Add rabbitmq ingress gateway def

charts/kubezero-istio/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.2.2
+version: 0.2.3
 appVersion: 1.6.7
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

charts/kubezero-istio/templates/ingress-gateway.yaml

@@ -60,6 +60,18 @@ spec:
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
       credentialName: public-ingress-cert
+  - port:
+      number: 5672
+      name: amqp
+      protocol: TCP
+    hosts:
+    - "*"
+  - port:
+      number: 5671
+      name: amqps
+      protocol: TCP
+    hosts:
+    - "*"
   - port:
       number: 24224
       name: fluentd-forward

charts/kubezero-logging/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/kubezero-logging/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: kubezero-logging
+description: KubeZero Umbrella Chart for complete EFK stack
+type: application
+version: 0.0.1
+appVersion: 1.2.0
+home: https://kubezero.com
+icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
+keywords:
+  - kubezero
+  - elasticsearch
+  - kibana
+  - fluentd
+  - fluent-bit
+maintainers:
+  - name: Quarky9
+dependencies:
+  - name: kubezero-lib
+    version: ">= 0.1.3"
+    repository: https://zero-down-time.github.io/kubezero/
+kubeVersion: ">= 1.16.0"

charts/kubezero-logging/README.md

@@ -0,0 +1,47 @@
+kubezero-logging
+================
+KubeZero Umbrella Chart for complete EFK stack
+
+Current chart version is `0.0.1`
+
+Source code can be found [here](https://kubezero.com)
+
+## Chart Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
+
+## Changes from upstream
+### ECK
+- Operator mapped to controller nodes
+
+### ElasticSearch
+
+- Installed Plugins:
+    - repository-s3
+    - elasticsearch-prometheus-exporter
+
+- [Cross AZ Zone awareness](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-availability-zone-awareness) is implemented via nodeSets
+
+## Manual tasks ATM
+
+-  Install index template
+- setup Kibana
+- create `logstash-*` Index Pattern
+
+## Chart Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| es.replicas | int | `2` |  |
+| es.storage.class | string | `"local-sc-xfs"` |  |
+| es.storage.size | string | `"16Gi"` |  |
+| fullnameOverride | string | `"logging"` |  |
+| kibana.replicas | int | `1` |  |
+| version | string | `"7.6.0"` |  |
+
+## Resources:
+
+- https://www.elastic.co/downloads/elastic-cloud-kubernetes
+- https://github.com/elastic/cloud-on-k8s

charts/kubezero-logging/README.md.gotmpl

@@ -0,0 +1,41 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionLine" . }}
+
+{{ template "chart.sourceLinkLine" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+## Changes from upstream
+### ECK
+- Operator mapped to controller nodes
+
+### ES
+
+- SSL disabled ( Todo: provide cluster certs and setup Kibana/Fluentd to use https incl. client certs )
+
+- Installed Plugins:
+  - repository-s3
+  - elasticsearch-prometheus-exporter
+
+- [Cross AZ Zone awareness](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-advanced-node-scheduling.html#k8s-availability-zone-awareness) is implemented via nodeSets
+
+### Kibana
+
+- increased timeout to ES to 3 minutes
+ 
+
+## Manual tasks ATM
+
+-  Install index template
+- setup Kibana
+- create `logstash-*` Index Pattern
+
+
+{{ template "chart.valuesSection" . }}
+
+## Resources:
+
+- https://www.elastic.co/downloads/elastic-cloud-kubernetes
+- https://github.com/elastic/cloud-on-k8s

charts/kubezero-logging/eck/kustomization.yaml

@@ -0,0 +1,6 @@
+resources:
+- all-in-one.yaml
+
+# map operator to controller nodes
+patchesStrategicMerge:
+- map-operator.yaml

charts/kubezero-logging/eck/map-operator.yaml

@@ -0,0 +1,14 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: elastic-operator
+spec:
+  template:
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule

charts/kubezero-logging/eck/update.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+ECK_VERSION=1.2.0
+
+curl -o all-in-one.yaml https://download.elastic.co/downloads/eck/${ECK_VERSION}/all-in-one.yaml
+
+kubectl kustomize . > ../templates/eck-operator.yaml

charts/kubezero-logging/templates/elasticsearch.yaml

@@ -0,0 +1,83 @@
+{{- if .Values.es.nodeSets }}
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: {{ template "kubezero-lib.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  version: {{ .Values.version }}
+  nodeSets:
+  {{- range .Values.es.nodeSets }}
+  - name: {{ .name }}
+    config:
+      node.master: true
+      node.data: true
+      node.ingest: true
+      node.ml: false
+      prometheus.indices: false
+      {{- if .zone }}
+      node.attr.zone: {{ .zone }}
+      cluster.routing.allocation.awareness.attributes: zone
+      {{- end }}
+    podTemplate:
+      {{- if $.Values.es.s3_snapshot_iamrole }}
+      metadata:
+        annotations:
+          iam.amazonaws.com/role: {{ $.Values.es.s3_snapshot_iamrole }}
+      {{- end }}
+      spec:
+        initContainers:
+        - name: install-plugins
+          command:
+          - sh
+          - -c
+          - |
+            bin/elasticsearch-plugin install --batch repository-s3 && bin/elasticsearch-plugin install --batch https://github.com/vvanholl/elasticsearch-prometheus-exporter/releases/download/{{ $.Values.version }}.0/prometheus-exporter-{{ $.Values.version }}.0.zip
+        containers:
+        - name: elasticsearch
+          resources:
+            requests:
+              cpu: 100m
+              memory: 2500Mi
+            limits:
+              memory: 4Gi
+          env:
+          - name: ES_JAVA_OPTS
+            value: "-Xms2g -Xmx2g"
+        affinity:
+          podAntiAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    elasticsearch.k8s.elastic.co/cluster-name: {{ $.Values.name }}
+              topologyKey: kubernetes.io/hostname
+          {{- if .zone }}
+          nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+              nodeSelectorTerms:
+              - matchExpressions:
+                - key: failure-domain.beta.kubernetes.io/zone
+                  operator: In
+                  values:
+                  - {{ .zone }}
+          {{- end }}
+    count: {{ .count }}
+    volumeClaimTemplates:
+    - metadata:
+        name: elasticsearch-data
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: {{ .storage.size }}
+        storageClassName: {{ .storage.class }}
+  {{- end }}
+  http:
+    tls:
+      selfSignedCertificate:
+        disabled: true
+{{- end }}

charts/kubezero-logging/templates/es-servicemonitor.yaml

@@ -0,0 +1,20 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: es-{{ .Values.name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  endpoints:
+  - basicAuth:
+      username:
+        name: {{ .Values.name }}-es-elastic-user
+        key: username
+      password:
+        name: {{ .Values.name }}-es-elastic-user
+        key: elastic
+    port: http
+    path: /_prometheus/metrics
+  selector:
+    matchLabels:
+      common.k8s.elastic.co/type: elasticsearch
+      elasticsearch.k8s.elastic.co/cluster-name: {{ .Values.name }}

charts/kubezero-logging/templates/es-users.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  labels:
+    common.k8s.elastic.co/type: elasticsearch
+    elasticsearch.k8s.elastic.co/cluster-name: {{ .Values.name }}
+  name: {{ .Values.name }}-es-elastic-user
+  namespace: {{ .Release.Namespace }}
+data:
+  username: {{ "elastic" | b64enc | quote }}
+  elastic: {{ .Values.es.elastic_password | b64enc | quote }}

charts/kubezero-logging/templates/istio-virtualservice.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.kibana.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "kubezero-lib.fullname" . }}-kibana
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }} 
+spec:
+  hosts:
+  - {{ .Values.kibana.istio.url }}
+  gateways:
+  - {{ default "istio-system/ingressgateway" .Values.kibana.istio.gateway }}
+  http:
+  - route:
+    - destination:
+        host: {{ template "kubezero-lib.fullname" . }}-kb-http
+{{- end }}

charts/kubezero-logging/templates/kibana.yaml

@@ -0,0 +1,35 @@
+{{- if .Values.kibana }}
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+  name: {{ template "kubezero-lib.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  version: {{ .Values.version }}
+  count: {{ .Values.kibana.count }}
+  elasticsearchRef:
+    name: {{ template "kubezero-lib.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+  config:
+    elasticsearch.requestTimeout: 180000
+    elasticsearch.shardTimeout: 180000
+    #xpack.monitoring.enabled: false
+    #xpack.monitoring.ui.enabled: false
+    #xpack.ml.enabled: false
+  podTemplate:
+    spec:
+      containers:
+      - name: kibana
+        resources:
+          requests:
+            memory: 1Gi
+            cpu: 100m
+          limits:
+            memory: 2Gi
+  http:
+    tls:
+      selfSignedCertificate:
+        disabled: true
+{{- end }}

charts/kubezero-logging/values-test.yaml

@@ -0,0 +1,26 @@
+# Default values for zdt-logging.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# This is for backwards compatibility with older zdt-logging setup
+fullnameOverride: logging
+
+# Version for ElasticSearch and Kibana have to match so we define it at top-level
+version: 7.6.0
+
+es:
+  nodeSets:
+  - count: 2
+    storage:
+      size: 16Gi
+      class: local-sc-xfs
+    zone: us-west-2a
+  s3_snapshot_iamrole: "" # INSERT_CLOUDFORMATION_OUTPUT_ElasticSearchSnapshots
+  elastic_password: "" # super_secret_elastic_password
+
+kibana: 
+  replicas: 1
+  istio:
+    enabled: true
+    url: kibana.example.com
+    gateway: istio-system/private-ingressgateway

charts/kubezero-logging/values.yaml

@@ -0,0 +1,27 @@
+# Default values for zdt-logging.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# This is for backwards compatibility with older zdt-logging setup
+# fullnameOverride: logging
+
+# Version for ElasticSearch and Kibana have to match so we define it at top-level
+version: 7.8.1
+
+es:
+  nodeSets: []
+  #- count: 2
+  #  storage:
+  #    size: 16Gi
+  #    class: local-sc-xfs
+  #  zone: us-west-2a
+  s3_snapshot_iamrole: "" # INSERT_CLOUDFORMATION_OUTPUT_ElasticSearchSnapshots
+  elastic_password: "" # super_secret_elastic_password
+
+kibana:
+  #replicas: 1
+  #servicename: kibana.example.com
+  istio:
+    enabled: false
+    gateway: "istio-system/ingressgateway"
+    url: "" # kibana.example.com