Updated helm-docs, fluentd SSL handled by Istio, ES&Istio tuning

This commit is contained in:
Stefan Reimer 2020-10-05 03:50:23 -07:00
parent 4aeb23d8cc
commit c556df65ff
28 changed files with 291 additions and 154 deletions

View File

@ -10,7 +10,6 @@ keywords:
- gitops
maintainers:
- name: Quarky9
dependencies:
dependencies:
- name: kubezero-lib
version: ">= 0.1.3"

View File

@ -1,25 +1,33 @@
kubezero-argo-cd
================
# kubezero-argo-cd
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square)
KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
Current chart version is `0.5.3`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
| https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| argo-cd.controller.args.appResyncPeriod | string | `"300"` | |
| argo-cd.controller.args.operationProcessors | string | `"1"` | |
| argo-cd.controller.args.statusProcessors | string | `"2"` | |
| argo-cd.controller.args.operationProcessors | string | `"2"` | |
| argo-cd.controller.args.statusProcessors | string | `"4"` | |
| argo-cd.controller.metrics.enabled | bool | `false` | |
| argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,25 @@
kubezero-aws-ebs-csi-driver
===========================
# kubezero-aws-ebs-csi-driver
![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
KubeZero Umbrella Chart for aws-ebs-csi-driver
Current chart version is `0.3.1`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Source Code
* <https://github.com/kubernetes-sigs/aws-ebs-csi-driver>
* <https://github.com/Zero-Down-Time/kubezero>
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -23,7 +36,7 @@ podAnnotations:
By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
This class is by default also set as default storage class.
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -34,7 +47,7 @@ This class is by default also set as default storage class.
| aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` | |
| aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume |
| aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
| aws-ebs-csi-driver.replicaCount | int | `1` | |
| aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` | |
| aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,25 @@
kubezero-aws-efs-csi-driver
===========================
# kubezero-aws-efs-csi-driver
![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
KubeZero Umbrella Chart for aws-efs-csi-driver
Current chart version is `0.1.1`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Source Code
* <https://github.com/Zero-Down-Time/kubezero>
* <https://github.com/kubernetes-sigs/aws-efs-csi-driver>
## Requirements
Kubernetes: `>=1.16.0-0`
| Repository | Name | Version |
|------------|------|---------|
@ -16,7 +29,7 @@ Source code can be found [here](https://kubezero.com)
Optionally creates the *efs-cs* storage class.
Could also be made the default storage class if requested.
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,20 @@
kubezero-calico
===============
# kubezero-calico
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.1](https://img.shields.io/badge/AppVersion-v3.16.1-informational?style=flat-square)
KubeZero Umbrella Chart for Calico
Current chart version is `0.2.0`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -15,15 +23,15 @@ Source code can be found [here](https://kubezero.com)
## KubeZero default configuration
## AWS
The setup is based on the upstream calico-vxlan config from
The setup is based on the upstream calico-vxlan config from
`https://docs.projectcalico.org/v3.15/manifests/calico-vxlan.yaml`
### Changes
- VxLAN set to Always to not expose cluster communication to VPC
- VxLAN set to Always to not expose cluster communication to VPC
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
-> No need to disable source/destination check on EC2 instances
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
-> No need to disable source/destination check on EC2 instances
-> Prepared for optional WireGuard encryption for all inter node traffic
- MTU set to 8941
@ -34,7 +42,7 @@ The setup is based on the upstream calico-vxlan config from
- Set FELIX log level to warning
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,20 @@
kubezero-cert-manager
=====================
# kubezero-cert-manager
![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager
Current chart version is `0.3.6`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -23,7 +31,7 @@ cert-manager.podAnnotations:
## Resolver Secrets
If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -1,15 +1,22 @@
kubezero-istio
==============
# kubezero-istio
![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square)
KubeZero Umbrella Chart for Istio
Installs Istio Operator and KubeZero Istio profile
**Homepage:** <https://kubezero.com>
Current chart version is `0.3.3`
## Maintainers
Source code can be found [here](https://kubezero.com)
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Chart Requirements
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -19,7 +26,7 @@ Source code can be found [here](https://kubezero.com)
## KubeZero default configuration
- mapped istio-operator to run on the controller nodes only
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -30,7 +37,7 @@ Source code can be found [here](https://kubezero.com)
| ingress.replicaCount | int | `2` | |
| ingress.type | string | `"NodePort"` | |
| istio-operator.hub | string | `"docker.io/istio"` | |
| istio-operator.tag | string | `"1.7.1"` | |
| istio-operator.tag | string | `"1.7.3"` | |
| istiod.autoscaleEnabled | bool | `false` | |
| istiod.replicaCount | int | `1` | |

View File

@ -1,12 +1,17 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
Installs Istio Operator and KubeZero Istio profile
{{ template "chart.homepageLine" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -76,7 +76,12 @@ spec:
- port:
number: 24224
name: fluentd-forward
protocol: TCP
protocol: TLS
hosts:
{{- toYaml .Values.ingress.dnsNames | nindent 4 }}
tls:
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
credentialName: public-ingress-cert
{{- end }}

View File

@ -46,7 +46,7 @@ spec:
resources:
limits:
# cpu: 2000m
memory: 1024Mi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi

View File

@ -43,7 +43,7 @@ spec:
resources:
limits:
#cpu: 2000m
memory: 1024Mi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi

View File

@ -1,12 +1,20 @@
kubezero-kiam
=============
# kubezero-kiam
![Version: 0.2.11](https://img.shields.io/badge/Version-0.2.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.6](https://img.shields.io/badge/AppVersion-3.6-informational?style=flat-square)
KubeZero Umbrella Chart for Kiam
Current chart version is `0.2.10`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -20,21 +28,22 @@ Therefore we also change the default port from 443 to 6444 to not collide with t
Make sure any firewall rules between controllers and workers are adjusted accordingly.
## Kiam Certificates
The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.
[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)
The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.
[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)
[KubeZero cert-manager](../kubezero-cert-manager/README.md)
## Metadata restrictions
Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.
By default all access to the meta-data service is blocked, expect for:
Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.
By default all access to the meta-data service is blocked, expect for:
- `/latest/meta-data/instance-id`
- `/latest/dynamic/instance-identity/document`
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| annotateKubeSystemNameSpace | bool | `false` | |
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
| kiam.agent.host.interface | string | `"cali+"` | |
| kiam.agent.host.iptables | bool | `false` | |
@ -57,7 +66,7 @@ By default all access to the meta-data service is blocked, expect for:
| kiam.agent.updateStrategy | string | `"RollingUpdate"` | |
| kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | |
| kiam.enabled | bool | `true` | |
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
| kiam.server.deployment.enabled | bool | `true` | |
| kiam.server.deployment.replicas | int | `1` | |
| kiam.server.image.tag | string | `"v3.6"` | |
@ -83,8 +92,8 @@ By default all access to the meta-data service is blocked, expect for:
| kiam.server.useHostNetwork | bool | `true` | |
## Debugging
- Verify iptables rules on hosts to be set by the kiam agent:
`iptables -L -t nat -n --line-numbers`
- Verify iptables rules on hosts to be set by the kiam agent:
`iptables -L -t nat -n --line-numbers`
`iptables -t nat -D PREROUTING <wrong rule>`
## Resources

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -1,19 +1,37 @@
kubezero-local-volume-provisioner
=================================
# kubezero-local-volume-provisioner
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square)
KubeZero Umbrella Chart for local-static-provisioner
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
Current chart version is `0.1.0`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | |
| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | |
| local-static-provisioner.common.namespace | string | `"kube-system"` | |
| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` | |
| local-static-provisioner.prometheus.operator.enabled | bool | `false` | |
## KubeZero default configuration
- add nodeSelector to only install on nodes actually having ephemeral local storage

View File

@ -1,14 +1,22 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
## KubeZero default configuration
- add nodeSelector to only install on nodes actually having ephemeral local storage

View File

@ -1,12 +1,20 @@
kubezero-logging
================
# kubezero-logging
![Version: 0.3.9](https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square)
KubeZero Umbrella Chart for complete EFK stack
Current chart version is `0.3.6`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -31,9 +39,8 @@ Source code can be found [here](https://kubezero.com)
### Kibana
- increased timeout to ES to 3 minutes
### FluentD
### FluentD
### Fluent-bit
- support for dedot Lua filter to replace "." with "_" for all annotations and labels
@ -45,8 +52,7 @@ Source code can be found [here](https://kubezero.com)
- setup Kibana
- create `logstash-*` Index Pattern
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -56,9 +62,9 @@ Source code can be found [here](https://kubezero.com)
| es.s3Snapshot.enabled | bool | `false` | |
| es.s3Snapshot.iamrole | string | `""` | |
| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 16MB\n Skip_Long_Lines On\n Refresh_Interval 10\n Exclude_Path *.gz,*.zip\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 8MB\n Skip_Long_Lines On\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n"` | |
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
| fluent-bit.enabled | bool | `false` | |
| fluent-bit.serviceMonitor.enabled | bool | `true` | |
@ -67,9 +73,10 @@ Source code can be found [here](https://kubezero.com)
| fluent-bit.test.enabled | bool | `false` | |
| fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | |
| fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| fluentd.configMaps."filter.conf" | string | `"<filter kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n <transport tls>\n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n </transport>\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer>\n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
| fluentd.configMaps."filter.conf" | string | `"<filter disabled.kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n # inject_key_prefix message_json.\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n send_keepalive_packet true\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
| fluentd.configMaps."general.conf" | string | `"<label @FLUENT_LOG>\n <match **>\n @type null\n </match>\n</label>\n<source>\n @type http\n port 9880\n bind 0.0.0.0\n keepalive_timeout 30\n</source>\n<source>\n @type monitor_agent\n bind 0.0.0.0\n port 24220\n tag fluentd.monitor.metrics\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer tag>\n @type file_single\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
| fluentd.enabled | bool | `false` | |
| fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` | |
| fluentd.env.OUTPUT_USER | string | `"elastic"` | |
@ -79,13 +86,8 @@ Source code can be found [here](https://kubezero.com)
| fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` | |
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` | |
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` | |
| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` | |
| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumeMounts[0].readOnly | bool | `true` | |
| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | |
| fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | |
| fluentd.image.tag | string | `"v3.0.4"` | |
| fluentd.image.tag | string | `"v2.9.0"` | |
| fluentd.istio.enabled | bool | `false` | |
| fluentd.metrics.enabled | bool | `false` | |
| fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

View File

@ -23,6 +23,8 @@ spec:
node.attr.zone: {{ .zone }}
cluster.routing.allocation.awareness.attributes: zone
{{- end }}
transport.compress: true
node.processors: {{- default 1 .processors }}
podTemplate:
{{- if $.Values.es.s3Snapshot.iamrole }}
metadata:

View File

@ -1,16 +0,0 @@
{{- if .Values.fluentd.enabled }}
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: fluentd-ingress-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
secretName: fluentd-certificate
issuerRef:
name: letsencrypt-dns-prod
kind: ClusterIssuer
dnsNames:
- "{{ .Values.fluentd.url }}"
{{- end }}

View File

@ -92,15 +92,6 @@ fluentd:
name: logging-fluentd-secret
key: shared_key
extraVolumes:
- name: fluentd-certs
secret:
secretName: fluentd-certificate
extraVolumeMounts:
- name: fluentd-certs
mountPath: /mnt/fluentd-certs
readOnly: true
configMaps:
general.conf: |
<label @FLUENT_LOG>
@ -127,12 +118,7 @@ fluentd:
port 24224
bind 0.0.0.0
skip_invalid_event true
# Only for TCP not TLS
# send_keepalive_packet true
<transport tls>
cert_path /mnt/fluentd-certs/tls.crt
private_key_path /mnt/fluentd-certs/tls.key
</transport>
send_keepalive_packet true
<security>
self_hostname "#{ENV['HOSTNAME']}"
shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
@ -204,9 +190,6 @@ fluent-bit:
Name forward
Host logging-fluentd
Port 24224
tls on
tls.verify off
Shared_Key cloudbender
inputs: |
[INPUT]

View File

@ -1,12 +1,20 @@
kubezero-metrics
================
# kubezero-metrics
![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for prometheus-operator
Current chart version is `0.1.4`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -14,7 +22,7 @@ Source code can be found [here](https://kubezero.com)
| https://kubernetes-charts.storage.googleapis.com/ | prometheus-operator | 9.3.1 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -102,7 +110,6 @@ Source code can be found [here](https://kubezero.com)
| prometheus.istio.gateway | string | `"istio-system/ingressgateway"` | |
| prometheus.istio.url | string | `""` | |
# Dashboards
## Etcs

View File

@ -1,15 +1,20 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
# Dashboards
## Etcs

View File

@ -1,18 +1,26 @@
kubezero
========
# kubezero
![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
Current chart version is `0.4.5`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -34,3 +42,6 @@ Source code can be found [here](https://kubezero.com)
| metrics.enabled | bool | `false` | |
| metrics.namespace | string | `"monitoring"` | |
| platform | string | `"aws"` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)