EBS-CSI version bump, reduce ArgoCD concurrency to reduce load spikes, sync from 180s to 300s

charts/kubezero-argo-cd/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 name: kubezero-argo-cd
-version: 0.3.11
+version: 0.3.13
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-argo-cd/README.md

@@ -2,7 +2,7 @@ kubezero-argo-cd
 ================
 KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 
-Current chart version is `0.3.9`
+Current chart version is `0.3.13`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -17,6 +17,9 @@ Source code can be found [here](https://kubezero.com)
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| argo-cd.controller.args.appResyncPeriod | string | `"300"` |  |
+| argo-cd.controller.args.operationProcessors | string | `"1"` |  |
+| argo-cd.controller.args.statusProcessors | string | `"2"` |  |
 | argo-cd.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
 | argo-cd.controller.tolerations[0].effect | string | `"NoSchedule"` |  |
 | argo-cd.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
@@ -31,6 +34,7 @@ Source code can be found [here](https://kubezero.com)
 | argo-cd.repoServer.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
 | argo-cd.repoServer.tolerations[0].effect | string | `"NoSchedule"` |  |
 | argo-cd.repoServer.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
+| argo-cd.server.config."resource.customizations" | string | `"cert-manager.io/Certificate:\n  # Lua script for customizing the health status assessment\n  health.lua: |\n    hs = {}\n    if obj.status ~= nil then\n      if obj.status.conditions ~= nil then\n        for i, condition in ipairs(obj.status.conditions) do\n          if condition.type == \"Ready\" and condition.status == \"False\" then\n            hs.status = \"Degraded\"\n            hs.message = condition.message\n            return hs\n          end\n          if condition.type == \"Ready\" and condition.status == \"True\" then\n            hs.status = \"Healthy\"\n            hs.message = condition.message\n            return hs\n          end\n        end\n      end\n    end\n    hs.status = \"Progressing\"\n    hs.message = \"Waiting for certificate\"\n    return hs\n"` |  |
 | argo-cd.server.config.url | string | `"argocd.example.com"` | ArgoCD hostname to be exposed via Istio |
 | argo-cd.server.extraArgs[0] | string | `"--insecure"` |  |
 | argo-cd.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
@@ -41,3 +45,6 @@ Source code can be found [here](https://kubezero.com)
 | kubezero.global.defaultSource.pathPrefix | string | `""` | optional path prefix within repoURL to support eg. remote subtrees |
 | kubezero.global.defaultSource.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | default repository for argocd applications |
 | kubezero.global.defaultSource.targetRevision | string | `"HEAD"` | default tracking of repoURL |
+
+## Resources
+- https://argoproj.github.io/argo-cd/operator-manual/metrics/

charts/kubezero-argo-cd/README.md.gotmpl

@@ -0,0 +1,13 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionLine" . }}
+
+{{ template "chart.sourceLinkLine" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+## Resources
+- https://argoproj.github.io/argo-cd/operator-manual/metrics/

charts/kubezero-argo-cd/values.yaml

@@ -26,6 +26,11 @@ argo-cd:
 
   # Run Argo on the controllers
   controller:
+    args:
+      statusProcessors: "2"
+      operationProcessors: "1"
+      appResyncPeriod: "300"
+
     nodeSelector:
       node-role.kubernetes.io/master: ""
     tolerations:
@@ -44,30 +49,30 @@ argo-cd:
       # argo-cd.server.config.url -- ArgoCD hostname to be exposed via Istio
       url: argocd.example.com
 
-  resource.customizations: |
+      resource.customizations: |
-    cert-manager.io/Certificate:
+        cert-manager.io/Certificate:
-      # Lua script for customizing the health status assessment
+          # Lua script for customizing the health status assessment
-      health.lua: |
+          health.lua: |
-        hs = {}
+            hs = {}
-        if obj.status ~= nil then
+            if obj.status ~= nil then
-          if obj.status.conditions ~= nil then
+              if obj.status.conditions ~= nil then
-            for i, condition in ipairs(obj.status.conditions) do
+                for i, condition in ipairs(obj.status.conditions) do
-              if condition.type == "Ready" and condition.status == "False" then
+                  if condition.type == "Ready" and condition.status == "False" then
-                hs.status = "Degraded"
+                    hs.status = "Degraded"
-                hs.message = condition.message
+                    hs.message = condition.message
-                return hs
+                    return hs
-              end
+                  end
-              if condition.type == "Ready" and condition.status == "True" then
+                  if condition.type == "Ready" and condition.status == "True" then
-                hs.status = "Healthy"
+                    hs.status = "Healthy"
-                hs.message = condition.message
+                    hs.message = condition.message
-                return hs
+                    return hs
+                  end
+                end
               end
             end
-          end
+            hs.status = "Progressing"
-        end
+            hs.message = "Waiting for certificate"
-        hs.status = "Progressing"
+            return hs
-        hs.message = "Waiting for certificate"
-        return hs
 
     # Rename former https port to grpc, works with istio + insecure
     service:

charts/kubezero-aws-ebs-csi-driver/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-aws-ebs-csi-driver
 description: KubeZero Umbrella Chart for aws-ebs-csi-driver
 type: application
-version: 0.3.0
+version: 0.3.1
 appVersion: 0.6.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

charts/kubezero-aws-ebs-csi-driver/README.md

@@ -2,7 +2,7 @@ kubezero-aws-ebs-csi-driver
 ===========================
 KubeZero Umbrella Chart for aws-ebs-csi-driver
 
-Current chart version is `0.3.0`
+Current chart version is `0.3.1`
 
 Source code can be found [here](https://kubezero.com)
 

charts/kubezero-aws-ebs-csi-driver/charts/aws-ebs-csi-driver/Chart.yaml

@@ -1,16 +1,16 @@
 apiVersion: v1
-appVersion: "0.6.0"
+appVersion: 0.6.0
-name: aws-ebs-csi-driver
 description: A Helm chart for AWS EBS CSI Driver
-version: 0.5.0
-kubeVersion: ">=1.13.0-0"
 home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
-sources:
-  - https://github.com/kubernetes-sigs/aws-ebs-csi-driver
 keywords:
-  - aws
+- aws
-  - ebs
+- ebs
-  - csi
+- csi
+kubeVersion: '>=1.13.0-0'
 maintainers:
-  - name: leakingtapan
+- email: chengpan@amazon.com
-    email: chengpan@amazon.com
+  name: leakingtapan
+name: aws-ebs-csi-driver
+sources:
+- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
+version: 0.5.0

charts/kubezero-aws-ebs-csi-driver/charts/aws-ebs-csi-driver/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 2
 
 image:
   repository: amazon/aws-ebs-csi-driver
-  tag: "v0.5.0"
+  tag: "v0.6.0"
   pullPolicy: IfNotPresent
 
 sidecars:

charts/kubezero-kiam/README.md

@@ -41,6 +41,7 @@ By default all access to the meta-data service is blocked, expect for:
 | kiam.agent.image.tag | string | `"v3.6"` |  |
 | kiam.agent.log.level | string | `"warn"` |  |
 | kiam.agent.prometheus.servicemonitor.enabled | bool | `false` |  |
+| kiam.agent.prometheus.servicemonitor.interval | string | `"30s"` |  |
 | kiam.agent.prometheus.servicemonitor.labels.release | string | `"metrics"` |  |
 | kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` |  |
 | kiam.agent.tlsCerts.caFileName | string | `"ca.crt"` |  |
@@ -58,6 +59,7 @@ By default all access to the meta-data service is blocked, expect for:
 | kiam.server.log.level | string | `"warn"` |  |
 | kiam.server.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
 | kiam.server.prometheus.servicemonitor.enabled | bool | `false` |  |
+| kiam.server.prometheus.servicemonitor.interval | string | `"30s"` |  |
 | kiam.server.prometheus.servicemonitor.labels.release | string | `"metrics"` |  |
 | kiam.server.service.port | int | `6444` |  |
 | kiam.server.service.targetPort | int | `6444` |  |
@@ -79,5 +81,5 @@ By default all access to the meta-data service is blocked, expect for:
 ## Resources
 - https://github.com/uswitch/kiam
 - https://www.bluematador.com/blog/iam-access-in-kubernetes-kube2iam-vs-kiam
-
+- [Grafana Dashboard](https://raw.githubusercontent.com/uswitch/kiam/master/docs/dashboard-prom.json)
 ![Kiam overview](./kiam_architecure.png)

charts/kubezero-logging/README.md

@@ -2,7 +2,7 @@ kubezero-logging
 ================
 KubeZero Umbrella Chart for complete EFK stack
 
-Current chart version is `0.0.2`
+Current chart version is `0.1.0`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -42,7 +42,7 @@ Source code can be found [here](https://kubezero.com)
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| es.elastic_password | string | `""` |  |
+| elastic_password | string | `""` |  |
 | es.nodeSets | list | `[]` |  |
 | es.prometheus | bool | `false` |  |
 | es.s3Snapshot.enabled | bool | `false` |  |