ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 24 Packages Projects Releases Wiki Activity

chore: fix typos, cleanup

Browse Source
This commit is contained in:
Stefan Reimer 2023-12-14 12:37:05 +00:00
parent 940a54ced4
commit 746a8447fe
5 changed files with 11 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
[B
View File

@ -1,164 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero
namespace: argocd
spec:
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: kubezero
source:
chart: kubezero
helm:
values: |
argocd:
enabled: true
configs:
cm:
url: https://argocd.vi.epmyalptest.com
istio:
enabled: true
gateway: istio-ingress/private-ingressgateway
cert-manager:
enabled: true
IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.cert-manager
clusterIssuer:
name: letsencrypt-dns-prod
email: admin@dice.net
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
route53:
region: us-east-1
selector:
dnsZones:
- epmyalptest.com
- vi.epmyalptest.com
- plaympetest.com
- vi.plaympetest.com
global:
aws:
accountId: '561550319853'
region: us-east-1
clusterName: plaympe-test-vi
highAvailable: false
istio:
enabled: true
rateLimiting:
enabled: true
istio-ingress:
enabled: true
certificates:
- name: ingress-cert
dnsNames:
- '*.epmyalptest.com'
- '*.vi.epmyalptest.com'
- '*.plaympetest.com'
- '*.vi.plaympetest.com'
istio-private-ingress:
enabled: true
certificates:
- name: private-ingress-cert
dnsNames:
- '*.epmyalptest.com'
- '*.vi.epmyalptest.com'
- '*.plaympetest.com'
- '*.vi.plaympetest.com'
kubezero:
gitSync:
path: clusters/plaympe-test/us-east-1
repoURL: https://bitbucket.org/destinymedia/kubernetes
targetRevision: HEAD
syncPolicy:
automated:
prune: true
logging:
enabled: true
fluent-bit:
enabled: true
config:
extraRecords:
source.clustername: plaympe-test-vi
output:
host: fluentd.or.epmyalptest.com
tls: true
metrics:
enabled: true
istio:
alertmanager:
enabled: true
gateway: istio-ingress/private-ingressgateway
url: alertmanager.vi.epmyalptest.com
grafana:
enabled: true
gateway: istio-ingress/private-ingressgateway
url: metrics.vi.epmyalptest.com
prometheus:
enabled: true
gateway: istio-ingress/private-ingressgateway
url: prometheus.vi.epmyalptest.com
kube-prometheus-stack:
alertmanager:
enabled: true
alertmanagerSpec:
externalUrl: https://alertmanager.vi.epmyalptest.com
prometheus:
prometheusSpec:
externalUrl: https://prometheus.vi.epmyalptest.com
network:
cilium:
enabled: true
cluster:
name: plaympe-test-vi
id: 221
ipam:
operator:
clusterPoolIPv4PodCIDRList:
- 10.221.0.0/16
operators:
enabled: true
eck-operator:
enabled: true
storage:
enabled: true
aws-ebs-csi-driver:
enabled: true
IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.ebs-csi-controller-sa
aws-efs-csi-driver:
enabled: true
IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.efs-csi-controller-sa
PersistentVolumes:
- name: services-dsny-cache
claimRef:
name: dsny-cache
namespace: services
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/services/dsny-cache
- name: services-geolocation
claimRef:
name: geolocation
namespace: services
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/services/geolocation
- name: platform-geolocation
claimRef:
name: geolocation
namespace: platform
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/platform/geolocation
- name: services-soundmouse
claimRef:
name: soundmouse
namespace: services
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/services/soundmouse
repoURL: https://cdn.zero-downtime.net/charts
targetRevision: 1.27.8
syncPolicy:
automated:
prune: true

2
charts/kubezero-ci/README.md
View File

@ -149,7 +149,7 @@ Kubernetes: `>= 1.25.0`
| renovate.env.LOG_FORMAT | string | `"json"` | | | renovate.env.LOG_FORMAT | string | `"json"` | |
| renovate.securityContext.fsGroup | int | `1000` | | | renovate.securityContext.fsGroup | int | `1000` | |
| trivy.enabled | bool | `false` | | | trivy.enabled | bool | `false` | |
| trivy.image.tag | string | `"0.45.1"` | | | trivy.image.tag | string | `"0.47.0"` | |
| trivy.persistence.enabled | bool | `true` | | | trivy.persistence.enabled | bool | `true` | |
| trivy.persistence.size | string | `"1Gi"` | | | trivy.persistence.size | string | `"1Gi"` | |
| trivy.rbac.create | bool | `false` | | | trivy.rbac.create | bool | `false` | |

2
charts/kubezero-istio-gateway/templates/envoyfilter-hardening.yaml
View File

@ -32,7 +32,7 @@ spec:
use_remote_address: true use_remote_address: true
normalize_path: true normalize_path: true
merge_slashes: true merge_slashes: true
{{- if .Values.hardening.unescapeSlahes }} {{- if .Values.hardening.unescapeSlashes }}
path_with_escaped_slashes_action: UNESCAPE_AND_REDIRECT path_with_escaped_slashes_action: UNESCAPE_AND_REDIRECT
{{- end }} {{- end }}
common_http_protocol_options: common_http_protocol_options:

2
charts/kubezero-istio-gateway/values.yaml
View File

@ -42,4 +42,4 @@ proxyProtocol: true
hardening: hardening:
rejectUnderscoresHeaders: true rejectUnderscoresHeaders: true
unescapeSlahes: true unescapeSlashes: true

8
docs/notes.md
View File

@ -52,3 +52,11 @@ See: https://github.com/int128/kauthproxy
Once installed simply execute: Once installed simply execute:
`kubectl auth-proxy -n kubernetes-dashboard https://kubernetes-dashboard.svc` `kubectl auth-proxy -n kubernetes-dashboard https://kubernetes-dashboard.svc`
and access the dashboard via the automatically opened browser window. and access the dashboard via the automatically opened browser window.
## Istio
HTTP Body size
- https://github.com/istio/istio/issues/26152
AccessLogs:
- https://dev.to/ironcore864/a-comprehensive-tutorial-on-service-mesh-istio-envoy-access-log-and-log-filtering-2j3i