Updated helm-docs, fluentd SSL handled by Istio, ES&Istio tuning

2020-10-05 03:50:23 -07:00 · 2020-10-05 03:50:23 -07:00 · c556df65ff
commit c556df65ff
parent 4aeb23d8cc
28 changed files with 291 additions and 154 deletions
--- a/charts/kubezero-argo-cd/Chart.yaml
+++ b/charts/kubezero-argo-cd/Chart.yaml
@ -10,7 +10,6 @@ keywords:
  - gitops
 maintainers:
  - name: Quarky9
-dependencies:
 dependencies:
  - name: kubezero-lib
    version: ">= 0.1.3"
--- a/charts/kubezero-argo-cd/README.md
+++ b/charts/kubezero-argo-cd/README.md
@ -1,25 +1,33 @@
-kubezero-argo-cd
-================
+# kubezero-argo-cd
+
+![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square)
+
 KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application

-Current chart version is `0.5.3`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
 | https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 |
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | argo-cd.controller.args.appResyncPeriod | string | `"300"` |  |
-| argo-cd.controller.args.operationProcessors | string | `"1"` |  |
-| argo-cd.controller.args.statusProcessors | string | `"2"` |  |
+| argo-cd.controller.args.operationProcessors | string | `"2"` |  |
+| argo-cd.controller.args.statusProcessors | string | `"4"` |  |
 | argo-cd.controller.metrics.enabled | bool | `false` |  |
 | argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` |  |
 | argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` |  |
--- a/charts/kubezero-argo-cd/README.md.gotmpl
+++ b/charts/kubezero-argo-cd/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-aws-ebs-csi-driver/README.md
+++ b/charts/kubezero-aws-ebs-csi-driver/README.md
@ -1,12 +1,25 @@
-kubezero-aws-ebs-csi-driver
-===========================
+# kubezero-aws-ebs-csi-driver
+
+![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
+
 KubeZero Umbrella Chart for aws-ebs-csi-driver

-Current chart version is `0.3.1`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Source Code
+
+* <https://github.com/kubernetes-sigs/aws-ebs-csi-driver>
+* <https://github.com/Zero-Down-Time/kubezero>
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -23,7 +36,7 @@ podAnnotations:
 By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
 This class is by default also set as default storage class.

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
@ -34,7 +47,7 @@ This class is by default also set as default storage class.
 | aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` |  |
 | aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume |
 | aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
-| aws-ebs-csi-driver.podAnnotations | object | `{}` |  iam.amazonaws.com/role: <IAM role ARN> to assume |
+| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
 | aws-ebs-csi-driver.replicaCount | int | `1` |  |
 | aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` |  |
 | aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
--- a/charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl
+++ b/charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-aws-efs-csi-driver/README.md
+++ b/charts/kubezero-aws-efs-csi-driver/README.md
@ -1,12 +1,25 @@
-kubezero-aws-efs-csi-driver
-===========================
+# kubezero-aws-efs-csi-driver
+
+![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
 KubeZero Umbrella Chart for aws-efs-csi-driver

-Current chart version is `0.1.1`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Source Code
+
+* <https://github.com/Zero-Down-Time/kubezero>
+* <https://github.com/kubernetes-sigs/aws-efs-csi-driver>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -16,7 +29,7 @@ Source code can be found [here](https://kubezero.com)
 Optionally creates the *efs-cs* storage class.
 Could also be made the default storage class if requested.

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
--- a/charts/kubezero-aws-efs-csi-driver/README.md.gotmpl
+++ b/charts/kubezero-aws-efs-csi-driver/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-calico/README.md
+++ b/charts/kubezero-calico/README.md
@ -1,12 +1,20 @@
-kubezero-calico
-===============
+# kubezero-calico
+
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.1](https://img.shields.io/badge/AppVersion-v3.16.1-informational?style=flat-square)
+
 KubeZero Umbrella Chart for Calico

-Current chart version is `0.2.0`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -15,15 +23,15 @@ Source code can be found [here](https://kubezero.com)
 ## KubeZero default configuration

 ## AWS
-The setup is based on the upstream calico-vxlan config from  
+The setup is based on the upstream calico-vxlan config from 
 `https://docs.projectcalico.org/v3.15/manifests/calico-vxlan.yaml`

 ### Changes

- VxLAN set to Always to not expose cluster communication to VPC  
+- VxLAN set to Always to not expose cluster communication to VPC 

-    -> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic  
-    -> No need to disable source/destination check on EC2 instances  
+    -> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic 
+    -> No need to disable source/destination check on EC2 instances 
    -> Prepared for optional WireGuard encryption for all inter node traffic

 - MTU set to 8941
@ -34,7 +42,7 @@ The setup is based on the upstream calico-vxlan config from

 - Set FELIX log level to warning

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
--- a/charts/kubezero-calico/README.md.gotmpl
+++ b/charts/kubezero-calico/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-cert-manager/README.md
+++ b/charts/kubezero-cert-manager/README.md
@ -1,12 +1,20 @@
-kubezero-cert-manager
-=====================
+# kubezero-cert-manager
+
+![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
 KubeZero Umbrella Chart for cert-manager

-Current chart version is `0.3.6`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -23,7 +31,7 @@ cert-manager.podAnnotations:
 ## Resolver Secrets
 If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
--- a/charts/kubezero-cert-manager/README.md.gotmpl
+++ b/charts/kubezero-cert-manager/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-istio/README.md
+++ b/charts/kubezero-istio/README.md
@ -1,15 +1,22 @@
-kubezero-istio
-==============
+# kubezero-istio
+
+![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square)
+
 KubeZero Umbrella Chart for Istio

 Installs Istio Operator and KubeZero Istio profile

+**Homepage:** <https://kubezero.com>

-Current chart version is `0.3.3`
+## Maintainers

-Source code can be found [here](https://kubezero.com)
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |

-## Chart Requirements
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -19,7 +26,7 @@ Source code can be found [here](https://kubezero.com)
 ## KubeZero default configuration
 - mapped istio-operator to run on the controller nodes only

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
@ -30,7 +37,7 @@ Source code can be found [here](https://kubezero.com)
 | ingress.replicaCount | int | `2` |  |
 | ingress.type | string | `"NodePort"` |  |
 | istio-operator.hub | string | `"docker.io/istio"` |  |
-| istio-operator.tag | string | `"1.7.1"` |  |
+| istio-operator.tag | string | `"1.7.3"` |  |
 | istiod.autoscaleEnabled | bool | `false` |  |
 | istiod.replicaCount | int | `1` |  |

--- a/charts/kubezero-istio/README.md.gotmpl
+++ b/charts/kubezero-istio/README.md.gotmpl
@ -1,12 +1,17 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

 Installs Istio Operator and KubeZero Istio profile

+{{ template "chart.homepageLine" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.maintainersSection" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-istio/templates/ingress-gateway.yaml
+++ b/charts/kubezero-istio/templates/ingress-gateway.yaml
@ -76,7 +76,12 @@ spec:
  - port:
      number: 24224
      name: fluentd-forward
-      protocol: TCP
+      protocol: TLS
    hosts:
    {{- toYaml .Values.ingress.dnsNames | nindent 4 }}
+    tls:
+      mode: SIMPLE
+      privateKey: /etc/istio/ingressgateway-certs/tls.key
+      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
+      credentialName: public-ingress-cert
 {{- end }}
--- a/charts/kubezero-istio/templates/istio-private-ingress.yaml
+++ b/charts/kubezero-istio/templates/istio-private-ingress.yaml
@ -46,7 +46,7 @@ spec:
        resources:
          limits:
            # cpu: 2000m
-            memory: 1024Mi
+            memory: 256Mi
          requests:
            cpu: 100m
            memory: 64Mi
--- a/charts/kubezero-istio/templates/istio.yaml
+++ b/charts/kubezero-istio/templates/istio.yaml
@ -43,7 +43,7 @@ spec:
        resources:
          limits:
            #cpu: 2000m
-            memory: 1024Mi
+            memory: 256Mi
          requests:
            cpu: 100m
            memory: 64Mi
--- a/charts/kubezero-kiam/README.md
+++ b/charts/kubezero-kiam/README.md
@ -1,12 +1,20 @@
-kubezero-kiam
-=============
+# kubezero-kiam
+
+![Version: 0.2.11](https://img.shields.io/badge/Version-0.2.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.6](https://img.shields.io/badge/AppVersion-3.6-informational?style=flat-square)
+
 KubeZero Umbrella Chart for Kiam

-Current chart version is `0.2.10`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -20,21 +28,22 @@ Therefore we also change the default port from 443 to 6444 to not collide with t
 Make sure any firewall rules between controllers and workers are adjusted accordingly.

 ## Kiam Certificates
-The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.  
-[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)  
+The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform. 
+[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager) 
 [KubeZero cert-manager](../kubezero-cert-manager/README.md)

 ## Metadata restrictions
-Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.  
-By default all access to the meta-data service is blocked, expect for:  
+Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller. 
+By default all access to the meta-data service is blocked, expect for: 

 - `/latest/meta-data/instance-id`
 - `/latest/dynamic/instance-identity/document`

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| annotateKubeSystemNameSpace | bool | `false` |  |
 | kiam.agent.gatewayTimeoutCreation | string | `"5s"` |  |
 | kiam.agent.host.interface | string | `"cali+"` |  |
 | kiam.agent.host.iptables | bool | `false` |  |
@ -57,7 +66,7 @@ By default all access to the meta-data service is blocked, expect for:
 | kiam.agent.updateStrategy | string | `"RollingUpdate"` |  |
 | kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` |  |
 | kiam.enabled | bool | `true` |  |
-| kiam.server.assumeRoleArn | string | `""` |  kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
+| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
 | kiam.server.deployment.enabled | bool | `true` |  |
 | kiam.server.deployment.replicas | int | `1` |  |
 | kiam.server.image.tag | string | `"v3.6"` |  |
@ -83,8 +92,8 @@ By default all access to the meta-data service is blocked, expect for:
 | kiam.server.useHostNetwork | bool | `true` |  |

 ## Debugging
- Verify iptables rules on hosts to be set by the kiam agent:  
-  `iptables -L -t nat -n --line-numbers`  
+- Verify iptables rules on hosts to be set by the kiam agent: 
+  `iptables -L -t nat -n --line-numbers` 
  `iptables -t nat -D PREROUTING <wrong rule>`

 ## Resources
--- a/charts/kubezero-kiam/README.md.gotmpl
+++ b/charts/kubezero-kiam/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-local-volume-provisioner/README.md
+++ b/charts/kubezero-local-volume-provisioner/README.md
@ -1,19 +1,37 @@
-kubezero-local-volume-provisioner
-=================================
+# kubezero-local-volume-provisioner
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square)
+
 KubeZero Umbrella Chart for local-static-provisioner

 Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.

-Current chart version is `0.1.0`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |

+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` |  |
+| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` |  |
+| local-static-provisioner.common.namespace | string | `"kube-system"` |  |
+| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` |  |
+| local-static-provisioner.prometheus.operator.enabled | bool | `false` |  |
+
 ## KubeZero default configuration

 - add nodeSelector to only install on nodes actually having ephemeral local storage
--- a/charts/kubezero-local-volume-provisioner/README.md.gotmpl
+++ b/charts/kubezero-local-volume-provisioner/README.md.gotmpl
@ -1,14 +1,22 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

 Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

+{{ template "chart.valuesSection" . }}
+
 ## KubeZero default configuration

 - add nodeSelector to only install on nodes actually having ephemeral local storage
--- a/charts/kubezero-logging/README.md
+++ b/charts/kubezero-logging/README.md
@ -1,12 +1,20 @@
-kubezero-logging
-================
+# kubezero-logging
+
+![Version: 0.3.9](https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square)
+
 KubeZero Umbrella Chart for complete EFK stack

-Current chart version is `0.3.6`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -31,9 +39,8 @@ Source code can be found [here](https://kubezero.com)
 ### Kibana

 - increased timeout to ES to 3 minutes
- 
-### FluentD

+### FluentD

 ### Fluent-bit
 - support for dedot Lua filter to replace "." with "_" for all annotations and labels
@ -45,8 +52,7 @@ Source code can be found [here](https://kubezero.com)
 - setup Kibana
 - create `logstash-*` Index Pattern

-
-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
@ -56,9 +62,9 @@ Source code can be found [here](https://kubezero.com)
 | es.s3Snapshot.enabled | bool | `false` |  |
 | es.s3Snapshot.iamrole | string | `""` |  |
 | fluent-bit.config.filters | string | `"[FILTER]\n    Name    lua\n    Match   kube.*\n    script  /fluent-bit/etc/functions.lua\n    call    reassemble_cri_logs\n\n[FILTER]\n    Name kubernetes\n    Match kube.*\n    Merge_Log On\n    Keep_Log Off\n    K8S-Logging.Parser On\n    K8S-Logging.Exclude On\n\n[FILTER]\n    Name    lua\n    Match   kube.*\n    script  /fluent-bit/etc/functions.lua\n    call    dedot\n"` |  |
-| fluent-bit.config.inputs | string | `"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    Parser cri\n    Tag kube.*\n    Mem_Buf_Limit 5MB\n    Skip_Long_Lines On\n    Refresh_Interval 10\n    DB /var/log/flb_kube.db\n    DB.Sync Normal\n[INPUT]\n    Name tail\n    Path /var/log/kubernetes/audit.log\n    Parser json\n    Tag audit.api-server\n    Mem_Buf_Limit 5MB\n    Skip_Long_Lines On\n    Refresh_Interval 60\n    DB /var/log/flb_kube_audit.db\n    DB.Sync Normal\n"` |  |
+| fluent-bit.config.inputs | string | `"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    Parser cri\n    Tag kube.*\n    Mem_Buf_Limit 16MB\n    Skip_Long_Lines On\n    Refresh_Interval 10\n    Exclude_Path *.gz,*.zip\n    DB /var/log/flb_kube.db\n    DB.Sync Normal\n[INPUT]\n    Name tail\n    Path /var/log/kubernetes/audit.log\n    Parser json\n    Tag audit.api-server\n    Mem_Buf_Limit 8MB\n    Skip_Long_Lines On\n    DB /var/log/flb_kube_audit.db\n    DB.Sync Normal\n"` |  |
 | fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n    if record[\"kubernetes\"] == nil then\n        return 0, 0, 0\n    end\n    dedot_keys(record[\"kubernetes\"][\"annotations\"])\n    dedot_keys(record[\"kubernetes\"][\"labels\"])\n    return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n    if map == nil then\n        return\n    end\n    local new_map = {}\n    local changed_keys = {}\n    for k, v in pairs(map) do\n        local dedotted = string.gsub(k, \"%.\", \"_\")\n        if dedotted ~= k then\n            new_map[dedotted] = v\n            changed_keys[k] = true\n        end\n    end\n    for k in pairs(changed_keys) do\n        map[k] = nil\n    end\n    for k, v in pairs(new_map) do\n        map[k] = v\n    end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n   -- IMPORTANT: reassemble_key must be unique for each parser stream\n   -- otherwise entries from different sources will get mixed up.\n   -- Either make sure that your parser tags satisfy this or construct\n   -- reassemble_key some other way\n   local reassemble_key = tag\n   -- if partial line, accumulate\n   if record.logtag == 'P' then\n      reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n      return -1, 0, 0\n   end\n   -- otherwise it's a full line, concatenate with accumulated partial lines if any\n   record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n   reassemble_state[reassemble_key] = nil\n   return 1, timestamp, record\nend\n"` |  |
-| fluent-bit.config.outputs | string | `"[OUTPUT]\n    Match *\n    Name forward\n    Host logging-fluentd\n    Port 24224\n    tls on\n    tls.verify off\n    Shared_Key cloudbender\n"` |  |
+| fluent-bit.config.outputs | string | `"[OUTPUT]\n    Match *\n    Name forward\n    Host logging-fluentd\n    Port 24224\n"` |  |
 | fluent-bit.config.service | string | `"[SERVICE]\n    Flush 5\n    Daemon Off\n    Log_Level warn\n    Parsers_File parsers.conf\n    Parsers_File custom_parsers.conf\n    HTTP_Server On\n    HTTP_Listen 0.0.0.0\n    HTTP_Port 2020\n"` |  |
 | fluent-bit.enabled | bool | `false` |  |
 | fluent-bit.serviceMonitor.enabled | bool | `true` |  |
@ -67,9 +73,10 @@ Source code can be found [here](https://kubezero.com)
 | fluent-bit.test.enabled | bool | `false` |  |
 | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` |  |
 | fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
-| fluentd.configMaps."filter.conf" | string | `"<filter kube.**>\n  @type parser\n  key_name message\n  remove_key_name_field true\n  reserve_data true\n  emit_invalid_record_to_error false\n  <parse>\n    @type json\n  </parse>\n</filter>\n"` |  |
-| fluentd.configMaps."forward-input.conf" | string | `"<source>\n  @type forward\n  port 24224\n  bind 0.0.0.0\n  skip_invalid_event true\n  <transport tls>\n    cert_path /mnt/fluentd-certs/tls.crt\n    private_key_path /mnt/fluentd-certs/tls.key\n  </transport>\n  <security>\n    self_hostname \"#{ENV['HOSTNAME']}\"\n    shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n  </security>\n</source>\n"` |  |
-| fluentd.configMaps."output.conf" | string | `"<match **>\n  @id elasticsearch\n  @type elasticsearch\n  @log_level info\n  include_tag_key true\n  id_key id\n  remove_keys id\n\n  # KubeZero pipeline incl. GeoIP etc.\n  # Freaking ES jams under load and all is lost ...\n  # pipeline fluentd\n\n  host \"#{ENV['OUTPUT_HOST']}\"\n  port \"#{ENV['OUTPUT_PORT']}\"\n  scheme \"#{ENV['OUTPUT_SCHEME']}\"\n  ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n  ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n  user \"#{ENV['OUTPUT_USER']}\"\n  password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n  log_es_400_reason\n  logstash_format true\n  reconnect_on_error true\n  # reload_on_failure true\n  request_timeout 15s\n  suppress_type_name true\n\n  <buffer>\n    @type file\n    path /var/log/fluentd-buffers/kubernetes.system.buffer\n    flush_mode interval\n    flush_thread_count 2\n    flush_interval 30s\n    flush_at_shutdown true\n    retry_type exponential_backoff\n    retry_timeout 60m\n    chunk_limit_size 16M\n    overflow_action drop_oldest_chunk\n  </buffer>\n</match>\n"` |  |
+| fluentd.configMaps."filter.conf" | string | `"<filter disabled.kube.**>\n  @type parser\n  key_name message\n  remove_key_name_field true\n  reserve_data true\n  # inject_key_prefix message_json.\n  emit_invalid_record_to_error false\n  <parse>\n    @type json\n  </parse>\n</filter>\n"` |  |
+| fluentd.configMaps."forward-input.conf" | string | `"<source>\n  @type forward\n  port 24224\n  bind 0.0.0.0\n  skip_invalid_event true\n  send_keepalive_packet true\n  <security>\n    self_hostname \"#{ENV['HOSTNAME']}\"\n    shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n  </security>\n</source>\n"` |  |
+| fluentd.configMaps."general.conf" | string | `"<label @FLUENT_LOG>\n  <match **>\n    @type null\n  </match>\n</label>\n<source>\n  @type http\n  port 9880\n  bind 0.0.0.0\n  keepalive_timeout 30\n</source>\n<source>\n  @type monitor_agent\n  bind 0.0.0.0\n  port 24220\n  tag fluentd.monitor.metrics\n</source>\n"` |  |
+| fluentd.configMaps."output.conf" | string | `"<match **>\n  @id elasticsearch\n  @type elasticsearch\n  @log_level info\n  include_tag_key true\n  id_key id\n  remove_keys id\n\n  # KubeZero pipeline incl. GeoIP etc.\n  # pipeline fluentd\n\n  host \"#{ENV['OUTPUT_HOST']}\"\n  port \"#{ENV['OUTPUT_PORT']}\"\n  scheme \"#{ENV['OUTPUT_SCHEME']}\"\n  ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n  ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n  user \"#{ENV['OUTPUT_USER']}\"\n  password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n  log_es_400_reason\n  logstash_format true\n  reconnect_on_error true\n  # reload_on_failure true\n  request_timeout 15s\n  suppress_type_name true\n\n  <buffer tag>\n    @type file_single\n    path /var/log/fluentd-buffers/kubernetes.system.buffer\n    flush_mode interval\n    flush_thread_count 2\n    flush_interval 30s\n    flush_at_shutdown true\n    retry_type exponential_backoff\n    retry_timeout 60m\n    overflow_action drop_oldest_chunk\n  </buffer>\n</match>\n"` |  |
 | fluentd.enabled | bool | `false` |  |
 | fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` |  |
 | fluentd.env.OUTPUT_USER | string | `"elastic"` |  |
@ -79,13 +86,8 @@ Source code can be found [here](https://kubezero.com)
 | fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` |  |
 | fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` |  |
 | fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` |  |
-| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` |  |
-| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` |  |
-| fluentd.extraVolumeMounts[0].readOnly | bool | `true` |  |
-| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` |  |
-| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` |  |
 | fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` |  |
-| fluentd.image.tag | string | `"v3.0.4"` |  |
+| fluentd.image.tag | string | `"v2.9.0"` |  |
 | fluentd.istio.enabled | bool | `false` |  |
 | fluentd.metrics.enabled | bool | `false` |  |
 | fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` |  |
--- a/charts/kubezero-logging/README.md.gotmpl
+++ b/charts/kubezero-logging/README.md.gotmpl
@ -1,9 +1,15 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

--- a/charts/kubezero-logging/templates/eck/elasticsearch.yaml
+++ b/charts/kubezero-logging/templates/eck/elasticsearch.yaml
@ -23,6 +23,8 @@ spec:
      node.attr.zone: {{ .zone }}
      cluster.routing.allocation.awareness.attributes: zone
      {{- end }}
+      transport.compress: true
+      node.processors: {{- default 1 .processors }}
    podTemplate:
      {{- if $.Values.es.s3Snapshot.iamrole }}
      metadata:
--- a/charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml
+++ b/charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml
@ -1,16 +0,0 @@
-{{- if .Values.fluentd.enabled }}
-apiVersion: cert-manager.io/v1alpha2
-kind: Certificate
-metadata:
-  name: fluentd-ingress-cert
-  namespace: {{ .Release.Namespace }}
-  labels:
-{{ include "kubezero-lib.labels" . | indent 4 }}
-spec:
-  secretName: fluentd-certificate
-  issuerRef:
-    name: letsencrypt-dns-prod
-    kind: ClusterIssuer
-  dnsNames:
-  - "{{ .Values.fluentd.url }}"
-{{- end }}
--- a/charts/kubezero-logging/values.yaml
+++ b/charts/kubezero-logging/values.yaml
@ -92,15 +92,6 @@ fluentd:
        name: logging-fluentd-secret
        key: shared_key

-  extraVolumes:
-    - name: fluentd-certs
-      secret:
-        secretName: fluentd-certificate
-  extraVolumeMounts:
-    - name: fluentd-certs
-      mountPath: /mnt/fluentd-certs
-      readOnly: true
-
  configMaps:
    general.conf: |
      <label @FLUENT_LOG>
@ -127,12 +118,7 @@ fluentd:
        port 24224
        bind 0.0.0.0
        skip_invalid_event true
-        # Only for TCP not TLS
-        # send_keepalive_packet true
-        <transport tls>
-          cert_path /mnt/fluentd-certs/tls.crt
-          private_key_path /mnt/fluentd-certs/tls.key
-        </transport>
+        send_keepalive_packet true
        <security>
          self_hostname "#{ENV['HOSTNAME']}"
          shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
@ -204,9 +190,6 @@ fluent-bit:
          Name forward
          Host logging-fluentd
          Port 24224
-          tls on
-          tls.verify off
-          Shared_Key cloudbender

    inputs: |
      [INPUT]
--- a/charts/kubezero-metrics/README.md
+++ b/charts/kubezero-metrics/README.md
@ -1,12 +1,20 @@
-kubezero-metrics
-================
+# kubezero-metrics
+
+![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
 KubeZero Umbrella Chart for prometheus-operator

-Current chart version is `0.1.4`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
@ -14,7 +22,7 @@ Source code can be found [here](https://kubezero.com)
 | https://kubernetes-charts.storage.googleapis.com/ | prometheus-operator | 9.3.1 |
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
@ -102,7 +110,6 @@ Source code can be found [here](https://kubezero.com)
 | prometheus.istio.gateway | string | `"istio-system/ingressgateway"` |  |
 | prometheus.istio.url | string | `""` |  |

-
 # Dashboards

 ## Etcs
--- a/charts/kubezero-metrics/README.md.gotmpl
+++ b/charts/kubezero-metrics/README.md.gotmpl
@ -1,15 +1,20 @@
 {{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
 {{ template "chart.description" . }}

-{{ template "chart.versionLine" . }}
+{{ template "chart.homepageLine" . }}

-{{ template "chart.sourceLinkLine" . }}
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}

 {{ template "chart.requirementsSection" . }}

 {{ template "chart.valuesSection" . }}

-
 # Dashboards

 ## Etcs
--- a/charts/kubezero/README.md
+++ b/charts/kubezero/README.md
@ -1,18 +1,26 @@
-kubezero
-========
+# kubezero
+
+![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
 KubeZero ArgoCD Application - Root App of Apps chart of KubeZero

-Current chart version is `0.4.5`
+**Homepage:** <https://kubezero.com>

-Source code can be found [here](https://kubezero.com)
+## Maintainers

-## Chart Requirements
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Quarky9 |  |  |
+
+## Requirements
+
+Kubernetes: `>= 1.16.0`

 | Repository | Name | Version |
 |------------|------|---------|
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |

-## Chart Values
+## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
@ -34,3 +42,6 @@ Source code can be found [here](https://kubezero.com)
 | metrics.enabled | bool | `false` |  |
 | metrics.namespace | string | `"monitoring"` |  |
 | platform | string | `"aws"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)