global"` | |
| global.arch.amd64 | int | `2` | |
| global.arch.ppc64le | int | `2` | |
| global.arch.s390x | int | `2` | |
| global.caAddress | string | `""` | |
| global.defaultConfigVisibilitySettings | list | `[]` | |
| global.defaultPodDisruptionBudget.enabled | bool | `true` | |
| global.defaultResources.requests.cpu | string | `"10m"` | |
| global.defaultTolerations | list | `[]` | |
| global.hub | string | `"gcr.io/istio-testing"` | |
| global.imagePullPolicy | string | `""` | |
| global.imagePullSecrets | list | `[]` | |
| global.istioNamespace | string | `"istio-system"` | |
| global.jwtPolicy | string | `"third-party-jwt"` | |
| global.logAsJson | bool | `false` | |
| global.logging.level | string | `"default:info"` | |
| global.meshExpansion.enabled | bool | `false` | |
| global.meshExpansion.useILB | bool | `false` | |
| global.meshID | string | `""` | |
| global.mountMtlsCerts | bool | `false` | |
| global.multiCluster.clusterName | string | `""` | |
| global.multiCluster.enabled | bool | `false` | |
| global.multiCluster.globalDomainSuffix | string | `"global"` | |
| global.multiCluster.includeEnvoyFilter | bool | `true` | |
| global.network | string | `""` | |
| global.pilotCertProvider | string | `"istiod"` | |
| global.priorityClassName | string | `""` | |
| global.proxy.clusterDomain | string | `"cluster.local"` | |
| global.proxy.componentLogLevel | string | `"misc:error"` | |
| global.proxy.enableCoreDump | bool | `false` | |
| global.proxy.image | string | `"proxyv2"` | |
| global.proxy.logLevel | string | `"warning"` | |
| global.sds.token.aud | string | `"istio-ca"` | |
| global.sts.servicePort | int | `0` | |
| global.tag | string | `"latest"` | |
| meshConfig.defaultConfig.proxyMetadata | object | `{}` | |
| meshConfig.defaultConfig.tracing | string | `nil` | |
| meshConfig.enablePrometheusMerge | bool | `true` | |
| ownerName | string | `""` | |
| revision | string | `""` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)

View File

@ -1,112 +0,0 @@
# istio-ingress
![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square)
Helm chart for deploying Istio gateways
## Source Code
* <http://github.com/istio/istio>
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| gateways.istio-ingressgateway.additionalContainers | list | `[]` | |
| gateways.istio-ingressgateway.autoscaleEnabled | bool | `true` | |
| gateways.istio-ingressgateway.autoscaleMax | int | `5` | |
| gateways.istio-ingressgateway.autoscaleMin | int | `1` | |
| gateways.istio-ingressgateway.configVolumes | list | `[]` | |
| gateways.istio-ingressgateway.cpu.targetAverageUtilization | int | `80` | |
| gateways.istio-ingressgateway.customService | bool | `false` | |
| gateways.istio-ingressgateway.env.ISTIO_META_ROUTER_MODE | string | `"sni-dnat"` | |
| gateways.istio-ingressgateway.externalTrafficPolicy | string | `""` | |
| gateways.istio-ingressgateway.ingressPorts | list | `[]` | |
| gateways.istio-ingressgateway.labels.app | string | `"istio-ingressgateway"` | |
| gateways.istio-ingressgateway.labels.istio | string | `"ingressgateway"` | |
| gateways.istio-ingressgateway.loadBalancerIP | string | `""` | |
| gateways.istio-ingressgateway.loadBalancerSourceRanges | list | `[]` | |
| gateways.istio-ingressgateway.meshExpansionPorts[0].name | string | `"tcp-istiod"` | |
| gateways.istio-ingressgateway.meshExpansionPorts[0].port | int | `15012` | |
| gateways.istio-ingressgateway.meshExpansionPorts[0].targetPort | int | `15012` | |
| gateways.istio-ingressgateway.name | string | `"istio-ingressgateway"` | |
| gateways.istio-ingressgateway.nodeSelector | object | `{}` | |
| gateways.istio-ingressgateway.podAnnotations | object | `{}` | |
| gateways.istio-ingressgateway.podAntiAffinityLabelSelector | list | `[]` | |
| gateways.istio-ingressgateway.podAntiAffinityTermLabelSelector | list | `[]` | |
| gateways.istio-ingressgateway.ports[0].name | string | `"status-port"` | |
| gateways.istio-ingressgateway.ports[0].port | int | `15021` | |
| gateways.istio-ingressgateway.ports[0].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[0].targetPort | int | `15021` | |
| gateways.istio-ingressgateway.ports[1].name | string | `"http2"` | |
| gateways.istio-ingressgateway.ports[1].port | int | `80` | |
| gateways.istio-ingressgateway.ports[1].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[1].targetPort | int | `8080` | |
| gateways.istio-ingressgateway.ports[2].name | string | `"https"` | |
| gateways.istio-ingressgateway.ports[2].port | int | `443` | |
| gateways.istio-ingressgateway.ports[2].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[2].targetPort | int | `8443` | |
| gateways.istio-ingressgateway.ports[3].name | string | `"tls"` | |
| gateways.istio-ingressgateway.ports[3].port | int | `15443` | |
| gateways.istio-ingressgateway.ports[3].protocol | string | `"TCP"` | |
| gateways.istio-ingressgateway.ports[3].targetPort | int | `15443` | |
| gateways.istio-ingressgateway.resources.limits.cpu | string | `"2000m"` | |
| gateways.istio-ingressgateway.resources.limits.memory | string | `"1024Mi"` | |
| gateways.istio-ingressgateway.resources.requests.cpu | string | `"100m"` | |
| gateways.istio-ingressgateway.resources.requests.memory | string | `"128Mi"` | |
| gateways.istio-ingressgateway.rollingMaxSurge | string | `"100%"` | |
| gateways.istio-ingressgateway.rollingMaxUnavailable | string | `"25%"` | |
| gateways.istio-ingressgateway.runAsRoot | bool | `false` | |
| gateways.istio-ingressgateway.secretVolumes[0].mountPath | string | `"/etc/istio/ingressgateway-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[0].name | string | `"ingressgateway-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[0].secretName | string | `"istio-ingressgateway-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[1].mountPath | string | `"/etc/istio/ingressgateway-ca-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[1].name | string | `"ingressgateway-ca-certs"` | |
| gateways.istio-ingressgateway.secretVolumes[1].secretName | string | `"istio-ingressgateway-ca-certs"` | |
| gateways.istio-ingressgateway.serviceAnnotations | object | `{}` | |
| gateways.istio-ingressgateway.tolerations | list | `[]` | |
| gateways.istio-ingressgateway.type | string | `"LoadBalancer"` | |
| gateways.istio-ingressgateway.zvpn.enabled | bool | `false` | |
| gateways.istio-ingressgateway.zvpn.suffix | string | `"global"` | |
| global.arch.amd64 | int | `2` | |
| global.arch.ppc64le | int | `2` | |
| global.arch.s390x | int | `2` | |
| global.caAddress | string | `""` | |
| global.defaultConfigVisibilitySettings | list | `[]` | |
| global.defaultPodDisruptionBudget.enabled | bool | `true` | |
| global.defaultResources.requests.cpu | string | `"10m"` | |
| global.defaultTolerations | list | `[]` | |
| global.hub | string | `"gcr.io/istio-testing"` | |
| global.imagePullPolicy | string | `""` | |
| global.imagePullSecrets | list | `[]` | |
| global.istioNamespace | string | `"istio-system"` | |
| global.jwtPolicy | string | `"third-party-jwt"` | |
| global.logAsJson | bool | `false` | |
| global.logging.level | string | `"default:info"` | |
| global.meshExpansion.enabled | bool | `false` | |
| global.meshExpansion.useILB | bool | `false` | |
| global.meshID | string | `""` | |
| global.mountMtlsCerts | bool | `false` | |
| global.multiCluster.clusterName | string | `""` | |
| global.multiCluster.enabled | bool | `false` | |
| global.multiCluster.globalDomainSuffix | string | `"global"` | |
| global.multiCluster.includeEnvoyFilter | bool | `true` | |
| global.network | string | `""` | |
| global.pilotCertProvider | string | `"istiod"` | |
| global.priorityClassName | string | `""` | |
| global.proxy.clusterDomain | string | `"cluster.local"` | |
| global.proxy.componentLogLevel | string | `"misc:error"` | |
| global.proxy.enableCoreDump | bool | `false` | |
| global.proxy.image | string | `"proxyv2"` | |
| global.proxy.logLevel | string | `"warning"` | |
| global.sds.token.aud | string | `"istio-ca"` | |
| global.sts.servicePort | int | `0` | |
| global.tag | string | `"latest"` | |
| meshConfig.defaultConfig.proxyMetadata | object | `{}` | |
| meshConfig.defaultConfig.tracing | string | `nil` | |
| meshConfig.enablePrometheusMerge | bool | `true` | |
| ownerName | string | `""` | |
| revision | string | `""` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)

View File

@ -1,23 +0,0 @@
# base
![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square)
Helm chart for deploying Istio cluster resources and CRDs
## Source Code
* <http://github.com/istio/istio>
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| base.enableCRDTemplates | bool | `false` | |
| base.validationURL | string | `""` | |
| global.configValidation | bool | `true` | |
| global.imagePullSecrets | list | `[]` | |
| global.istioNamespace | string | `"istio-system"` | |
| global.istiod.enableAnalysis | bool | `false` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)

View File

@ -1,133 +0,0 @@
# istio-discovery
![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
Helm chart for istio control plane
## Source Code
* <http://github.com/istio/istio>
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.caAddress | string | `""` | |
| global.centralIstiod | bool | `false` | |
| global.defaultPodDisruptionBudget.enabled | bool | `true` | |
| global.defaultResources.requests.cpu | string | `"10m"` | |
| global.externalIstiod | bool | `false` | |
| global.hub | string | `"gcr.io/istio-testing"` | |
| global.imagePullPolicy | string | `""` | |
| global.imagePullSecrets | list | `[]` | |
| global.istioNamespace | string | `"istio-system"` | |
| global.istiod.enableAnalysis | bool | `false` | |
| global.jwtPolicy | string | `"third-party-jwt"` | |
| global.logAsJson | bool | `false` | |
| global.logging.level | string | `"default:info"` | |
| global.meshID | string | `""` | |
| global.meshNetworks | object | `{}` | |
| global.mountMtlsCerts | bool | `false` | |
| global.multiCluster.clusterName | string | `""` | |
| global.multiCluster.enabled | bool | `false` | |
| global.network | string | `""` | |
| global.omitSidecarInjectorConfigMap | bool | `false` | |
| global.oneNamespace | bool | `false` | |
| global.operatorManageWebhooks | bool | `false` | |
| global.pilotCertProvider | string | `"istiod"` | |
| global.priorityClassName | string | `""` | |
| global.proxy.autoInject | string | `"enabled"` | |
| global.proxy.clusterDomain | string | `"cluster.local"` | |
| global.proxy.componentLogLevel | string | `"misc:error"` | |
| global.proxy.enableCoreDump | bool | `false` | |
| global.proxy.excludeIPRanges | string | `""` | |
| global.proxy.excludeInboundPorts | string | `""` | |
| global.proxy.excludeOutboundPorts | string | `""` | |
| global.proxy.holdApplicationUntilProxyStarts | bool | `false` | |
| global.proxy.image | string | `"proxyv2"` | |
| global.proxy.includeIPRanges | string | `"*"` | |
| global.proxy.logLevel | string | `"warning"` | |
| global.proxy.privileged | bool | `false` | |
| global.proxy.readinessFailureThreshold | int | `30` | |
| global.proxy.readinessInitialDelaySeconds | int | `1` | |
| global.proxy.readinessPeriodSeconds | int | `2` | |
| global.proxy.resources.limits.cpu | string | `"2000m"` | |
| global.proxy.resources.limits.memory | string | `"1024Mi"` | |
| global.proxy.resources.requests.cpu | string | `"100m"` | |
| global.proxy.resources.requests.memory | string | `"128Mi"` | |
| global.proxy.statusPort | int | `15020` | |
| global.proxy.tracer | string | `"zipkin"` | |
| global.proxy_init.image | string | `"proxyv2"` | |
| global.proxy_init.resources.limits.cpu | string | `"2000m"` | |
| global.proxy_init.resources.limits.memory | string | `"1024Mi"` | |
| global.proxy_init.resources.requests.cpu | string | `"10m"` | |
| global.proxy_init.resources.requests.memory | string | `"10Mi"` | |
| global.remotePilotAddress | string | `""` | |
| global.sds.token.aud | string | `"istio-ca"` | |
| global.sts.servicePort | int | `0` | |
| global.tag | string | `"latest"` | |
| global.tracer.datadog.address | string | `"$(HOST_IP):8126"` | |
| global.tracer.lightstep.accessToken | string | `""` | |
| global.tracer.lightstep.address | string | `""` | |
| global.tracer.stackdriver.debug | bool | `false` | |
| global.tracer.stackdriver.maxNumberOfAnnotations | int | `200` | |
| global.tracer.stackdriver.maxNumberOfAttributes | int | `200` | |
| global.tracer.stackdriver.maxNumberOfMessageEvents | int | `200` | |
| global.tracer.zipkin.address | string | `""` | |
| global.trustDomain | string | `""` | |
| global.useMCP | bool | `false` | |
| istiodRemote.injectionURL | string | `""` | |
| meshConfig.defaultConfig.proxyMetadata.DNS_AGENT | string | `""` | |
| meshConfig.rootNamespace | string | `"istio-system"` | |
| ownerName | string | `""` | |
| pilot.autoscaleEnabled | bool | `true` | |
| pilot.autoscaleMax | int | `5` | |
| pilot.autoscaleMin | int | `1` | |
| pilot.configMap | bool | `true` | |
| pilot.configSource.subscribedResources | list | `[]` | |
| pilot.cpu.targetAverageUtilization | int | `80` | |
| pilot.deploymentLabels | object | `{}` | |
| pilot.enableProtocolSniffingForInbound | bool | `true` | |
| pilot.enableProtocolSniffingForOutbound | bool | `true` | |
| pilot.env | object | `{}` | |
| pilot.hub | string | `""` | |
| pilot.image | string | `"pilot"` | |
| pilot.jwksResolverExtraRootCA | string | `""` | |
| pilot.keepaliveMaxServerConnectionAge | string | `"30m"` | |
| pilot.nodeSelector | object | `{}` | |
| pilot.plugins | list | `[]` | |
| pilot.podAnnotations | object | `{}` | |
| pilot.replicaCount | int | `1` | |
| pilot.resources.requests.cpu | string | `"500m"` | |
| pilot.resources.requests.memory | string | `"2048Mi"` | |
| pilot.rollingMaxSurge | string | `"100%"` | |
| pilot.rollingMaxUnavailable | string | `"25%"` | |
| pilot.tag | string | `""` | |
| pilot.traceSampling | float | `1` | |
| revision | string | `""` | |
| sidecarInjectorWebhook.alwaysInjectSelector | list | `[]` | |
| sidecarInjectorWebhook.enableNamespacesByDefault | bool | `false` | |
| sidecarInjectorWebhook.injectedAnnotations | object | `{}` | |
| sidecarInjectorWebhook.neverInjectSelector | list | `[]` | |
| sidecarInjectorWebhook.objectSelector.autoInject | bool | `true` | |
| sidecarInjectorWebhook.objectSelector.enabled | bool | `false` | |
| sidecarInjectorWebhook.rewriteAppHTTPProbe | bool | `true` | |
| telemetry.enabled | bool | `true` | |
| telemetry.v2.accessLogPolicy.enabled | bool | `false` | |
| telemetry.v2.accessLogPolicy.logWindowDuration | string | `"43200s"` | |
| telemetry.v2.enabled | bool | `true` | |
| telemetry.v2.metadataExchange.wasmEnabled | bool | `false` | |
| telemetry.v2.prometheus.configOverride.gateway | object | `{}` | |
| telemetry.v2.prometheus.configOverride.inboundSidecar | object | `{}` | |
| telemetry.v2.prometheus.configOverride.outboundSidecar | object | `{}` | |
| telemetry.v2.prometheus.enabled | bool | `true` | |
| telemetry.v2.prometheus.wasmEnabled | bool | `false` | |
| telemetry.v2.stackdriver.configOverride | object | `{}` | |
| telemetry.v2.stackdriver.disableOutbound | bool | `false` | |
| telemetry.v2.stackdriver.enabled | bool | `false` | |
| telemetry.v2.stackdriver.logging | bool | `false` | |
| telemetry.v2.stackdriver.monitoring | bool | `false` | |
| telemetry.v2.stackdriver.topology | bool | `false` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)

View File

@ -57,7 +57,7 @@ Kubernetes: `>= 1.16.0`
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| eck-operator.enabled | bool | `false` | | | eck-operator.enabled | bool | `true` | |
| eck-operator.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | eck-operator.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| eck-operator.tolerations[0].effect | string | `"NoSchedule"` | | | eck-operator.tolerations[0].effect | string | `"NoSchedule"` | |
| eck-operator.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | eck-operator.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |

View File

@ -48,6 +48,9 @@ spec:
{{- end }} {{- end }}
containers: containers:
- name: elasticsearch - name: elasticsearch
securityContext:
capabilities:
add: ["SYS_CHROOT"]
resources: resources:
requests: requests:
cpu: {{ default "200m" .cpu_request }} cpu: {{ default "200m" .cpu_request }}

View File

@ -2,7 +2,7 @@
# fullnameOverride: "" # fullnameOverride: ""
eck-operator: eck-operator:
enabled: false enabled: true
tolerations: tolerations:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
effect: NoSchedule effect: NoSchedule

View File

@ -1,6 +1,6 @@
# kubezero-metrics # kubezero-metrics
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for prometheus-operator KubeZero Umbrella Chart for prometheus-operator
@ -18,7 +18,7 @@ Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 12.2.4 | | https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 12.3.0 |
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 2.7.1 | | https://prometheus-community.github.io/helm-charts | prometheus-adapter | 2.7.1 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
@ -26,10 +26,22 @@ Kubernetes: `>= 1.16.0`
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| grafana.istio.enabled | bool | `false` | | | istio.alertmanager.destination | string | `"metrics-kube-prometheus-st-alertmanager"` | |
| grafana.istio.gateway | string | `"istio-ingress/ingressgateway"` | | | istio.alertmanager.enabled | bool | `false` | |
| grafana.istio.ipBlocks | list | `[]` | | | istio.alertmanager.gateway | string | `"istio-ingress/ingressgateway"` | |
| grafana.istio.url | string | `""` | | | istio.alertmanager.ipBlocks | list | `[]` | |
| istio.alertmanager.url | string | `""` | |
| istio.grafana.destination | string | `"metrics-grafana"` | |
| istio.grafana.enabled | bool | `false` | |
| istio.grafana.gateway | string | `"istio-ingress/ingressgateway"` | |
| istio.grafana.ipBlocks | list | `[]` | |
| istio.grafana.url | string | `""` | |
| istio.prometheus.destination | string | `"metrics-kube-prometheus-st-prometheus"` | |
| istio.prometheus.enabled | bool | `false` | |
| istio.prometheus.gateway | string | `"istio-ingress/ingressgateway"` | |
| istio.prometheus.ipBlocks | list | `[]` | |
| istio.prometheus.url | string | `""` | |
| kube-prometheus-stack.alertmanager.alertmanagerSpec.logFormat | string | `"json"` | |
| kube-prometheus-stack.alertmanager.enabled | bool | `false` | | | kube-prometheus-stack.alertmanager.enabled | bool | `false` | |
| kube-prometheus-stack.coreDns.enabled | bool | `true` | | | kube-prometheus-stack.coreDns.enabled | bool | `true` | |
| kube-prometheus-stack.defaultRules.create | bool | `true` | | | kube-prometheus-stack.defaultRules.create | bool | `true` | |
@ -71,6 +83,7 @@ Kubernetes: `>= 1.16.0`
| kube-prometheus-stack.nodeExporter.serviceMonitor.relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_node_name"` | | | kube-prometheus-stack.nodeExporter.serviceMonitor.relabelings[0].sourceLabels[0] | string | `"__meta_kubernetes_pod_node_name"` | |
| kube-prometheus-stack.nodeExporter.serviceMonitor.relabelings[0].targetLabel | string | `"node"` | | | kube-prometheus-stack.nodeExporter.serviceMonitor.relabelings[0].targetLabel | string | `"node"` | |
| kube-prometheus-stack.prometheus.enabled | bool | `true` | | | kube-prometheus-stack.prometheus.enabled | bool | `true` | |
| kube-prometheus-stack.prometheus.prometheusSpec.logFormat | string | `"json"` | |
| kube-prometheus-stack.prometheus.prometheusSpec.portName | string | `"http-prometheus"` | | | kube-prometheus-stack.prometheus.prometheusSpec.portName | string | `"http-prometheus"` | |
| kube-prometheus-stack.prometheus.prometheusSpec.resources.limits.memory | string | `"3Gi"` | | | kube-prometheus-stack.prometheus.prometheusSpec.resources.limits.memory | string | `"3Gi"` | |
| kube-prometheus-stack.prometheus.prometheusSpec.resources.requests.cpu | string | `"500m"` | | | kube-prometheus-stack.prometheus.prometheusSpec.resources.requests.cpu | string | `"500m"` | |
@ -83,6 +96,7 @@ Kubernetes: `>= 1.16.0`
| kube-prometheus-stack.prometheusOperator.admissionWebhooks.patch.tolerations[0].effect | string | `"NoSchedule"` | | | kube-prometheus-stack.prometheusOperator.admissionWebhooks.patch.tolerations[0].effect | string | `"NoSchedule"` | |
| kube-prometheus-stack.prometheusOperator.admissionWebhooks.patch.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | kube-prometheus-stack.prometheusOperator.admissionWebhooks.patch.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| kube-prometheus-stack.prometheusOperator.enabled | bool | `true` | | | kube-prometheus-stack.prometheusOperator.enabled | bool | `true` | |
| kube-prometheus-stack.prometheusOperator.logFormat | string | `"json"` | |
| kube-prometheus-stack.prometheusOperator.namespaces.additional[0] | string | `"kube-system"` | | | kube-prometheus-stack.prometheusOperator.namespaces.additional[0] | string | `"kube-system"` | |
| kube-prometheus-stack.prometheusOperator.namespaces.additional[1] | string | `"logging"` | | | kube-prometheus-stack.prometheusOperator.namespaces.additional[1] | string | `"logging"` | |
| kube-prometheus-stack.prometheusOperator.namespaces.releaseNamespace | bool | `true` | | | kube-prometheus-stack.prometheusOperator.namespaces.releaseNamespace | bool | `true` | |
@ -108,9 +122,6 @@ Kubernetes: `>= 1.16.0`
| prometheus-adapter.rules.resource.window | string | `"3m"` | | | prometheus-adapter.rules.resource.window | string | `"3m"` | |
| prometheus-adapter.tolerations[0].effect | string | `"NoSchedule"` | | | prometheus-adapter.tolerations[0].effect | string | `"NoSchedule"` | |
| prometheus-adapter.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | prometheus-adapter.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| prometheus.istio.enabled | bool | `false` | |
| prometheus.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
| prometheus.istio.url | string | `""` | |
# Dashboards # Dashboards

View File

@ -1,6 +1,6 @@
# kubezero-redis # kubezero-redis
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for Redis HA KubeZero Umbrella Chart for Redis HA
@ -18,7 +18,8 @@ Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://charts.bitnami.com/bitnami | redis | 12.0.0 | | https://charts.bitnami.com/bitnami | redis | 12.1.1 |
| https://charts.bitnami.com/bitnami | redis-cluster | 4.1.0 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Values ## Values
@ -26,7 +27,17 @@ Kubernetes: `>= 1.16.0`
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| istio.enabled | bool | `false` | | | istio.enabled | bool | `false` | |
| redis-cluster.cluster.nodes | int | `2` | |
| redis-cluster.cluster.replicas | int | `1` | |
| redis-cluster.enabled | bool | `false` | |
| redis-cluster.metrics.enabled | bool | `false` | |
| redis-cluster.metrics.serviceMonitor.enabled | bool | `false` | |
| redis-cluster.metrics.serviceMonitor.selector.release | string | `"metrics"` | |
| redis-cluster.persistence.enabled | bool | `false` | |
| redis-cluster.redisPort | int | `6379` | |
| redis-cluster.usePassword | bool | `false` | |
| redis.cluster.slaveCount | int | `0` | | | redis.cluster.slaveCount | int | `0` | |
| redis.enabled | bool | `false` | |
| redis.master.persistence.enabled | bool | `false` | | | redis.master.persistence.enabled | bool | `false` | |
| redis.metrics.enabled | bool | `false` | | | redis.metrics.enabled | bool | `false` | |
| redis.metrics.serviceMonitor.enabled | bool | `false` | | | redis.metrics.serviceMonitor.enabled | bool | `false` | |

View File

@ -0,0 +1,36 @@
{{- if index .Values "redis-cluster" "enabled" }}
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: {{ .Release.Namespace }}-{{ .Release.Name }}-redis-cluster
namespace: istio-ingress
spec:
configPatches:
- applyTo: CLUSTER
patch:
operation: INSERT_FIRST
value:
name: "{{ .Release.Namespace }}-{{ .Release.Name }}-redis-cluster"
connect_timeout: 0.5s
lb_policy: CLUSTER_PROVIDED
load_assignment:
cluster_name: {{ .Release.Namespace }}-{{ .Release.Name }}-redis-cluster
endpoints:
- lb_endpoints:
{{- $count := index .Values "redis-cluster" "cluster" "nodes" | int }}{{ range $i, $v := until $count }}
- endpoint:
address:
socket_address:
address: {{ $.Release.Name }}-{{ $i }}.{{ $.Release.Name }}-headless.{{ $.Release.Namespace }}.svc.cluster.local
port_value: {{ index $.Values "redis-cluster" "redisPort" }}
{{- end }}
cluster_type:
name: envoy.clusters.redis
typed_config:
"@type": type.googleapis.com/google.protobuf.Struct
value:
cluster_refresh_rate: 5s
cluster_refresh_timeout: 3s
redirect_refresh_interval: 5s
redirect_refresh_threshold: 5
{{- end }}

View File

@ -0,0 +1,35 @@
{{- if index .Values "redis-cluster" "enabled" }}
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: {{ .Release.Namespace }}-{{ .Release.Name }}-redis-proxy
namespace: istio-ingress
spec:
workloadSelector:
labels:
istio: private-ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
context: GATEWAY
listener:
name: 0.0.0.0_{{ index .Values "redis-cluster" "redisPort" }}
filterChain:
filter:
name: "envoy.filters.network.tcp_proxy"
patch:
operation: REPLACE
value:
name: envoy.redis_proxy
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.redis_proxy.v2.RedisProxy
stat_prefix: redis_stats
prefix_routes:
catch_all_route:
cluster: {{ .Release.Namespace }}-{{ .Release.Name }}-redis-cluster
settings:
op_timeout: 5s
enable_redirection: true
enable_command_stats: true
read_policy: PREFER_REPLICA
{{- end }}

View File

@ -4,7 +4,7 @@ apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy kind: AuthorizationPolicy
metadata: metadata:
name: {{ .Release.Namespace }}-redis-deny-not-in-ipblocks name: {{ .Release.Namespace }}-redis-deny-not-in-ipblocks
namespace: istio-system namespace: {{ .Release.Namespace }}
labels: labels:
{{ include "kubezero-lib.labels" . | indent 4 }} {{ include "kubezero-lib.labels" . | indent 4 }}
spec: spec:

View File

@ -29,6 +29,7 @@ redis:
redis-cluster: redis-cluster:
enabled: false enabled: false
redisPort: 6379
usePassword: false usePassword: false
cluster: cluster:

View File

@ -50,6 +50,7 @@ Kubernetes: `>= 1.16.0`
| kiam.enabled | bool | `false` | | | kiam.enabled | bool | `false` | |
| local-path-provisioner.enabled | bool | `false` | | | local-path-provisioner.enabled | bool | `false` | |
| local-volume-provisioner.enabled | bool | `false` | | | local-volume-provisioner.enabled | bool | `false` | |
| logging.crds | bool | `true` | |
| logging.enabled | bool | `false` | | | logging.enabled | bool | `false` | |
| logging.namespace | string | `"logging"` | | | logging.namespace | string | `"logging"` | |
| metrics.crds | bool | `true` | | | metrics.crds | bool | `true` | |

View File

@ -101,7 +101,9 @@ function _helm() {
local namespace=$(get_namespace $2) local namespace=$(get_namespace $2)
if [ $action == "crds" ]; then if [ $action == "crds" ]; then
_crds declare -F ${release}-crds && ${release}-crds
declare -F ${release}-crds || _crds
elif [ $action == "apply" ]; then elif [ $action == "apply" ]; then
# namespace must exist prior to apply # namespace must exist prior to apply
create_ns $namespace create_ns $namespace
@ -193,6 +195,13 @@ function kiam-post() {
########### ###########
# Logging # # Logging #
########### ###########
# eck operator still doesnt support helm v3 so we have to toggle settings in the eck subchart
function logging-crds() {
helm template $(chart_location $chart) --namespace $namespace --name-template $release --skip-crds --set eck-operator.installCRDs=false > $TMPDIR/helm-no-crds.yaml
helm template $(chart_location $chart) --namespace $namespace --name-template $release --include-crds --set eck-operator.installCRDs=true > $TMPDIR/helm-crds.yaml
diff -e $TMPDIR/helm-no-crds.yaml $TMPDIR/helm-crds.yaml | head -n-1 | tail -n+2 > $TMPDIR/crds.yaml
kubectl apply -f $TMPDIR/crds.yaml
}
function logging-post() { function logging-post() {
kubectl annotate --overwrite namespace logging 'iam.amazonaws.com/permitted=.*ElasticSearchSnapshots.*' kubectl annotate --overwrite namespace logging 'iam.amazonaws.com/permitted=.*ElasticSearchSnapshots.*'
} }

View File

@ -0,0 +1,25 @@
#!/usr/bin/env bash
# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
# or more contributor license agreements. Licensed under the Elastic License;
# you may not use this file except in compliance with the Elastic License.
# Script to migrate an existing ECK 1.2.1 installation to Helm.
set -euo pipefail
RELEASE_NAMESPACE=${RELEASE_NAMESPACE:-"elastic-system"}
echo "Uninstalling ECK"
kubectl delete -n "${RELEASE_NAMESPACE}" \
serviceaccount/elastic-operator \
secret/elastic-webhook-server-cert \
clusterrole.rbac.authorization.k8s.io/elastic-operator \
clusterrole.rbac.authorization.k8s.io/elastic-operator-view \
clusterrole.rbac.authorization.k8s.io/elastic-operator-edit \
clusterrolebinding.rbac.authorization.k8s.io/elastic-operator \
rolebinding.rbac.authorization.k8s.io/elastic-operator \
service/elastic-webhook-server \
statefulset.apps/elastic-operator \
validatingwebhookconfiguration.admissionregistration.k8s.io/elastic-webhook.k8s.elastic.co

View File

@ -53,7 +53,7 @@ metrics:
logging: logging:
enabled: false enabled: false
# crds: true crds: true
namespace: logging namespace: logging
argocd: argocd: