diff --git a/charts/kubezero-telemetry/Chart.yaml b/charts/kubezero-telemetry/Chart.yaml index cd585b1c..1f5764b5 100644 --- a/charts/kubezero-telemetry/Chart.yaml +++ b/charts/kubezero-telemetry/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-telemetry description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. type: application -version: 0.4.2 +version: 0.5.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -46,4 +46,4 @@ dependencies: version: 0.49.0 repository: https://fluent.github.io/helm-charts condition: fluent-bit.enabled -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.30.0-0" diff --git a/charts/kubezero-telemetry/README.md b/charts/kubezero-telemetry/README.md index 9e3b07db..a215a503 100644 --- a/charts/kubezero-telemetry/README.md +++ b/charts/kubezero-telemetry/README.md @@ -14,7 +14,7 @@ KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. ## Requirements -Kubernetes: `>= 1.26.0` +Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| @@ -173,10 +173,23 @@ Kubernetes: `>= 1.26.0` | opensearch-dashboards.istio.enabled | bool | `false` | | | opensearch-dashboards.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | opensearch-dashboards.istio.url | string | `"telemetry-dashboard.example.com"` | | +| opensearch-dashboards.resources.limits.cpu | string | `nil` | | +| opensearch-dashboards.resources.limits.memory | string | `"512M"` | | +| opensearch-dashboards.resources.requests.cpu | string | `"100m"` | | +| opensearch-dashboards.resources.requests.memory | string | `"512M"` | | +| opensearch-dashboards.serviceMonitor.enabled | bool | `false` | | +| opensearch-dashboards.serviceMonitor.interval | string | `"30s"` | | +| opensearch.config."opensearch.yml" | string | `"cluster.name: opensearch-cluster\nnetwork.host: 0.0.0.0\ndiscovery.type: single-node\n"` | | | opensearch.enabled | bool | `false` | | -| opensearch.nodeSets | list | `[]` | | -| opensearch.prometheus | bool | `false` | | -| opensearch.version | string | `"2.17.0"` | | +| opensearch.maxUnavailable | int | `0` | | +| opensearch.opensearchJavaOpts | string | `"-Xmx1024M -Xms1024M"` | | +| opensearch.persistence.size | string | `"8Gi"` | | +| opensearch.resources.limits.memory | string | `"2Gi"` | | +| opensearch.resources.requests.cpu | string | `"500m"` | | +| opensearch.resources.requests.memory | string | `"2Gi"` | | +| opensearch.serviceMonitor.enabled | bool | `false` | | +| opensearch.serviceMonitor.interval | string | `"30s"` | | +| opensearch.singleNode | bool | `true` | | | opentelemetry-collector.config.exporters.otlp/data-prepper.endpoint | string | `"telemetry-data-prepper:21890"` | | | opentelemetry-collector.config.exporters.otlp/data-prepper.tls.insecure | bool | `true` | | | opentelemetry-collector.config.exporters.otlp/jaeger.endpoint | string | `"telemetry-jaeger-collector:4317"` | | diff --git a/charts/kubezero-telemetry/templates/opensearch/certificates.yaml b/charts/kubezero-telemetry/templates/opensearch/certificates.yaml deleted file mode 100644 index 966bc67b..00000000 --- a/charts/kubezero-telemetry/templates/opensearch/certificates.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- if .Values.opensearch.nodeSets }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "kubezero-lib.fullname" . }}-nodes-transport - namespace: {{ .Release.Namespace }} - labels: - {{ include "kubezero-lib.labels" . | nindent 4 }} -spec: - secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls - issuerRef: - name: kubezero-local-ca-issuer - kind: ClusterIssuer - duration: 8760h0m0s - privateKey: - encoding: PKCS8 - usages: - - "client auth" - - "server auth" - commonName: {{ template "kubezero-lib.fullname" . }}-nodes - dnsNames: - # -- - - '{{ template "kubezero-lib.fullname" . }}-nodes' - - '{{ template "kubezero-lib.fullname" . }}-nodes-*' - - '{{ template "kubezero-lib.fullname" . }}-bootstrap-0' ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "kubezero-lib.fullname" . }}-nodes-http - namespace: {{ .Release.Namespace }} - labels: - {{ include "kubezero-lib.labels" . | nindent 4 }} -spec: - secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls - issuerRef: - name: kubezero-local-ca-issuer - kind: ClusterIssuer - duration: 8760h0m0s - privateKey: - encoding: PKCS8 - usages: - - "client auth" - - "server auth" - commonName: {{ template "kubezero-lib.fullname" . }} - dnsNames: - # , ., ..svc,..svc.cluster.local - - '{{ template "kubezero-lib.fullname" . }}' - - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc' - - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local' ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "kubezero-lib.fullname" . }}-admin - namespace: {{ .Release.Namespace }} - labels: - {{ include "kubezero-lib.labels" . | nindent 4 }} -spec: - secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls - issuerRef: - name: kubezero-local-ca-issuer - kind: ClusterIssuer - duration: 8760h0m0s - usages: - - "client auth" - commonName: {{ template "kubezero-lib.fullname" . }}-admin - privateKey: - encoding: PKCS8 -{{- end }} diff --git a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml deleted file mode 100644 index a5a1e5a2..00000000 --- a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{- if .Values.opensearch.nodeSets }} -#pluginsList: ["repository-s3","https://github.com/aiven/prometheus-exporter-plugin-for-opensearch/releases/download/2.11.1.0/prometheus-exporter-2.11.1.0.zip"] -apiVersion: opensearch.opster.io/v1 -kind: OpenSearchCluster -metadata: - name: {{ template "kubezero-lib.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{ include "kubezero-lib.labels" . | nindent 4 }} -spec: - general: - serviceName: {{ template "kubezero-lib.fullname" . }} - version: {{ .Values.opensearch.version }} - setVMMaxMapCount: false - pluginsList: ["repository-s3"] - monitoring: - enable: {{ .Values.opensearch.prometheus }} - tlsConfig: - insecureSkipVerify: true - podSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - fsGroup: 1000 - securityContext: - allowPrivilegeEscalation: false - privileged: false - {{- if .Values.opensearch.dashboard.enabled }} - # https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml - dashboards: - enable: true - version: {{ .Values.opensearch.version }} - replicas: 1 - resources: - requests: - memory: "512Mi" - cpu: "200m" - limits: - memory: "1Gi" - #cpu: "200m" - podSecurityContext: - runAsNonRoot: true - fsGroup: 1000 - securityContext: - capabilities: - drop: - - ALL - privileged: false - additionalConfig: - opensearchDashboards.branding.useExpandedHeader: "false" - opensearchDashboards.branding.applicationTitle: "KubeZero Dashboards" - opensearchDashboards.branding.mark.defaultUrl: "https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png" - {{- end }} - nodePools: - {{- range .Values.opensearch.nodeSets }} - - component: nodes-{{ .name }} - replicas: {{ .replicas }} - diskSize: {{ .storage.size }} - {{- with .storage.class }} - persistence: - pvc: - storageClass: {{ . }} - {{- end }} - {{- with .resources }} - resources: {{ toYaml . | nindent 8 }} - {{- end }} - roles: - - "cluster_manager" - - "data" - {{- if gt (int .replicas) 1 }} - pdb: - enable: true - maxUnavailable: 1 - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }} - {{- end }} - additionalConfig: - index.codec: zstd_no_dict - indices.time_series_index.default_index_merge_policy: log_byte_size - {{- with .zone }} - cluster.routing.allocation.awareness.attributes: k8s_node_name,zone - node.attr.zone: {{ . }} - {{- end }} - {{- with $.Values.opensearch.settings }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - security: - config: - adminSecret: - name: {{ template "kubezero-lib.fullname" . }}-admin-tls - tls: - transport: - generate: false - perNode: false - secret: - name: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls - nodesDn: - - 'CN={{ template "kubezero-lib.fullname" . }}-nodes' - adminDn: - - 'CN={{ template "kubezero-lib.fullname" . }}-admin' - http: - generate: false - secret: - name: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls -{{- end }} diff --git a/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml b/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml deleted file mode 100644 index fd25eeaf..00000000 --- a/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.opensearch.nodeSets }} -apiVersion: opensearch.opster.io/v1 -kind: OpenSearchISMPolicy -metadata: - name: {{ template "kubezero-lib.fullname" . }}-ism-default-retention - namespace: {{ .Release.Namespace }} - labels: - {{ include "kubezero-lib.labels" . | nindent 4 }} -spec: - opensearchCluster: - name: {{ template "kubezero-lib.fullname" . }} - description: Default KubeZero retention policy - defaultState: hot - states: - - name: hot - actions: - - replicaCount: - numberOfReplicas: 1 - transitions: - - stateName: warm - conditions: - minIndexAge: "7d" - - name: warm - actions: - - replicaCount: - numberOfReplicas: 0 - transitions: - - stateName: delete - conditions: - minIndexAge: "32d" - - name: delete - actions: - - delete: {} - ismTemplate: - indexPatterns: - - "logstash-*" - - "jaeger-*" - - "otel-v1-apm-span-*" -{{- end }} diff --git a/charts/kubezero-telemetry/templates/opensearch/istio-authorization-policy.yaml b/charts/kubezero-telemetry/templates/opensearch/istio-authorization-policy.yaml index 7e2ce03b..9d22d21a 100644 --- a/charts/kubezero-telemetry/templates/opensearch/istio-authorization-policy.yaml +++ b/charts/kubezero-telemetry/templates/opensearch/istio-authorization-policy.yaml @@ -1,5 +1,5 @@ -{{- if .Values.opensearch.dashboard.istio.enabled }} -{{- if .Values.opensearch.dashboard.istio.ipBlocks }} +{{- if index .Values "opensearch-dashboards" "istio" "enabled" }} +{{- if index .Values "opensearch-dashboards" "istio" "ipBlocks" }} apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: @@ -16,10 +16,10 @@ spec: - from: - source: notIpBlocks: - {{- toYaml .Values.opensearch.dashboard.istio.ipBlocks | nindent 8 }} + {{- toYaml (index .Values "opensearch-dashboards" "istio" "ipBlocks") | nindent 8 }} to: - operation: - hosts: [{{ .Values.opensearch.dashboard.istio.url }}] + hosts: [{{ index .Values "opensearch-dashboards" "istio" "url" }}] when: - key: connection.sni values: diff --git a/charts/kubezero-telemetry/templates/opensearch/istio-virtualservice.yaml b/charts/kubezero-telemetry/templates/opensearch/istio-virtualservice.yaml index e48b2ac9..cb0e5dda 100644 --- a/charts/kubezero-telemetry/templates/opensearch/istio-virtualservice.yaml +++ b/charts/kubezero-telemetry/templates/opensearch/istio-virtualservice.yaml @@ -1,20 +1,20 @@ -{{- if .Values.opensearch.dashboard.istio.enabled }} +{{- if index .Values "opensearch-dashboards" "istio" "enabled" }} apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: {{ template "kubezero-lib.fullname" . }}-kibana namespace: {{ .Release.Namespace }} labels: -{{ include "kubezero-lib.labels" . | indent 4 }} +{{ include "kubezero-lib.labels" . | indent 4 }} spec: hosts: - - {{ .Values.opensearch.dashboard.istio.url }} + - {{ index .Values "opensearch-dashboards" "istio" "url" }} gateways: - - {{ default "istio-system/ingressgateway" .Values.opensearch.dashboard.istio.gateway }} + - {{ default "istio-system/ingressgateway" ( index .Values "opensearch-dashboards" "istio" "gateway" ) }} http: - route: - destination: - host: telemetry-dashboards + host: telemetry-opensearch-dashboards port: number: 5601 {{- end }} diff --git a/charts/kubezero-telemetry/values.yaml b/charts/kubezero-telemetry/values.yaml index 9b765d77..075098a3 100644 --- a/charts/kubezero-telemetry/values.yaml +++ b/charts/kubezero-telemetry/values.yaml @@ -227,39 +227,55 @@ jaeger: gateway: istio-ingress/private-ingressgateway url: jaeger.example.com + opensearch: enabled: false - version: 2.17.0 - prometheus: false + singleNode: true + maxUnavailable: 0 - # custom cluster settings - #settings: - # index.number_of_shards: 1 + config: + opensearch.yml: | + cluster.name: opensearch-cluster + network.host: 0.0.0.0 + discovery.type: single-node + + opensearchJavaOpts: "-Xmx1024M -Xms1024M" + resources: + requests: + cpu: "500m" + memory: "2Gi" + limits: + memory: "2Gi" + persistence: + size: 8Gi + + serviceMonitor: + enabled: false + interval: 30s - nodeSets: [] - #- name: default-nodes - # replicas: 2 - # storage: - # size: 16Gi - # class: my-fancy-SSDs - # zone: us-west-2a - # resources: - # limits: - # #cpu: 1 - # memory: 2Gi - # requests: - # cpu: 500m - # memory: 2Gi opensearch-dashboards: enabled: false + resources: + requests: + cpu: "100m" + memory: "512M" + limits: + cpu: null + memory: "512M" + + serviceMonitor: + enabled: false + interval: 30s + istio: enabled: false gateway: istio-ingress/private-ingressgateway url: telemetry-dashboard.example.com + # New logging pipeline fluentd: enabled: false diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index ba3cba94..c76c0c8b 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -32,7 +32,7 @@ Kubernetes: `>= 1.32.0-0` | addons.external-dns.enabled | bool | `false` | | | addons.forseti.enabled | bool | `false` | | | addons.sealed-secrets.enabled | bool | `false` | | -| addons.targetRevision | string | `"0.8.13"` | | +| addons.targetRevision | string | `"0.8.14"` | | | argo.argo-cd.enabled | bool | `false` | | | argo.argo-cd.istio.enabled | bool | `false` | | | argo.argocd-image-updater.enabled | bool | `false` | | @@ -77,10 +77,10 @@ Kubernetes: `>= 1.32.0-0` | network.cilium.cluster | object | `{}` | | | network.enabled | bool | `true` | | | network.retain | bool | `true` | | -| network.targetRevision | string | `"0.5.7"` | | +| network.targetRevision | string | `"0.5.8"` | | | operators.enabled | bool | `false` | | | operators.namespace | string | `"operators"` | | -| operators.targetRevision | string | `"0.2.0"` | | +| operators.targetRevision | string | `"0.2.1"` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.enabled | bool | `false` | | @@ -88,7 +88,7 @@ Kubernetes: `>= 1.32.0-0` | storage.k8up.enabled | bool | `false` | | | storage.lvm-localpv.enabled | bool | `false` | | | storage.snapshotController.enabled | bool | `false` | | -| storage.targetRevision | string | `"0.8.10"` | | +| storage.targetRevision | string | `"0.8.11"` | | | telemetry.enabled | bool | `false` | | | telemetry.namespace | string | `"telemetry"` | | | telemetry.targetRevision | string | `"0.4.1"` | | diff --git a/charts/kubezero/templates/telemetry.yaml b/charts/kubezero/templates/telemetry.yaml index c47edcef..e11399a1 100644 --- a/charts/kubezero/templates/telemetry.yaml +++ b/charts/kubezero/templates/telemetry.yaml @@ -57,27 +57,22 @@ jaeger: {{- if .Values.telemetry.opensearch }} opensearch: - {{- if .Values.telemetry.opensearch.nodeSets }} - nodeSets: - {{- with .Values.telemetry.opensearch.nodeSets }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- with .Values.telemetry.opensearch }} + {{- toYaml . | nindent 2 }} {{- end }} - {{- if .Values.telemetry.opensearch.dashboard }} - dashboard: - {{- with .Values.telemetry.opensearch.dashboard }} - {{- toYaml . | nindent 4 }} - {{- end }} + serviceMonitor: + enabled: {{ .Values.metrics.enabled }} +{{- end }} + +{{- if index .Values "telemetry" "opensearch-dashboards" }} +opensearch-dashboards: + {{- with index .Values "telemetry" "opensearch-dashboards" }} + {{- toYaml . | nindent 2 }} {{- end }} - {{- with .Values.telemetry.opensearch.settings }} - settings: - {{- toYaml . | nindent 4 }} - {{- end }} - - prometheus: {{ .Values.metrics.enabled }} - + serviceMonitor: + enabled: {{ .Values.metrics.enabled }} {{- end }} {{- end }}