chore: fix typos, cleanup

2023-12-14 12:37:05 +00:00 · 2023-12-14 12:37:05 +00:00 · 746a8447fe
commit 746a8447fe
parent 940a54ced4
5 changed files with 11 additions and 167 deletions
--- a/164
+++ b/164
@ -1,164 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kubezero
-  namespace: argocd
-spec:
-  destination:
-    namespace: argocd
-    server: https://kubernetes.default.svc
-  project: kubezero
-  source:
-    chart: kubezero
-    helm:
-      values: |
-        argocd:
-          enabled: true
-          configs:
-            cm:
-              url: https://argocd.vi.epmyalptest.com
-          istio:
-            enabled: true
-            gateway: istio-ingress/private-ingressgateway
-        cert-manager:
-          enabled: true
-          IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.cert-manager
-          clusterIssuer:
-            name: letsencrypt-dns-prod
-            email: admin@dice.net
-            server: https://acme-v02.api.letsencrypt.org/directory
-            solvers:
-              - dns01:
-                  route53:
-                    region: us-east-1
-                selector:
-                  dnsZones:
-                    - epmyalptest.com
-                    - vi.epmyalptest.com
-                    - plaympetest.com
-                    - vi.plaympetest.com
-        global:
-          aws:
-            accountId: '561550319853'
-            region: us-east-1
-          clusterName: plaympe-test-vi
-          highAvailable: false
-        istio:
-          enabled: true
-          rateLimiting:
-            enabled: true
-        istio-ingress:
-          enabled: true
-          certificates:
-            - name: ingress-cert
-              dnsNames:
-                - '*.epmyalptest.com'
-                - '*.vi.epmyalptest.com'
-                - '*.plaympetest.com'
-                - '*.vi.plaympetest.com'
-        istio-private-ingress:
-          enabled: true
-          certificates:
-            - name: private-ingress-cert
-              dnsNames:
-                - '*.epmyalptest.com'
-                - '*.vi.epmyalptest.com'
-                - '*.plaympetest.com'
-                - '*.vi.plaympetest.com'
-        kubezero:
-          gitSync:
-            path: clusters/plaympe-test/us-east-1
-            repoURL: https://bitbucket.org/destinymedia/kubernetes
-            targetRevision: HEAD
-          syncPolicy:
-            automated:
-              prune: true
-        logging:
-          enabled: true
-          fluent-bit:
-            enabled: true
-            config:
-              extraRecords:
-                source.clustername: plaympe-test-vi
-              output:
-                host: fluentd.or.epmyalptest.com
-                tls: true
-        metrics:
-          enabled: true
-          istio:
-            alertmanager:
-              enabled: true
-              gateway: istio-ingress/private-ingressgateway
-              url: alertmanager.vi.epmyalptest.com
-            grafana:
-              enabled: true
-              gateway: istio-ingress/private-ingressgateway
-              url: metrics.vi.epmyalptest.com
-            prometheus:
-              enabled: true
-              gateway: istio-ingress/private-ingressgateway
-              url: prometheus.vi.epmyalptest.com
-          kube-prometheus-stack:
-            alertmanager:
-              enabled: true
-              alertmanagerSpec:
-                externalUrl: https://alertmanager.vi.epmyalptest.com
-            prometheus:
-              prometheusSpec:
-                externalUrl: https://prometheus.vi.epmyalptest.com
-        network:
-          cilium:
-            enabled: true
-            cluster:
-              name: plaympe-test-vi
-              id: 221
-            ipam:
-              operator:
-                clusterPoolIPv4PodCIDRList:
-                  - 10.221.0.0/16
-        operators:
-          enabled: true
-          eck-operator:
-            enabled: true
-        storage:
-          enabled: true
-          aws-ebs-csi-driver:
-            enabled: true
-            IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.ebs-csi-controller-sa
-          aws-efs-csi-driver:
-            enabled: true
-            IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.efs-csi-controller-sa
-            PersistentVolumes:
-              - name: services-dsny-cache
-                claimRef:
-                  name: dsny-cache
-                  namespace: services
-                volumeAttributes:
-                  encryptInTransit: 'false'
-                volumeHandle: fs-ec4ad96f:/services/dsny-cache
-              - name: services-geolocation
-                claimRef:
-                  name: geolocation
-                  namespace: services
-                volumeAttributes:
-                  encryptInTransit: 'false'
-                volumeHandle: fs-ec4ad96f:/services/geolocation
-              - name: platform-geolocation
-                claimRef:
-                  name: geolocation
-                  namespace: platform
-                volumeAttributes:
-                  encryptInTransit: 'false'
-                volumeHandle: fs-ec4ad96f:/platform/geolocation
-              - name: services-soundmouse
-                claimRef:
-                  name: soundmouse
-                  namespace: services
-                volumeAttributes:
-                  encryptInTransit: 'false'
-                volumeHandle: fs-ec4ad96f:/services/soundmouse
-    repoURL: https://cdn.zero-downtime.net/charts
-    targetRevision: 1.27.8
-  syncPolicy:
-    automated:
-      prune: true
--- a/charts/kubezero-ci/README.md
+++ b/charts/kubezero-ci/README.md
@ -149,7 +149,7 @@ Kubernetes: `>= 1.25.0`
 | renovate.env.LOG_FORMAT | string | `"json"` |  |
 | renovate.securityContext.fsGroup | int | `1000` |  |
 | trivy.enabled | bool | `false` |  |
-| trivy.image.tag | string | `"0.45.1"` |  |
+| trivy.image.tag | string | `"0.47.0"` |  |
 | trivy.persistence.enabled | bool | `true` |  |
 | trivy.persistence.size | string | `"1Gi"` |  |
 | trivy.rbac.create | bool | `false` |  |
--- a/charts/kubezero-istio-gateway/templates/envoyfilter-hardening.yaml
+++ b/charts/kubezero-istio-gateway/templates/envoyfilter-hardening.yaml
@ -32,7 +32,7 @@ spec:
          use_remote_address: true
          normalize_path: true
          merge_slashes: true
-          {{- if .Values.hardening.unescapeSlahes }}
+          {{- if .Values.hardening.unescapeSlashes }}
          path_with_escaped_slashes_action: UNESCAPE_AND_REDIRECT
          {{- end }}
          common_http_protocol_options:
--- a/charts/kubezero-istio-gateway/values.yaml
+++ b/charts/kubezero-istio-gateway/values.yaml
@ -42,4 +42,4 @@ proxyProtocol: true

 hardening:
  rejectUnderscoresHeaders: true
-  unescapeSlahes: true
+  unescapeSlashes: true
--- a/docs/notes.md
+++ b/docs/notes.md
@ -52,3 +52,11 @@ See: https://github.com/int128/kauthproxy
 Once installed simply execute:  
 `kubectl auth-proxy -n kubernetes-dashboard https://kubernetes-dashboard.svc`  
 and access the dashboard via the automatically opened browser window.
+
+
+## Istio
+HTTP Body size
+- https://github.com/istio/istio/issues/26152
+
+AccessLogs:
+- https://dev.to/ironcore864/a-comprehensive-tutorial-on-service-mesh-istio-envoy-access-log-and-log-filtering-2j3i