From 5b18ae575bcf815b573a1b3af679ceca6f0c641f Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 5 Aug 2021 13:52:22 +0200 Subject: [PATCH] feat: update kuberzero-redis incl. cleanup for clusters etc. --- charts/kubezero-aws-ebs-csi-driver/Chart.yaml | 2 +- charts/kubezero-aws-ebs-csi-driver/README.md | 7 ++- charts/kubezero-lib/Chart.yaml | 2 +- charts/kubezero-lib/templates/_helpers.tpl | 30 +++++---- charts/kubezero-metrics/Chart.yaml | 2 +- charts/kubezero-metrics/README.md.gotmpl | 2 + .../templates/dashboard-gunzip-cm.yaml | 4 +- charts/kubezero-metrics/values.yaml | 61 +++++++++++++++++++ charts/kubezero-redis/Chart.yaml | 4 +- .../envoyfilter-custom-redis-cluster.yaml | 2 +- .../templates/envoyfilter-redis-proxy.yaml | 2 +- .../templates/istio-authorization-policy.yaml | 2 +- .../templates/istio-service.yaml | 6 +- charts/kubezero-redis/values.yaml | 12 ++-- 14 files changed, 105 insertions(+), 33 deletions(-) diff --git a/charts/kubezero-aws-ebs-csi-driver/Chart.yaml b/charts/kubezero-aws-ebs-csi-driver/Chart.yaml index c9737ebc..aebc463d 100644 --- a/charts/kubezero-aws-ebs-csi-driver/Chart.yaml +++ b/charts/kubezero-aws-ebs-csi-driver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-aws-ebs-csi-driver description: KubeZero Umbrella Chart for aws-ebs-csi-driver type: application -version: 0.6.3 +version: 0.6.4 appVersion: 1.2.4 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-aws-ebs-csi-driver/README.md b/charts/kubezero-aws-ebs-csi-driver/README.md index 5c389a20..b0c70fa5 100644 --- a/charts/kubezero-aws-ebs-csi-driver/README.md +++ b/charts/kubezero-aws-ebs-csi-driver/README.md @@ -1,6 +1,6 @@ # kubezero-aws-ebs-csi-driver -![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.3](https://img.shields.io/badge/AppVersion-1.2.3-informational?style=flat-square) +![Version: 0.6.4](https://img.shields.io/badge/Version-0.6.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.4](https://img.shields.io/badge/AppVersion-1.2.4-informational?style=flat-square) KubeZero Umbrella Chart for aws-ebs-csi-driver @@ -23,7 +23,7 @@ Kubernetes: `>= 1.18.0` | Repository | Name | Version | |------------|------|---------| -| | aws-ebs-csi-driver | 1.2.3 | +| | aws-ebs-csi-driver | 1.2.4 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | ## IAM Role @@ -50,6 +50,9 @@ This class is by default also set as default storage class. | aws-ebs-csi-driver.controller.tolerations[0].effect | string | `"NoSchedule"` | | | aws-ebs-csi-driver.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | aws-ebs-csi-driver.enableVolumeSnapshot | bool | `true` | | +| aws-ebs-csi-driver.node.tolerations[0].effect | string | `"NoSchedule"` | | +| aws-ebs-csi-driver.node.tolerations[0].key | string | `"kubezero-workergroup"` | | +| aws-ebs-csi-driver.node.tolerations[0].operator | string | `"Exists"` | | | aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | aws-ebs-csi-driver.storageClasses[0].allowVolumeExpansion | bool | `true` | | | aws-ebs-csi-driver.storageClasses[0].name | string | `"ebs-sc-gp2-xfs"` | | diff --git a/charts/kubezero-lib/Chart.yaml b/charts/kubezero-lib/Chart.yaml index 68ed4016..82569d78 100644 --- a/charts/kubezero-lib/Chart.yaml +++ b/charts/kubezero-lib/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-lib description: KubeZero helm library - common helm functions and blocks type: library -version: 0.1.3 +version: 0.1.4 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-lib/templates/_helpers.tpl b/charts/kubezero-lib/templates/_helpers.tpl index a0b2c7eb..76c3dbe1 100644 --- a/charts/kubezero-lib/templates/_helpers.tpl +++ b/charts/kubezero-lib/templates/_helpers.tpl @@ -1,14 +1,3 @@ -{{- /* -Common set of labels -*/ -}} -{{- define "kubezero-lib.labels" -}} -helm.sh/chart: {{ include "kubezero-lib.chart" . }} -app.kubernetes.io/name: {{ include "kubezero-lib.name" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/part-of: kubezero -{{- end -}} - {{- /* Common naming functions */ -}} @@ -32,3 +21,22 @@ Common naming functions {{- define "kubezero-lib.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Selector labels +*/}} +{{- define "kubezero-lib.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubezero-lib.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- /* +Common set of labels +*/ -}} +{{- define "kubezero-lib.labels" -}} +helm.sh/chart: {{ include "kubezero-lib.chart" . }} +{{ include "kubezero-lib.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: kubezero +{{- end -}} + diff --git a/charts/kubezero-metrics/Chart.yaml b/charts/kubezero-metrics/Chart.yaml index 52908c04..b0fe43fe 100644 --- a/charts/kubezero-metrics/Chart.yaml +++ b/charts/kubezero-metrics/Chart.yaml @@ -14,7 +14,7 @@ maintainers: - name: Quarky9 dependencies: - name: kubezero-lib - version: ">= 0.1.3" + version: ">= 0.1.4" repository: https://zero-down-time.github.io/kubezero/ - name: kube-prometheus-stack version: 17.0.3 diff --git a/charts/kubezero-metrics/README.md.gotmpl b/charts/kubezero-metrics/README.md.gotmpl index ce00b33d..5f9b9648 100644 --- a/charts/kubezero-metrics/README.md.gotmpl +++ b/charts/kubezero-metrics/README.md.gotmpl @@ -21,3 +21,5 @@ - https://grafana.com/api/dashboards/9578/revisions/4/download ## Prometheus - https://grafana.com/api/dashboards/3662/revisions/2/download +## AlertManager SNS Forwarder +- https://github.com/DataReply/alertmanager-sns-forwarder diff --git a/charts/kubezero-metrics/templates/dashboard-gunzip-cm.yaml b/charts/kubezero-metrics/templates/dashboard-gunzip-cm.yaml index 446b39db..7689484e 100644 --- a/charts/kubezero-metrics/templates/dashboard-gunzip-cm.yaml +++ b/charts/kubezero-metrics/templates/dashboard-gunzip-cm.yaml @@ -7,5 +7,5 @@ metadata: {{ include "kubezero-lib.labels" $ | indent 4 }} data: script.sh: |- - #!/bin/sh - find /tmp/dashboards -name "*.gz" -exec gunzip -f -k {} \; + #!/bin/sh + find /tmp/dashboards -name "*.gz" -exec gunzip -f -k {} \; diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml index d6693ac7..b57b7b0a 100644 --- a/charts/kubezero-metrics/values.yaml +++ b/charts/kubezero-metrics/values.yaml @@ -5,6 +5,9 @@ kube-prometheus-stack: defaultRules: create: true + #additionalRuleLabels: + # clusterName: myTestCluster + # awsRegion: eu-central-1 coreDns: enabled: true @@ -199,6 +202,64 @@ kube-prometheus-stack: # externalUrl: logFormat: json + # for none AWS cluster or if SNS AlertHub should NOT be used, remove sns-forwarder by overwriting containers eg.: + # containers: [] + + # Add sns-forwarder to AlertManager pod, see: https://github.com/DataReply/alertmanager-sns-forwarder + # uses the alertmanager serviceaccount to assume IAM role, requires annotation: kubezero.com/sns_forwarder_arn_prefix to point to SNSAlertHub + # eg: "arn:aws:sns:eu-central-1:123456789012:" + containers: + - name: alertmanager-sns-forwarder + image: datareply/alertmanager-sns-forwarder:latest + imagePullPolicy: Always + env: + - name: SNS_FORWARDER_ARN_PREFIX + valueFrom: + fieldRef: + fieldPath: metadata.annotations['kubezero.com/sns_forwarder_ARN_PREFIX'] + - name: AWS_ROLE_ARN + valueFrom: + fieldRef: + fieldPath: metadata.annotations['kubezero.com/sns_forwarder_AWS_ROLE_ARN'] + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + - name: AWS_STS_REGIONAL_ENDPOINTS + value: regional + volumeMounts: + - name: aws-token + mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" + readOnly: true + resources: + limits: + memory: 64Mi + cpu: 100m + requests: + cpu: 25m + memory: 32Mi + ports: + - containerPort: 9087 + name: webhook-port + livenessProbe: + httpGet: + path: /health + port: webhook-port + initialDelaySeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: webhook-port + initialDelaySeconds: 10 + timeoutSeconds: 10 + volumes: + - name: aws-token + projected: + sources: + - serviceAccountToken: + path: token + expirationSeconds: 86400 + audience: "sts.amazonaws.com" + # Metrics adapter prometheus-adapter: enabled: true diff --git a/charts/kubezero-redis/Chart.yaml b/charts/kubezero-redis/Chart.yaml index 117f5170..15776ddf 100644 --- a/charts/kubezero-redis/Chart.yaml +++ b/charts/kubezero-redis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-redis description: KubeZero Umbrella Chart for Redis HA type: application -version: 0.3.0 +version: 0.3.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -15,7 +15,7 @@ dependencies: version: ">= 0.1.3" repository: https://zero-down-time.github.io/kubezero/ - name: redis - version: 12.1.1 + version: 14.8.8 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - name: redis-cluster diff --git a/charts/kubezero-redis/templates/envoyfilter-custom-redis-cluster.yaml b/charts/kubezero-redis/templates/envoyfilter-custom-redis-cluster.yaml index e0448022..316b157a 100644 --- a/charts/kubezero-redis/templates/envoyfilter-custom-redis-cluster.yaml +++ b/charts/kubezero-redis/templates/envoyfilter-custom-redis-cluster.yaml @@ -22,7 +22,7 @@ spec: address: socket_address: address: {{ $.Release.Name }}-{{ $i }}.{{ $.Release.Name }}-headless.{{ $.Release.Namespace }}.svc.cluster.local - port_value: {{ index $.Values "redis-cluster" "redisPort" }} + port_value: 6379 {{- end }} cluster_type: name: envoy.clusters.redis diff --git a/charts/kubezero-redis/templates/envoyfilter-redis-proxy.yaml b/charts/kubezero-redis/templates/envoyfilter-redis-proxy.yaml index f8f47055..8685330c 100644 --- a/charts/kubezero-redis/templates/envoyfilter-redis-proxy.yaml +++ b/charts/kubezero-redis/templates/envoyfilter-redis-proxy.yaml @@ -13,7 +13,7 @@ spec: match: context: GATEWAY listener: - name: 0.0.0.0_{{ index .Values "redis-cluster" "redisPort" }} + name: 0.0.0.0_{{ default 6379 .Values.istio.port }} filterChain: filter: name: "envoy.filters.network.tcp_proxy" diff --git a/charts/kubezero-redis/templates/istio-authorization-policy.yaml b/charts/kubezero-redis/templates/istio-authorization-policy.yaml index c3666def..866ae270 100644 --- a/charts/kubezero-redis/templates/istio-authorization-policy.yaml +++ b/charts/kubezero-redis/templates/istio-authorization-policy.yaml @@ -21,6 +21,6 @@ spec: {{- end }} to: - operation: - ports: ["{{ default 6379 .Values.redis.redisPort }}"] + ports: ["{{ default 6379 .Values.istio.port }}"] {{- end }} {{- end }} diff --git a/charts/kubezero-redis/templates/istio-service.yaml b/charts/kubezero-redis/templates/istio-service.yaml index edb8823c..12c0e457 100644 --- a/charts/kubezero-redis/templates/istio-service.yaml +++ b/charts/kubezero-redis/templates/istio-service.yaml @@ -13,10 +13,10 @@ spec: - {{ .Values.istio.gateway }} tcp: - match: - - port: {{ default 6379 .Values.redis.redisPort }} + - port: {{ default 6379 .Values.istio.port }} route: - destination: - host: redis-headless + host: redis-cluster-headless port: - number: {{ default 6379 .Values.redis.redisPort }} + number: 6379 {{- end }} diff --git a/charts/kubezero-redis/values.yaml b/charts/kubezero-redis/values.yaml index 6d67c071..b83f909c 100644 --- a/charts/kubezero-redis/values.yaml +++ b/charts/kubezero-redis/values.yaml @@ -1,12 +1,13 @@ redis: enabled: false - redisPort: 6379 + architecture: standalone - cluster: - slaveCount: 0 + replica: + replicaCount: 0 - usePassword: false + auth: + enabled: false master: persistence: @@ -20,14 +21,11 @@ redis: enabled: false serviceMonitor: enabled: false -# extraArgs: -# redis.addr: "redis://localhost:6379" redis-cluster: enabled: false - redisPort: 6379 usePassword: false cluster: