Updated helm-docs, fluentd SSL handled by Istio, ES&Istio tuning
This commit is contained in:
parent
4aeb23d8cc
commit
c556df65ff
@ -10,7 +10,6 @@ keywords:
|
||||
- gitops
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
dependencies:
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.3"
|
||||
|
@ -1,25 +1,33 @@
|
||||
kubezero-argo-cd
|
||||
================
|
||||
# kubezero-argo-cd
|
||||
|
||||
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square)
|
||||
|
||||
KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
|
||||
|
||||
Current chart version is `0.5.3`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 |
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| argo-cd.controller.args.appResyncPeriod | string | `"300"` | |
|
||||
| argo-cd.controller.args.operationProcessors | string | `"1"` | |
|
||||
| argo-cd.controller.args.statusProcessors | string | `"2"` | |
|
||||
| argo-cd.controller.args.operationProcessors | string | `"2"` | |
|
||||
| argo-cd.controller.args.statusProcessors | string | `"4"` | |
|
||||
| argo-cd.controller.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |
|
||||
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -1,12 +1,25 @@
|
||||
kubezero-aws-ebs-csi-driver
|
||||
===========================
|
||||
# kubezero-aws-ebs-csi-driver
|
||||
|
||||
![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for aws-ebs-csi-driver
|
||||
|
||||
Current chart version is `0.3.1`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/kubernetes-sigs/aws-ebs-csi-driver>
|
||||
* <https://github.com/Zero-Down-Time/kubezero>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -23,7 +36,7 @@ podAnnotations:
|
||||
By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
|
||||
This class is by default also set as default storage class.
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
@ -34,7 +47,7 @@ This class is by default also set as default storage class.
|
||||
| aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` | |
|
||||
| aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume |
|
||||
| aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
|
||||
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
|
||||
| aws-ebs-csi-driver.replicaCount | int | `1` | |
|
||||
| aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -1,12 +1,25 @@
|
||||
kubezero-aws-efs-csi-driver
|
||||
===========================
|
||||
# kubezero-aws-efs-csi-driver
|
||||
|
||||
![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for aws-efs-csi-driver
|
||||
|
||||
Current chart version is `0.1.1`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/Zero-Down-Time/kubezero>
|
||||
* <https://github.com/kubernetes-sigs/aws-efs-csi-driver>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -16,7 +29,7 @@ Source code can be found [here](https://kubezero.com)
|
||||
Optionally creates the *efs-cs* storage class.
|
||||
Could also be made the default storage class if requested.
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -1,12 +1,20 @@
|
||||
kubezero-calico
|
||||
===============
|
||||
# kubezero-calico
|
||||
|
||||
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.1](https://img.shields.io/badge/AppVersion-v3.16.1-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for Calico
|
||||
|
||||
Current chart version is `0.2.0`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -15,15 +23,15 @@ Source code can be found [here](https://kubezero.com)
|
||||
## KubeZero default configuration
|
||||
|
||||
## AWS
|
||||
The setup is based on the upstream calico-vxlan config from
|
||||
The setup is based on the upstream calico-vxlan config from
|
||||
`https://docs.projectcalico.org/v3.15/manifests/calico-vxlan.yaml`
|
||||
|
||||
### Changes
|
||||
|
||||
- VxLAN set to Always to not expose cluster communication to VPC
|
||||
- VxLAN set to Always to not expose cluster communication to VPC
|
||||
|
||||
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
|
||||
-> No need to disable source/destination check on EC2 instances
|
||||
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
|
||||
-> No need to disable source/destination check on EC2 instances
|
||||
-> Prepared for optional WireGuard encryption for all inter node traffic
|
||||
|
||||
- MTU set to 8941
|
||||
@ -34,7 +42,7 @@ The setup is based on the upstream calico-vxlan config from
|
||||
|
||||
- Set FELIX log level to warning
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -1,12 +1,20 @@
|
||||
kubezero-cert-manager
|
||||
=====================
|
||||
# kubezero-cert-manager
|
||||
|
||||
![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
Current chart version is `0.3.6`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -23,7 +31,7 @@ cert-manager.podAnnotations:
|
||||
## Resolver Secrets
|
||||
If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -1,15 +1,22 @@
|
||||
kubezero-istio
|
||||
==============
|
||||
# kubezero-istio
|
||||
|
||||
![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for Istio
|
||||
|
||||
Installs Istio Operator and KubeZero Istio profile
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Current chart version is `0.3.3`
|
||||
## Maintainers
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Chart Requirements
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -19,7 +26,7 @@ Source code can be found [here](https://kubezero.com)
|
||||
## KubeZero default configuration
|
||||
- mapped istio-operator to run on the controller nodes only
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
@ -30,7 +37,7 @@ Source code can be found [here](https://kubezero.com)
|
||||
| ingress.replicaCount | int | `2` | |
|
||||
| ingress.type | string | `"NodePort"` | |
|
||||
| istio-operator.hub | string | `"docker.io/istio"` | |
|
||||
| istio-operator.tag | string | `"1.7.1"` | |
|
||||
| istio-operator.tag | string | `"1.7.3"` | |
|
||||
| istiod.autoscaleEnabled | bool | `false` | |
|
||||
| istiod.replicaCount | int | `1` | |
|
||||
|
||||
|
@ -1,12 +1,17 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
Installs Istio Operator and KubeZero Istio profile
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -76,7 +76,12 @@ spec:
|
||||
- port:
|
||||
number: 24224
|
||||
name: fluentd-forward
|
||||
protocol: TCP
|
||||
protocol: TLS
|
||||
hosts:
|
||||
{{- toYaml .Values.ingress.dnsNames | nindent 4 }}
|
||||
tls:
|
||||
mode: SIMPLE
|
||||
privateKey: /etc/istio/ingressgateway-certs/tls.key
|
||||
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
|
||||
credentialName: public-ingress-cert
|
||||
{{- end }}
|
||||
|
@ -46,7 +46,7 @@ spec:
|
||||
resources:
|
||||
limits:
|
||||
# cpu: 2000m
|
||||
memory: 1024Mi
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 64Mi
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
resources:
|
||||
limits:
|
||||
#cpu: 2000m
|
||||
memory: 1024Mi
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 64Mi
|
||||
|
@ -1,12 +1,20 @@
|
||||
kubezero-kiam
|
||||
=============
|
||||
# kubezero-kiam
|
||||
|
||||
![Version: 0.2.11](https://img.shields.io/badge/Version-0.2.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.6](https://img.shields.io/badge/AppVersion-3.6-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for Kiam
|
||||
|
||||
Current chart version is `0.2.10`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -20,21 +28,22 @@ Therefore we also change the default port from 443 to 6444 to not collide with t
|
||||
Make sure any firewall rules between controllers and workers are adjusted accordingly.
|
||||
|
||||
## Kiam Certificates
|
||||
The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.
|
||||
[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)
|
||||
The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.
|
||||
[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)
|
||||
[KubeZero cert-manager](../kubezero-cert-manager/README.md)
|
||||
|
||||
## Metadata restrictions
|
||||
Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.
|
||||
By default all access to the meta-data service is blocked, expect for:
|
||||
Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.
|
||||
By default all access to the meta-data service is blocked, expect for:
|
||||
|
||||
- `/latest/meta-data/instance-id`
|
||||
- `/latest/dynamic/instance-identity/document`
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| annotateKubeSystemNameSpace | bool | `false` | |
|
||||
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
|
||||
| kiam.agent.host.interface | string | `"cali+"` | |
|
||||
| kiam.agent.host.iptables | bool | `false` | |
|
||||
@ -57,7 +66,7 @@ By default all access to the meta-data service is blocked, expect for:
|
||||
| kiam.agent.updateStrategy | string | `"RollingUpdate"` | |
|
||||
| kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | |
|
||||
| kiam.enabled | bool | `true` | |
|
||||
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
||||
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
||||
| kiam.server.deployment.enabled | bool | `true` | |
|
||||
| kiam.server.deployment.replicas | int | `1` | |
|
||||
| kiam.server.image.tag | string | `"v3.6"` | |
|
||||
@ -83,8 +92,8 @@ By default all access to the meta-data service is blocked, expect for:
|
||||
| kiam.server.useHostNetwork | bool | `true` | |
|
||||
|
||||
## Debugging
|
||||
- Verify iptables rules on hosts to be set by the kiam agent:
|
||||
`iptables -L -t nat -n --line-numbers`
|
||||
- Verify iptables rules on hosts to be set by the kiam agent:
|
||||
`iptables -L -t nat -n --line-numbers`
|
||||
`iptables -t nat -D PREROUTING <wrong rule>`
|
||||
|
||||
## Resources
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -1,19 +1,37 @@
|
||||
kubezero-local-volume-provisioner
|
||||
=================================
|
||||
# kubezero-local-volume-provisioner
|
||||
|
||||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for local-static-provisioner
|
||||
|
||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||
|
||||
Current chart version is `0.1.0`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | |
|
||||
| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | |
|
||||
| local-static-provisioner.common.namespace | string | `"kube-system"` | |
|
||||
| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` | |
|
||||
| local-static-provisioner.prometheus.operator.enabled | bool | `false` | |
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||
|
@ -1,14 +1,22 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||
|
@ -1,12 +1,20 @@
|
||||
kubezero-logging
|
||||
================
|
||||
# kubezero-logging
|
||||
|
||||
![Version: 0.3.9](https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for complete EFK stack
|
||||
|
||||
Current chart version is `0.3.6`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -31,9 +39,8 @@ Source code can be found [here](https://kubezero.com)
|
||||
### Kibana
|
||||
|
||||
- increased timeout to ES to 3 minutes
|
||||
|
||||
### FluentD
|
||||
|
||||
### FluentD
|
||||
|
||||
### Fluent-bit
|
||||
- support for dedot Lua filter to replace "." with "_" for all annotations and labels
|
||||
@ -45,8 +52,7 @@ Source code can be found [here](https://kubezero.com)
|
||||
- setup Kibana
|
||||
- create `logstash-*` Index Pattern
|
||||
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
@ -56,9 +62,9 @@ Source code can be found [here](https://kubezero.com)
|
||||
| es.s3Snapshot.enabled | bool | `false` | |
|
||||
| es.s3Snapshot.iamrole | string | `""` | |
|
||||
| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
|
||||
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
|
||||
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 16MB\n Skip_Long_Lines On\n Refresh_Interval 10\n Exclude_Path *.gz,*.zip\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 8MB\n Skip_Long_Lines On\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
|
||||
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
|
||||
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | |
|
||||
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n"` | |
|
||||
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
|
||||
| fluent-bit.enabled | bool | `false` | |
|
||||
| fluent-bit.serviceMonitor.enabled | bool | `true` | |
|
||||
@ -67,9 +73,10 @@ Source code can be found [here](https://kubezero.com)
|
||||
| fluent-bit.test.enabled | bool | `false` | |
|
||||
| fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||
| fluentd.configMaps."filter.conf" | string | `"<filter kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
|
||||
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n <transport tls>\n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n </transport>\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
|
||||
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer>\n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
|
||||
| fluentd.configMaps."filter.conf" | string | `"<filter disabled.kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n # inject_key_prefix message_json.\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
|
||||
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n send_keepalive_packet true\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
|
||||
| fluentd.configMaps."general.conf" | string | `"<label @FLUENT_LOG>\n <match **>\n @type null\n </match>\n</label>\n<source>\n @type http\n port 9880\n bind 0.0.0.0\n keepalive_timeout 30\n</source>\n<source>\n @type monitor_agent\n bind 0.0.0.0\n port 24220\n tag fluentd.monitor.metrics\n</source>\n"` | |
|
||||
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer tag>\n @type file_single\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
|
||||
| fluentd.enabled | bool | `false` | |
|
||||
| fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` | |
|
||||
| fluentd.env.OUTPUT_USER | string | `"elastic"` | |
|
||||
@ -79,13 +86,8 @@ Source code can be found [here](https://kubezero.com)
|
||||
| fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` | |
|
||||
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` | |
|
||||
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` | |
|
||||
| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` | |
|
||||
| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` | |
|
||||
| fluentd.extraVolumeMounts[0].readOnly | bool | `true` | |
|
||||
| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | |
|
||||
| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | |
|
||||
| fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | |
|
||||
| fluentd.image.tag | string | `"v3.0.4"` | |
|
||||
| fluentd.image.tag | string | `"v2.9.0"` | |
|
||||
| fluentd.istio.enabled | bool | `false` | |
|
||||
| fluentd.metrics.enabled | bool | `false` | |
|
||||
| fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |
|
||||
|
@ -1,9 +1,15 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
|
@ -23,6 +23,8 @@ spec:
|
||||
node.attr.zone: {{ .zone }}
|
||||
cluster.routing.allocation.awareness.attributes: zone
|
||||
{{- end }}
|
||||
transport.compress: true
|
||||
node.processors: {{- default 1 .processors }}
|
||||
podTemplate:
|
||||
{{- if $.Values.es.s3Snapshot.iamrole }}
|
||||
metadata:
|
||||
|
@ -1,16 +0,0 @@
|
||||
{{- if .Values.fluentd.enabled }}
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: fluentd-ingress-cert
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||
spec:
|
||||
secretName: fluentd-certificate
|
||||
issuerRef:
|
||||
name: letsencrypt-dns-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- "{{ .Values.fluentd.url }}"
|
||||
{{- end }}
|
@ -92,15 +92,6 @@ fluentd:
|
||||
name: logging-fluentd-secret
|
||||
key: shared_key
|
||||
|
||||
extraVolumes:
|
||||
- name: fluentd-certs
|
||||
secret:
|
||||
secretName: fluentd-certificate
|
||||
extraVolumeMounts:
|
||||
- name: fluentd-certs
|
||||
mountPath: /mnt/fluentd-certs
|
||||
readOnly: true
|
||||
|
||||
configMaps:
|
||||
general.conf: |
|
||||
<label @FLUENT_LOG>
|
||||
@ -127,12 +118,7 @@ fluentd:
|
||||
port 24224
|
||||
bind 0.0.0.0
|
||||
skip_invalid_event true
|
||||
# Only for TCP not TLS
|
||||
# send_keepalive_packet true
|
||||
<transport tls>
|
||||
cert_path /mnt/fluentd-certs/tls.crt
|
||||
private_key_path /mnt/fluentd-certs/tls.key
|
||||
</transport>
|
||||
send_keepalive_packet true
|
||||
<security>
|
||||
self_hostname "#{ENV['HOSTNAME']}"
|
||||
shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
|
||||
@ -204,9 +190,6 @@ fluent-bit:
|
||||
Name forward
|
||||
Host logging-fluentd
|
||||
Port 24224
|
||||
tls on
|
||||
tls.verify off
|
||||
Shared_Key cloudbender
|
||||
|
||||
inputs: |
|
||||
[INPUT]
|
||||
|
@ -1,12 +1,20 @@
|
||||
kubezero-metrics
|
||||
================
|
||||
# kubezero-metrics
|
||||
|
||||
![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for prometheus-operator
|
||||
|
||||
Current chart version is `0.1.4`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -14,7 +22,7 @@ Source code can be found [here](https://kubezero.com)
|
||||
| https://kubernetes-charts.storage.googleapis.com/ | prometheus-operator | 9.3.1 |
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
@ -102,7 +110,6 @@ Source code can be found [here](https://kubezero.com)
|
||||
| prometheus.istio.gateway | string | `"istio-system/ingressgateway"` | |
|
||||
| prometheus.istio.url | string | `""` | |
|
||||
|
||||
|
||||
# Dashboards
|
||||
|
||||
## Etcs
|
||||
|
@ -1,15 +1,20 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.versionLine" . }}
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.sourceLinkLine" . }}
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
|
||||
# Dashboards
|
||||
|
||||
## Etcs
|
||||
|
@ -1,18 +1,26 @@
|
||||
kubezero
|
||||
========
|
||||
# kubezero
|
||||
|
||||
![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
|
||||
|
||||
Current chart version is `0.4.5`
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
Source code can be found [here](https://kubezero.com)
|
||||
## Maintainers
|
||||
|
||||
## Chart Requirements
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## Chart Values
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
@ -34,3 +42,6 @@ Source code can be found [here](https://kubezero.com)
|
||||
| metrics.enabled | bool | `false` | |
|
||||
| metrics.namespace | string | `"monitoring"` | |
|
||||
| platform | string | `"aws"` | |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)
|
||||
|
Loading…
Reference in New Issue
Block a user