Updated helm-docs, fluentd SSL handled by Istio, ES&Istio tuning

This commit is contained in:
Stefan Reimer 2020-10-05 03:50:23 -07:00
parent 4aeb23d8cc
commit c556df65ff
28 changed files with 291 additions and 154 deletions

View File

@ -10,7 +10,6 @@ keywords:
- gitops - gitops
maintainers: maintainers:
- name: Quarky9 - name: Quarky9
dependencies:
dependencies: dependencies:
- name: kubezero-lib - name: kubezero-lib
version: ">= 0.1.3" version: ">= 0.1.3"

View File

@ -1,25 +1,33 @@
kubezero-argo-cd # kubezero-argo-cd
================
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square)
KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
Current chart version is `0.5.3` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 | | https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| argo-cd.controller.args.appResyncPeriod | string | `"300"` | | | argo-cd.controller.args.appResyncPeriod | string | `"300"` | |
| argo-cd.controller.args.operationProcessors | string | `"1"` | | | argo-cd.controller.args.operationProcessors | string | `"2"` | |
| argo-cd.controller.args.statusProcessors | string | `"2"` | | | argo-cd.controller.args.statusProcessors | string | `"4"` | |
| argo-cd.controller.metrics.enabled | bool | `false` | | | argo-cd.controller.metrics.enabled | bool | `false` | |
| argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | | | argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | | | argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,25 @@
kubezero-aws-ebs-csi-driver # kubezero-aws-ebs-csi-driver
===========================
![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
KubeZero Umbrella Chart for aws-ebs-csi-driver KubeZero Umbrella Chart for aws-ebs-csi-driver
Current chart version is `0.3.1` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Source Code
* <https://github.com/kubernetes-sigs/aws-ebs-csi-driver>
* <https://github.com/Zero-Down-Time/kubezero>
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -23,7 +36,7 @@ podAnnotations:
By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS. By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
This class is by default also set as default storage class. This class is by default also set as default storage class.
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
@ -34,7 +47,7 @@ This class is by default also set as default storage class.
| aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` | | | aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` | |
| aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume | | aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume |
| aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume | | aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
| aws-ebs-csi-driver.replicaCount | int | `1` | | | aws-ebs-csi-driver.replicaCount | int | `1` | |
| aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` | | | aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` | |
| aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,25 @@
kubezero-aws-efs-csi-driver # kubezero-aws-efs-csi-driver
===========================
![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
KubeZero Umbrella Chart for aws-efs-csi-driver KubeZero Umbrella Chart for aws-efs-csi-driver
Current chart version is `0.1.1` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Source Code
* <https://github.com/Zero-Down-Time/kubezero>
* <https://github.com/kubernetes-sigs/aws-efs-csi-driver>
## Requirements
Kubernetes: `>=1.16.0-0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -16,7 +29,7 @@ Source code can be found [here](https://kubezero.com)
Optionally creates the *efs-cs* storage class. Optionally creates the *efs-cs* storage class.
Could also be made the default storage class if requested. Could also be made the default storage class if requested.
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,20 @@
kubezero-calico # kubezero-calico
===============
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.1](https://img.shields.io/badge/AppVersion-v3.16.1-informational?style=flat-square)
KubeZero Umbrella Chart for Calico KubeZero Umbrella Chart for Calico
Current chart version is `0.2.0` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -34,7 +42,7 @@ The setup is based on the upstream calico-vxlan config from
- Set FELIX log level to warning - Set FELIX log level to warning
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -1,12 +1,20 @@
kubezero-cert-manager # kubezero-cert-manager
=====================
![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager KubeZero Umbrella Chart for cert-manager
Current chart version is `0.3.6` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -23,7 +31,7 @@ cert-manager.podAnnotations:
## Resolver Secrets ## Resolver Secrets
If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers. If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -1,15 +1,22 @@
kubezero-istio # kubezero-istio
==============
![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square)
KubeZero Umbrella Chart for Istio KubeZero Umbrella Chart for Istio
Installs Istio Operator and KubeZero Istio profile Installs Istio Operator and KubeZero Istio profile
**Homepage:** <https://kubezero.com>
Current chart version is `0.3.3` ## Maintainers
Source code can be found [here](https://kubezero.com) | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Chart Requirements ## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -19,7 +26,7 @@ Source code can be found [here](https://kubezero.com)
## KubeZero default configuration ## KubeZero default configuration
- mapped istio-operator to run on the controller nodes only - mapped istio-operator to run on the controller nodes only
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
@ -30,7 +37,7 @@ Source code can be found [here](https://kubezero.com)
| ingress.replicaCount | int | `2` | | | ingress.replicaCount | int | `2` | |
| ingress.type | string | `"NodePort"` | | | ingress.type | string | `"NodePort"` | |
| istio-operator.hub | string | `"docker.io/istio"` | | | istio-operator.hub | string | `"docker.io/istio"` | |
| istio-operator.tag | string | `"1.7.1"` | | | istio-operator.tag | string | `"1.7.3"` | |
| istiod.autoscaleEnabled | bool | `false` | | | istiod.autoscaleEnabled | bool | `false` | |
| istiod.replicaCount | int | `1` | | | istiod.replicaCount | int | `1` | |

View File

@ -1,12 +1,17 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
Installs Istio Operator and KubeZero Istio profile Installs Istio Operator and KubeZero Istio profile
{{ template "chart.homepageLine" . }}
{{ template "chart.versionLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -76,7 +76,12 @@ spec:
- port: - port:
number: 24224 number: 24224
name: fluentd-forward name: fluentd-forward
protocol: TCP protocol: TLS
hosts: hosts:
{{- toYaml .Values.ingress.dnsNames | nindent 4 }} {{- toYaml .Values.ingress.dnsNames | nindent 4 }}
tls:
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
credentialName: public-ingress-cert
{{- end }} {{- end }}

View File

@ -46,7 +46,7 @@ spec:
resources: resources:
limits: limits:
# cpu: 2000m # cpu: 2000m
memory: 1024Mi memory: 256Mi
requests: requests:
cpu: 100m cpu: 100m
memory: 64Mi memory: 64Mi

View File

@ -43,7 +43,7 @@ spec:
resources: resources:
limits: limits:
#cpu: 2000m #cpu: 2000m
memory: 1024Mi memory: 256Mi
requests: requests:
cpu: 100m cpu: 100m
memory: 64Mi memory: 64Mi

View File

@ -1,12 +1,20 @@
kubezero-kiam # kubezero-kiam
=============
![Version: 0.2.11](https://img.shields.io/badge/Version-0.2.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.6](https://img.shields.io/badge/AppVersion-3.6-informational?style=flat-square)
KubeZero Umbrella Chart for Kiam KubeZero Umbrella Chart for Kiam
Current chart version is `0.2.10` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -31,10 +39,11 @@ By default all access to the meta-data service is blocked, expect for:
- `/latest/meta-data/instance-id` - `/latest/meta-data/instance-id`
- `/latest/dynamic/instance-identity/document` - `/latest/dynamic/instance-identity/document`
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| annotateKubeSystemNameSpace | bool | `false` | |
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | | | kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
| kiam.agent.host.interface | string | `"cali+"` | | | kiam.agent.host.interface | string | `"cali+"` | |
| kiam.agent.host.iptables | bool | `false` | | | kiam.agent.host.iptables | bool | `false` | |
@ -57,7 +66,7 @@ By default all access to the meta-data service is blocked, expect for:
| kiam.agent.updateStrategy | string | `"RollingUpdate"` | | | kiam.agent.updateStrategy | string | `"RollingUpdate"` | |
| kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | | | kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | |
| kiam.enabled | bool | `true` | | | kiam.enabled | bool | `true` | |
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role | | kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
| kiam.server.deployment.enabled | bool | `true` | | | kiam.server.deployment.enabled | bool | `true` | |
| kiam.server.deployment.replicas | int | `1` | | | kiam.server.deployment.replicas | int | `1` | |
| kiam.server.image.tag | string | `"v3.6"` | | | kiam.server.image.tag | string | `"v3.6"` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -1,19 +1,37 @@
kubezero-local-volume-provisioner # kubezero-local-volume-provisioner
=================================
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square)
KubeZero Umbrella Chart for local-static-provisioner KubeZero Umbrella Chart for local-static-provisioner
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
Current chart version is `0.1.0` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | |
| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | |
| local-static-provisioner.common.namespace | string | `"kube-system"` | |
| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` | |
| local-static-provisioner.prometheus.operator.enabled | bool | `false` | |
## KubeZero default configuration ## KubeZero default configuration
- add nodeSelector to only install on nodes actually having ephemeral local storage - add nodeSelector to only install on nodes actually having ephemeral local storage

View File

@ -1,14 +1,22 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
## KubeZero default configuration ## KubeZero default configuration
- add nodeSelector to only install on nodes actually having ephemeral local storage - add nodeSelector to only install on nodes actually having ephemeral local storage

View File

@ -1,12 +1,20 @@
kubezero-logging # kubezero-logging
================
![Version: 0.3.9](https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square)
KubeZero Umbrella Chart for complete EFK stack KubeZero Umbrella Chart for complete EFK stack
Current chart version is `0.3.6` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -34,7 +42,6 @@ Source code can be found [here](https://kubezero.com)
### FluentD ### FluentD
### Fluent-bit ### Fluent-bit
- support for dedot Lua filter to replace "." with "_" for all annotations and labels - support for dedot Lua filter to replace "." with "_" for all annotations and labels
- support for api audit log - support for api audit log
@ -45,8 +52,7 @@ Source code can be found [here](https://kubezero.com)
- setup Kibana - setup Kibana
- create `logstash-*` Index Pattern - create `logstash-*` Index Pattern
## Values
## Chart Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
@ -56,9 +62,9 @@ Source code can be found [here](https://kubezero.com)
| es.s3Snapshot.enabled | bool | `false` | | | es.s3Snapshot.enabled | bool | `false` | |
| es.s3Snapshot.iamrole | string | `""` | | | es.s3Snapshot.iamrole | string | `""` | |
| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | | | fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | | | fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 16MB\n Skip_Long_Lines On\n Refresh_Interval 10\n Exclude_Path *.gz,*.zip\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 8MB\n Skip_Long_Lines On\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | | | fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | | | fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n"` | |
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | | | fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
| fluent-bit.enabled | bool | `false` | | | fluent-bit.enabled | bool | `false` | |
| fluent-bit.serviceMonitor.enabled | bool | `true` | | | fluent-bit.serviceMonitor.enabled | bool | `true` | |
@ -67,9 +73,10 @@ Source code can be found [here](https://kubezero.com)
| fluent-bit.test.enabled | bool | `false` | | | fluent-bit.test.enabled | bool | `false` | |
| fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | |
| fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| fluentd.configMaps."filter.conf" | string | `"<filter kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | | | fluentd.configMaps."filter.conf" | string | `"<filter disabled.kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n # inject_key_prefix message_json.\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n <transport tls>\n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n </transport>\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | | | fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n send_keepalive_packet true\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer>\n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | | | fluentd.configMaps."general.conf" | string | `"<label @FLUENT_LOG>\n <match **>\n @type null\n </match>\n</label>\n<source>\n @type http\n port 9880\n bind 0.0.0.0\n keepalive_timeout 30\n</source>\n<source>\n @type monitor_agent\n bind 0.0.0.0\n port 24220\n tag fluentd.monitor.metrics\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer tag>\n @type file_single\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
| fluentd.enabled | bool | `false` | | | fluentd.enabled | bool | `false` | |
| fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` | | | fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` | |
| fluentd.env.OUTPUT_USER | string | `"elastic"` | | | fluentd.env.OUTPUT_USER | string | `"elastic"` | |
@ -79,13 +86,8 @@ Source code can be found [here](https://kubezero.com)
| fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` | | | fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` | |
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` | | | fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` | |
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` | | | fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` | |
| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` | |
| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumeMounts[0].readOnly | bool | `true` | |
| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | |
| fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | | | fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | |
| fluentd.image.tag | string | `"v3.0.4"` | | | fluentd.image.tag | string | `"v2.9.0"` | |
| fluentd.istio.enabled | bool | `false` | | | fluentd.istio.enabled | bool | `false` | |
| fluentd.metrics.enabled | bool | `false` | | | fluentd.metrics.enabled | bool | `false` | |
| fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | | | fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |

View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}

View File

@ -23,6 +23,8 @@ spec:
node.attr.zone: {{ .zone }} node.attr.zone: {{ .zone }}
cluster.routing.allocation.awareness.attributes: zone cluster.routing.allocation.awareness.attributes: zone
{{- end }} {{- end }}
transport.compress: true
node.processors: {{- default 1 .processors }}
podTemplate: podTemplate:
{{- if $.Values.es.s3Snapshot.iamrole }} {{- if $.Values.es.s3Snapshot.iamrole }}
metadata: metadata:

View File

@ -1,16 +0,0 @@
{{- if .Values.fluentd.enabled }}
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: fluentd-ingress-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
secretName: fluentd-certificate
issuerRef:
name: letsencrypt-dns-prod
kind: ClusterIssuer
dnsNames:
- "{{ .Values.fluentd.url }}"
{{- end }}

View File

@ -92,15 +92,6 @@ fluentd:
name: logging-fluentd-secret name: logging-fluentd-secret
key: shared_key key: shared_key
extraVolumes:
- name: fluentd-certs
secret:
secretName: fluentd-certificate
extraVolumeMounts:
- name: fluentd-certs
mountPath: /mnt/fluentd-certs
readOnly: true
configMaps: configMaps:
general.conf: | general.conf: |
<label @FLUENT_LOG> <label @FLUENT_LOG>
@ -127,12 +118,7 @@ fluentd:
port 24224 port 24224
bind 0.0.0.0 bind 0.0.0.0
skip_invalid_event true skip_invalid_event true
# Only for TCP not TLS send_keepalive_packet true
# send_keepalive_packet true
<transport tls>
cert_path /mnt/fluentd-certs/tls.crt
private_key_path /mnt/fluentd-certs/tls.key
</transport>
<security> <security>
self_hostname "#{ENV['HOSTNAME']}" self_hostname "#{ENV['HOSTNAME']}"
shared_key "#{ENV['FLUENTD_SHARED_KEY']}" shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
@ -204,9 +190,6 @@ fluent-bit:
Name forward Name forward
Host logging-fluentd Host logging-fluentd
Port 24224 Port 24224
tls on
tls.verify off
Shared_Key cloudbender
inputs: | inputs: |
[INPUT] [INPUT]

View File

@ -1,12 +1,20 @@
kubezero-metrics # kubezero-metrics
================
![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for prometheus-operator KubeZero Umbrella Chart for prometheus-operator
Current chart version is `0.1.4` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -14,7 +22,7 @@ Source code can be found [here](https://kubezero.com)
| https://kubernetes-charts.storage.googleapis.com/ | prometheus-operator | 9.3.1 | | https://kubernetes-charts.storage.googleapis.com/ | prometheus-operator | 9.3.1 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
@ -102,7 +110,6 @@ Source code can be found [here](https://kubezero.com)
| prometheus.istio.gateway | string | `"istio-system/ingressgateway"` | | | prometheus.istio.gateway | string | `"istio-system/ingressgateway"` | |
| prometheus.istio.url | string | `""` | | | prometheus.istio.url | string | `""` | |
# Dashboards # Dashboards
## Etcs ## Etcs

View File

@ -1,15 +1,20 @@
{{ template "chart.header" . }} {{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }} {{ template "chart.description" . }}
{{ template "chart.versionLine" . }} {{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }} {{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }} {{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }} {{ template "chart.valuesSection" . }}
# Dashboards # Dashboards
## Etcs ## Etcs

View File

@ -1,18 +1,26 @@
kubezero # kubezero
========
![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
Current chart version is `0.4.5` **Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com) ## Maintainers
## Chart Requirements | Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
@ -34,3 +42,6 @@ Source code can be found [here](https://kubezero.com)
| metrics.enabled | bool | `false` | | | metrics.enabled | bool | `false` | |
| metrics.namespace | string | `"monitoring"` | | | metrics.namespace | string | `"monitoring"` | |
| platform | string | `"aws"` | | | platform | string | `"aws"` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)