V1.24 beta, metrics updates, minor tweaks and fixes
This commit is contained in:
parent
1c2f67524e
commit
ea55015ec5
@ -154,10 +154,18 @@ echo "Adjust kubezero values as needed:"
|
|||||||
# shellcheck disable=SC2015
|
# shellcheck disable=SC2015
|
||||||
argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
||||||
|
|
||||||
|
# Remove calico
|
||||||
|
#kubectl delete deployment calico-kube-controllers -n kube-system || true
|
||||||
|
#kubectl delete daemonset calico-node -n kube-system || true
|
||||||
|
#kubectl delete network-attachment-definitions calico -n kube-system || true
|
||||||
|
|
||||||
|
# Remove previous cilium config as the helm options are additive only -> fail
|
||||||
|
kubectl delete configmap cilium-config -n kube-system || true
|
||||||
|
|
||||||
control_plane_upgrade "apply_network, apply_addons, apply_storage"
|
control_plane_upgrade "apply_network, apply_addons, apply_storage"
|
||||||
|
|
||||||
kubectl rollout restart daemonset/cilium -n kube-system
|
|
||||||
kubectl rollout restart daemonset/kube-multus-ds -n kube-system
|
kubectl rollout restart daemonset/kube-multus-ds -n kube-system
|
||||||
|
kubectl rollout restart daemonset/cilium -n kube-system
|
||||||
|
|
||||||
echo "Checking that all pods in kube-system are running ..."
|
echo "Checking that all pods in kube-system are running ..."
|
||||||
waitSystemPodsRunning
|
waitSystemPodsRunning
|
||||||
|
@ -17,8 +17,8 @@ protectKernelDefaults: {{ .Values.protectKernelDefaults }}
|
|||||||
tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256]
|
tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256]
|
||||||
featureGates:
|
featureGates:
|
||||||
{{- include "kubeadm.featuregates" ( dict "return" "map" ) | nindent 2 }}
|
{{- include "kubeadm.featuregates" ( dict "return" "map" ) | nindent 2 }}
|
||||||
# Minimal unit is 50m per pod
|
# Minimal unit is 40m per pod
|
||||||
podsPerCore: 20
|
podsPerCore: 25
|
||||||
# cpuCFSQuotaPeriod: 10ms
|
# cpuCFSQuotaPeriod: 10ms
|
||||||
# Basic OS incl. crio
|
# Basic OS incl. crio
|
||||||
systemReserved:
|
systemReserved:
|
||||||
|
@ -133,7 +133,7 @@ spec:
|
|||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 20Mi
|
memory: 32Mi
|
||||||
cpu: 10m
|
cpu: 10m
|
||||||
limits:
|
limits:
|
||||||
memory: 64Mi
|
memory: 64Mi
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-addons
|
name: kubezero-addons
|
||||||
description: KubeZero umbrella chart for various optional cluster addons
|
description: KubeZero umbrella chart for various optional cluster addons
|
||||||
type: application
|
type: application
|
||||||
version: 0.7.2
|
version: 0.7.3
|
||||||
appVersion: v1.24
|
appVersion: v1.24
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
@ -11,18 +11,14 @@ keywords:
|
|||||||
- fuse-device-plugin
|
- fuse-device-plugin
|
||||||
- neuron-device-plugin
|
- neuron-device-plugin
|
||||||
- nvidia-device-plugin
|
- nvidia-device-plugin
|
||||||
- aws-node-termination-handler
|
|
||||||
- cluster-autoscaler
|
- cluster-autoscaler
|
||||||
- sealed-secrets
|
- sealed-secrets
|
||||||
- external-dns
|
- external-dns
|
||||||
|
- aws-node-termination-handler
|
||||||
maintainers:
|
maintainers:
|
||||||
- name: Stefan Reimer
|
- name: Stefan Reimer
|
||||||
email: stefan@zero-downtime.net
|
email: stefan@zero-downtime.net
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: aws-node-termination-handler
|
|
||||||
version: 0.20.1
|
|
||||||
# repository: https://aws.github.io/eks-charts
|
|
||||||
condition: aws-node-termination-handler.enabled
|
|
||||||
- name: external-dns
|
- name: external-dns
|
||||||
version: 1.11.0
|
version: 1.11.0
|
||||||
repository: https://kubernetes-sigs.github.io/external-dns/
|
repository: https://kubernetes-sigs.github.io/external-dns/
|
||||||
@ -32,7 +28,7 @@ dependencies:
|
|||||||
repository: https://kubernetes.github.io/autoscaler
|
repository: https://kubernetes.github.io/autoscaler
|
||||||
condition: cluster-autoscaler.enabled
|
condition: cluster-autoscaler.enabled
|
||||||
- name: nvidia-device-plugin
|
- name: nvidia-device-plugin
|
||||||
version: 0.12.3
|
version: 0.13.0
|
||||||
# https://github.com/NVIDIA/k8s-device-plugin
|
# https://github.com/NVIDIA/k8s-device-plugin
|
||||||
repository: https://nvidia.github.io/k8s-device-plugin
|
repository: https://nvidia.github.io/k8s-device-plugin
|
||||||
condition: nvidia-device-plugin.enabled
|
condition: nvidia-device-plugin.enabled
|
||||||
@ -40,4 +36,12 @@ dependencies:
|
|||||||
version: 2.7.1
|
version: 2.7.1
|
||||||
repository: https://bitnami-labs.github.io/sealed-secrets
|
repository: https://bitnami-labs.github.io/sealed-secrets
|
||||||
condition: sealed-secrets.enabled
|
condition: sealed-secrets.enabled
|
||||||
|
- name: aws-node-termination-handler
|
||||||
|
version: 0.20.1
|
||||||
|
# repository: https://aws.github.io/eks-charts
|
||||||
|
condition: aws-node-termination-handler.enabled
|
||||||
|
- name: aws-eks-asg-rolling-update-handler
|
||||||
|
version: 1.2.7
|
||||||
|
# repository: https://twin.github.io/helm-charts
|
||||||
|
condition: aws-eks-asg-rolling-update-handler.enabled
|
||||||
kubeVersion: ">= 1.24.0"
|
kubeVersion: ">= 1.24.0"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-addons
|
# kubezero-addons
|
||||||
|
|
||||||
![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
|
![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for various optional cluster addons
|
KubeZero umbrella chart for various optional cluster addons
|
||||||
|
|
||||||
@ -18,11 +18,12 @@ Kubernetes: `>= 1.24.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
|
| | aws-eks-asg-rolling-update-handler | 1.2.7 |
|
||||||
| | aws-node-termination-handler | 0.20.1 |
|
| | aws-node-termination-handler | 0.20.1 |
|
||||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.1 |
|
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.1 |
|
||||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
|
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
|
||||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 |
|
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 |
|
||||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.12.3 |
|
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.13.0 |
|
||||||
|
|
||||||
# MetalLB
|
# MetalLB
|
||||||
|
|
||||||
@ -40,6 +41,34 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
|
| aws-eks-asg-rolling-update-handler.enabled | bool | `false` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[0].name | string | `"CLUSTER_NAME"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[0].value | string | `""` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[1].name | string | `"AWS_REGION"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[1].value | string | `"us-west-2"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[2].name | string | `"EXECUTION_INTERVAL"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[2].value | string | `"60"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[3].name | string | `"METRICS"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[3].value | string | `"true"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[4].name | string | `"EAGER_CORDONING"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[4].value | string | `"true"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[5].name | string | `"SLOW_MODE"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[5].value | string | `"true"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[6].name | string | `"AWS_ROLE_ARN"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[6].value | string | `""` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[7].name | string | `"AWS_WEB_IDENTITY_TOKEN_FILE"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[7].value | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/token"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[8].name | string | `"AWS_STS_REGIONAL_ENDPOINTS"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.environmentVars[8].value | string | `"regional"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.image.tag | string | `"v1.7.0"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.resources.limits.memory | string | `"128Mi"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.resources.requests.cpu | string | `"10m"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.resources.requests.memory | string | `"32Mi"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.tolerations[1].effect | string | `"NoSchedule"` | |
|
||||||
|
| aws-eks-asg-rolling-update-handler.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||||
| aws-node-termination-handler.deleteLocalData | bool | `true` | |
|
| aws-node-termination-handler.deleteLocalData | bool | `true` | |
|
||||||
| aws-node-termination-handler.emitKubernetesEvents | bool | `true` | |
|
| aws-node-termination-handler.emitKubernetesEvents | bool | `true` | |
|
||||||
| aws-node-termination-handler.enableProbesServer | bool | `true` | |
|
| aws-node-termination-handler.enableProbesServer | bool | `true` | |
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
description: Handles rolling upgrades for AWS ASGs for EKS by replacing outdated nodes
|
||||||
|
by new nodes.
|
||||||
|
home: https://github.com/TwiN/aws-eks-asg-rolling-update-handler
|
||||||
|
maintainers:
|
||||||
|
- name: TwiN
|
||||||
|
name: aws-eks-asg-rolling-update-handler
|
||||||
|
version: 1.2.7
|
@ -0,0 +1,31 @@
|
|||||||
|
{{/*
|
||||||
|
Create a default app name.
|
||||||
|
*/}}
|
||||||
|
{{- define "aws-eks-asg-rolling-update-handler.name" -}}
|
||||||
|
{{- .Chart.Name -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default namespace.
|
||||||
|
*/}}
|
||||||
|
{{- define "aws-eks-asg-rolling-update-handler.namespace" -}}
|
||||||
|
{{- .Release.Namespace -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "aws-eks-asg-rolling-update-handler.labels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "aws-eks-asg-rolling-update-handler.name" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use.
|
||||||
|
*/}}
|
||||||
|
{{- define "aws-eks-asg-rolling-update-handler.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
{{ default (include "aws-eks-asg-rolling-update-handler.name" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "aws-eks-asg-rolling-update-handler.name" . }}
|
||||||
|
labels:
|
||||||
|
{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ template "aws-eks-asg-rolling-update-handler.name" . }}
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }}
|
||||||
|
namespace: {{ template "aws-eks-asg-rolling-update-handler.namespace" . }}
|
@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ template "aws-eks-asg-rolling-update-handler.name" . }}
|
||||||
|
labels:
|
||||||
|
{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- "*"
|
||||||
|
resources:
|
||||||
|
- "*"
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- "*"
|
||||||
|
resources:
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- "*"
|
||||||
|
resources:
|
||||||
|
- pods/eviction
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- "*"
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
@ -0,0 +1,56 @@
|
|||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ template "aws-eks-asg-rolling-update-handler.name" . }}
|
||||||
|
namespace: {{ template "aws-eks-asg-rolling-update-handler.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.replicaCount }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 8 }}
|
||||||
|
spec:
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
serviceAccountName: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }}
|
||||||
|
restartPolicy: Always
|
||||||
|
dnsPolicy: Default
|
||||||
|
containers:
|
||||||
|
- name: {{ template "aws-eks-asg-rolling-update-handler.name" . }}
|
||||||
|
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
env:
|
||||||
|
{{- toYaml .Values.environmentVars | nindent 12 }}
|
||||||
|
{{- with .Values.resources }}
|
||||||
|
resources:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: aws-token
|
||||||
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: aws-token
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- serviceAccountToken:
|
||||||
|
path: token
|
||||||
|
expirationSeconds: 86400
|
||||||
|
audience: "sts.amazonaws.com"
|
||||||
|
{{- with .Values.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,13 @@
|
|||||||
|
{{ if .Values.serviceAccount.create }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }}
|
||||||
|
namespace: {{ template "aws-eks-asg-rolling-update-handler.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{ end }}
|
@ -0,0 +1,28 @@
|
|||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
image:
|
||||||
|
repository: twinproduction/aws-eks-asg-rolling-update-handler
|
||||||
|
tag: v1.4.3
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
#imagePullSecrets:
|
||||||
|
#- imagePullSecret
|
||||||
|
|
||||||
|
environmentVars:
|
||||||
|
- name: CLUSTER_NAME
|
||||||
|
value: "cluster-name" # REPLACE THIS WITH THE NAME OF YOUR EKS CLUSTER
|
||||||
|
#- name: AUTO_SCALING_GROUP_NAMES
|
||||||
|
# value: "asg-1,asg-2,asg-3" # REPLACE THESE VALUES FOR THE NAMES OF THE ASGs, if CLUSTER_NAME is provided, this is ignored
|
||||||
|
#- name: IGNORE_DAEMON_SETS
|
||||||
|
# value: "true"
|
||||||
|
#- name: DELETE_LOCAL_DATA
|
||||||
|
# value: "true"
|
||||||
|
#- name: AWS_REGION
|
||||||
|
# value: us-west-2
|
||||||
|
#- name: ENVIRONMENT
|
||||||
|
# value: ""
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
create: true
|
||||||
|
#name: aws-eks-asg-rolling-update-handler
|
||||||
|
annotations: {}
|
36
charts/kubezero-addons/ruh.patch
Normal file
36
charts/kubezero-addons/ruh.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
diff -tuNr charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml
|
||||||
|
--- charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml 2022-12-16 13:10:26.049272371 +0000
|
||||||
|
+++ charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml 2022-12-16 15:56:00.880666339 +0000
|
||||||
|
@@ -25,7 +25,31 @@
|
||||||
|
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
env:
|
||||||
|
-{{- toYaml .Values.environmentVars | nindent 12 }}
|
||||||
|
+ {{- toYaml .Values.environmentVars | nindent 12 }}
|
||||||
|
+ {{- with .Values.resources }}
|
||||||
|
+ resources:
|
||||||
|
+ {{- toYaml . | nindent 12 }}
|
||||||
|
+ {{- end }}
|
||||||
|
+ volumeMounts:
|
||||||
|
+ - name: aws-token
|
||||||
|
+ mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||||
|
+ readOnly: true
|
||||||
|
+ volumes:
|
||||||
|
+ - name: aws-token
|
||||||
|
+ projected:
|
||||||
|
+ sources:
|
||||||
|
+ - serviceAccountToken:
|
||||||
|
+ path: token
|
||||||
|
+ expirationSeconds: 86400
|
||||||
|
+ audience: "sts.amazonaws.com"
|
||||||
|
+ {{- with .Values.nodeSelector }}
|
||||||
|
+ nodeSelector:
|
||||||
|
+ {{- toYaml . | nindent 8 }}
|
||||||
|
+ {{- end }}
|
||||||
|
+ {{- with .Values.tolerations }}
|
||||||
|
+ tolerations:
|
||||||
|
+ {{- toYaml . | nindent 8 }}
|
||||||
|
+ {{- end }}
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
@ -4,6 +4,7 @@ set -ex
|
|||||||
helm repo update
|
helm repo update
|
||||||
|
|
||||||
NTH_VERSION=$(yq eval '.dependencies[] | select(.name=="aws-node-termination-handler") | .version' Chart.yaml)
|
NTH_VERSION=$(yq eval '.dependencies[] | select(.name=="aws-node-termination-handler") | .version' Chart.yaml)
|
||||||
|
RUH_VERSION=$(yq eval '.dependencies[] | select(.name=="aws-eks-asg-rolling-update-handler") | .version' Chart.yaml)
|
||||||
|
|
||||||
rm -rf charts/aws-node-termination-handler
|
rm -rf charts/aws-node-termination-handler
|
||||||
helm pull eks/aws-node-termination-handler --untar --untardir charts --version $NTH_VERSION
|
helm pull eks/aws-node-termination-handler --untar --untardir charts --version $NTH_VERSION
|
||||||
@ -11,4 +12,8 @@ helm pull eks/aws-node-termination-handler --untar --untardir charts --version $
|
|||||||
# diff -tuNr charts/aws-node-termination-handler.orig charts/aws-node-termination-handler > nth.patch
|
# diff -tuNr charts/aws-node-termination-handler.orig charts/aws-node-termination-handler > nth.patch
|
||||||
patch -p0 -i nth.patch --no-backup-if-mismatch
|
patch -p0 -i nth.patch --no-backup-if-mismatch
|
||||||
|
|
||||||
|
rm -rf charts/aws-eks-asg-rolling-update-handler
|
||||||
|
helm pull twin/aws-eks-asg-rolling-update-handler --untar --untardir charts --version $RUH_VERSION
|
||||||
|
patch -p0 -i ruh.patch --no-backup-if-mismatch
|
||||||
|
|
||||||
helm dep update
|
helm dep update
|
||||||
|
@ -52,6 +52,47 @@ sealed-secrets:
|
|||||||
- key: node-role.kubernetes.io/control-plane
|
- key: node-role.kubernetes.io/control-plane
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
|
||||||
|
aws-eks-asg-rolling-update-handler:
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
tag: v1.7.0
|
||||||
|
|
||||||
|
environmentVars:
|
||||||
|
- name: CLUSTER_NAME
|
||||||
|
value: ""
|
||||||
|
- name: AWS_REGION
|
||||||
|
value: us-west-2
|
||||||
|
- name: EXECUTION_INTERVAL
|
||||||
|
value: "60"
|
||||||
|
- name: METRICS
|
||||||
|
value: "true"
|
||||||
|
- name: EAGER_CORDONING
|
||||||
|
value: "true"
|
||||||
|
# Only disable if all services have PDBs across AZs
|
||||||
|
- name: SLOW_MODE
|
||||||
|
value: "true"
|
||||||
|
- name: AWS_ROLE_ARN
|
||||||
|
value: ""
|
||||||
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||||
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||||
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||||
|
value: "regional"
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 32Mi
|
||||||
|
limits:
|
||||||
|
memory: 128Mi
|
||||||
|
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
effect: NoSchedule
|
||||||
|
|
||||||
aws-node-termination-handler:
|
aws-node-termination-handler:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
description: KubeZero ArgoCD - config, branding, image-updater (optional)
|
description: KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||||
name: kubezero-argocd
|
name: kubezero-argocd
|
||||||
version: 0.11.1
|
version: 0.11.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -17,10 +17,10 @@ dependencies:
|
|||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: argo-cd
|
- name: argo-cd
|
||||||
version: 5.16.1
|
version: 5.16.10
|
||||||
repository: https://argoproj.github.io/argo-helm
|
repository: https://argoproj.github.io/argo-helm
|
||||||
- name: argocd-apps
|
- name: argocd-apps
|
||||||
version: 0.0.4
|
version: 0.0.6
|
||||||
repository: https://argoproj.github.io/argo-helm
|
repository: https://argoproj.github.io/argo-helm
|
||||||
- name: argocd-image-updater
|
- name: argocd-image-updater
|
||||||
version: 0.8.1
|
version: 0.8.1
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-argocd
|
# kubezero-argocd
|
||||||
|
|
||||||
![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square)
|
![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero ArgoCD - config, branding, image-updater (optional)
|
KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||||
|
|
||||||
@ -18,8 +18,8 @@ Kubernetes: `>= 1.24.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://argoproj.github.io/argo-helm | argo-cd | 5.16.1 |
|
| https://argoproj.github.io/argo-helm | argo-cd | 5.16.10 |
|
||||||
| https://argoproj.github.io/argo-helm | argocd-apps | 0.0.4 |
|
| https://argoproj.github.io/argo-helm | argocd-apps | 0.0.6 |
|
||||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.8.1 |
|
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.8.1 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
|
|
||||||
@ -36,16 +36,16 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.24"` | |
|
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.24"` | |
|
||||||
| argo-cd.configs.cm.url | string | `"argocd.example.com"` | |
|
| argo-cd.configs.cm.url | string | `"argocd.example.com"` | |
|
||||||
| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | |
|
| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | |
|
||||||
| argo-cd.configs.metrics.enabled | bool | `false` | |
|
|
||||||
| argo-cd.configs.metrics.serviceMonitor.enabled | bool | `true` | |
|
|
||||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||||
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
||||||
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
|
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
|
||||||
| argo-cd.configs.params."server.insecure" | bool | `true` | |
|
| argo-cd.configs.params."server.insecure" | bool | `true` | |
|
||||||
| argo-cd.configs.resources.requests.cpu | string | `"100m"` | |
|
|
||||||
| argo-cd.configs.resources.requests.memory | string | `"256Mi"` | |
|
|
||||||
| argo-cd.configs.secret.createSecret | bool | `false` | |
|
| argo-cd.configs.secret.createSecret | bool | `false` | |
|
||||||
| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | |
|
| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | |
|
||||||
|
| argo-cd.controller.metrics.enabled | bool | `false` | |
|
||||||
|
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
|
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
||||||
|
| argo-cd.controller.resources.requests.memory | string | `"256Mi"` | |
|
||||||
| argo-cd.dex.enabled | bool | `false` | |
|
| argo-cd.dex.enabled | bool | `false` | |
|
||||||
| argo-cd.global.logging.format | string | `"json"` | |
|
| argo-cd.global.logging.format | string | `"json"` | |
|
||||||
| argo-cd.notifications.enabled | bool | `false` | |
|
| argo-cd.notifications.enabled | bool | `false` | |
|
||||||
|
@ -86,6 +86,7 @@ argo-cd:
|
|||||||
server.insecure: true
|
server.insecure: true
|
||||||
server.enable.gzip: true
|
server.enable.gzip: true
|
||||||
|
|
||||||
|
controller:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-ci
|
name: kubezero-ci
|
||||||
description: KubeZero umbrella chart for all things CI
|
description: KubeZero umbrella chart for all things CI
|
||||||
type: application
|
type: application
|
||||||
version: 0.5.23
|
version: 0.5.24
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -22,7 +22,7 @@ dependencies:
|
|||||||
repository: https://gocd.github.io/helm-chart
|
repository: https://gocd.github.io/helm-chart
|
||||||
condition: gocd.enabled
|
condition: gocd.enabled
|
||||||
- name: gitea
|
- name: gitea
|
||||||
version: 6.0.3
|
version: 6.0.5
|
||||||
repository: https://dl.gitea.io/charts/
|
repository: https://dl.gitea.io/charts/
|
||||||
condition: gitea.enabled
|
condition: gitea.enabled
|
||||||
- name: jenkins
|
- name: jenkins
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-ci
|
# kubezero-ci
|
||||||
|
|
||||||
![Version: 0.5.20](https://img.shields.io/badge/Version-0.5.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.5.24](https://img.shields.io/badge/Version-0.5.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things CI
|
KubeZero umbrella chart for all things CI
|
||||||
|
|
||||||
@ -20,8 +20,8 @@ Kubernetes: `>= 1.20.0`
|
|||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 |
|
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://charts.jenkins.io | jenkins | 4.2.13 |
|
| https://charts.jenkins.io | jenkins | 4.2.17 |
|
||||||
| https://dl.gitea.io/charts/ | gitea | 6.0.3 |
|
| https://dl.gitea.io/charts/ | gitea | 6.0.5 |
|
||||||
| https://gocd.github.io/helm-chart | gocd | 1.40.8 |
|
| https://gocd.github.io/helm-chart | gocd | 1.40.8 |
|
||||||
|
|
||||||
# Jenkins
|
# Jenkins
|
||||||
@ -52,9 +52,8 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| gitea.gitea.config.database.DB_TYPE | string | `"sqlite3"` | |
|
| gitea.gitea.config.database.DB_TYPE | string | `"sqlite3"` | |
|
||||||
| gitea.gitea.demo | bool | `false` | |
|
| gitea.gitea.demo | bool | `false` | |
|
||||||
| gitea.gitea.metrics.enabled | bool | `false` | |
|
| gitea.gitea.metrics.enabled | bool | `false` | |
|
||||||
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | |
|
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
| gitea.image.rootless | bool | `true` | |
|
| gitea.image.rootless | bool | `true` | |
|
||||||
| gitea.image.tag | string | `"1.17.3"` | |
|
|
||||||
| gitea.istio.enabled | bool | `false` | |
|
| gitea.istio.enabled | bool | `false` | |
|
||||||
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||||
| gitea.istio.url | string | `"git.example.com"` | |
|
| gitea.istio.url | string | `"git.example.com"` | |
|
||||||
@ -64,6 +63,9 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| gitea.persistence.enabled | bool | `true` | |
|
| gitea.persistence.enabled | bool | `true` | |
|
||||||
| gitea.persistence.size | string | `"4Gi"` | |
|
| gitea.persistence.size | string | `"4Gi"` | |
|
||||||
| gitea.postgresql.enabled | bool | `false` | |
|
| gitea.postgresql.enabled | bool | `false` | |
|
||||||
|
| gitea.resources.limits.memory | string | `"2048Mi"` | |
|
||||||
|
| gitea.resources.requests.cpu | string | `"150m"` | |
|
||||||
|
| gitea.resources.requests.memory | string | `"320Mi"` | |
|
||||||
| gitea.securityContext.allowPrivilegeEscalation | bool | `false` | |
|
| gitea.securityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||||
| gitea.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` | |
|
| gitea.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` | |
|
||||||
| gitea.securityContext.capabilities.drop[0] | string | `"ALL"` | |
|
| gitea.securityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||||
@ -76,39 +78,36 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| jenkins.agent.annotations."container.apparmor.security.beta.kubernetes.io/jnlp" | string | `"unconfined"` | |
|
| jenkins.agent.annotations."container.apparmor.security.beta.kubernetes.io/jnlp" | string | `"unconfined"` | |
|
||||||
| jenkins.agent.containerCap | int | `2` | |
|
| jenkins.agent.containerCap | int | `2` | |
|
||||||
| jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | |
|
| jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | |
|
||||||
| jenkins.agent.idleMinutes | int | `10` | |
|
| jenkins.agent.idleMinutes | int | `15` | |
|
||||||
| jenkins.agent.image | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | |
|
| jenkins.agent.image | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | |
|
||||||
| jenkins.agent.podName | string | `"podman-aws"` | |
|
| jenkins.agent.podName | string | `"podman-aws"` | |
|
||||||
| jenkins.agent.podRetention | string | `"Default"` | |
|
| jenkins.agent.podRetention | string | `"Default"` | |
|
||||||
| jenkins.agent.resources.limits.cpu | string | `"4"` | |
|
|
||||||
| jenkins.agent.resources.limits.memory | string | `"6144Mi"` | |
|
|
||||||
| jenkins.agent.resources.requests.cpu | string | `"512m"` | |
|
|
||||||
| jenkins.agent.resources.requests.memory | string | `"1024Mi"` | |
|
|
||||||
| jenkins.agent.showRawYaml | bool | `false` | |
|
| jenkins.agent.showRawYaml | bool | `false` | |
|
||||||
| jenkins.agent.tag | string | `"v0.4.1"` | |
|
| jenkins.agent.tag | string | `"v0.4.1"` | |
|
||||||
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
|
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
|
||||||
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
|
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
|
||||||
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
|
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
|
||||||
| jenkins.controller.disableRememberMe | bool | `true` | |
|
| jenkins.controller.disableRememberMe | bool | `true` | |
|
||||||
| jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | |
|
| jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | |
|
||||||
| jenkins.controller.initContainerResources.limits.cpu | string | `"1000m"` | |
|
|
||||||
| jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | |
|
| jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | |
|
||||||
| jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | |
|
| jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | |
|
||||||
| jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | |
|
| jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | |
|
||||||
| jenkins.controller.installPlugins[0] | string | `"kubernetes:3734.v562b_b_a_627ea_c"` | |
|
| jenkins.controller.installPlugins[0] | string | `"kubernetes:3743.v1fa_4c724c3b_7"` | |
|
||||||
|
| jenkins.controller.installPlugins[10] | string | `"build-discarder:139.v05696a_7fe240"` | |
|
||||||
|
| jenkins.controller.installPlugins[11] | string | `"dark-theme:262.v0202a_4c8fb_6a"` | |
|
||||||
|
| jenkins.controller.installPlugins[12] | string | `"kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b"` | |
|
||||||
| jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | |
|
| jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | |
|
||||||
| jenkins.controller.installPlugins[2] | string | `"git:4.14.2"` | |
|
| jenkins.controller.installPlugins[2] | string | `"git:4.14.3"` | |
|
||||||
| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1569.vb_72405b_80249"` | |
|
| jenkins.controller.installPlugins[3] | string | `"basic-branch-build-strategies:71.vc1421f89888e"` | |
|
||||||
| jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | |
|
| jenkins.controller.installPlugins[4] | string | `"pipeline-graph-view:144.vf3924feb_7e35"` | |
|
||||||
| jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | |
|
| jenkins.controller.installPlugins[5] | string | `"pipeline-stage-view:2.28"` | |
|
||||||
| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | |
|
| jenkins.controller.installPlugins[6] | string | `"configuration-as-code:1569.vb_72405b_80249"` | |
|
||||||
| jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | |
|
| jenkins.controller.installPlugins[7] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | |
|
||||||
| jenkins.controller.installPlugins[8] | string | `"dark-theme:262.v0202a_4c8fb_6a"` | |
|
| jenkins.controller.installPlugins[8] | string | `"prometheus:2.0.11"` | |
|
||||||
| jenkins.controller.installPlugins[9] | string | `"kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b"` | |
|
| jenkins.controller.installPlugins[9] | string | `"htmlpublisher:1.31"` | |
|
||||||
| jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` | |
|
| jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` | |
|
||||||
| jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=180 --sessionEviction=3600"` | |
|
| jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=180 --sessionEviction=3600"` | |
|
||||||
| jenkins.controller.prometheus.enabled | bool | `false` | |
|
| jenkins.controller.prometheus.enabled | bool | `false` | |
|
||||||
| jenkins.controller.resources.limits.cpu | string | `"2000m"` | |
|
|
||||||
| jenkins.controller.resources.limits.memory | string | `"4096Mi"` | |
|
| jenkins.controller.resources.limits.memory | string | `"4096Mi"` | |
|
||||||
| jenkins.controller.resources.requests.cpu | string | `"250m"` | |
|
| jenkins.controller.resources.requests.cpu | string | `"250m"` | |
|
||||||
| jenkins.controller.resources.requests.memory | string | `"1280Mi"` | |
|
| jenkins.controller.resources.requests.memory | string | `"1280Mi"` | |
|
||||||
@ -129,7 +128,7 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| jenkins.serviceAccountAgent.create | bool | `true` | |
|
| jenkins.serviceAccountAgent.create | bool | `true` | |
|
||||||
| jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | |
|
| jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | |
|
||||||
| trivy.enabled | bool | `false` | |
|
| trivy.enabled | bool | `false` | |
|
||||||
| trivy.image.tag | string | `"0.34.0"` | |
|
| trivy.image.tag | string | `"0.35.0"` | |
|
||||||
| trivy.persistence.enabled | bool | `true` | |
|
| trivy.persistence.enabled | bool | `true` | |
|
||||||
| trivy.persistence.size | string | `"1Gi"` | |
|
| trivy.persistence.size | string | `"1Gi"` | |
|
||||||
| trivy.rbac.create | bool | `false` | |
|
| trivy.rbac.create | bool | `false` | |
|
||||||
|
9
charts/kubezero-ci/dashboard-gitea.yaml
Normal file
9
charts/kubezero-ci/dashboard-gitea.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
configmap: grafana-dashboards
|
||||||
|
gzip: true
|
||||||
|
condition: '.Values.gitea.gitea.metrics.enabled'
|
||||||
|
folder: KubeZero
|
||||||
|
dashboards:
|
||||||
|
- name: Gitea
|
||||||
|
url: https://grafana.com/api/dashboards/13192/revisions/1/download
|
||||||
|
tags:
|
||||||
|
- CI
|
15
charts/kubezero-ci/templates/gitea/grafana-dashboard.yaml
Normal file
15
charts/kubezero-ci/templates/gitea/grafana-dashboard.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{{- if .Values.gitea.gitea.metrics.enabled }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" (include "kubezero-lib.fullname" $) "grafana-dashboards" | trunc 63 | trimSuffix "-" }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
grafana_dashboard: "1"
|
||||||
|
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
k8s-sidecar-target-directory: KubeZero
|
||||||
|
binaryData:
|
||||||
|
Gitea.json.gz:
|
||||||
|
H4sIAAAAAAAC/+1cW2/bNhR+z68QhGLYgDSwnMRJC+whS5cuaG5I2vVhDQxKomU2FKmSVBw38H8fSd2oixNjSBqrY4G61jmSeK7fR4ku7zccxx2PEUlSwd23zj/y2HHu9afUEBBDKXXfXY0vLs9P//z415+frtzNQo2BD7HSXzAaQzGFKa+UIeQBQ4lAlKhTKoWYJ/qmIRCA05QFsNIlOI0QOQ6VPum4aaY/y80yhtUnLOTn9WbmEoPfUsRgh1PF+BEDE0BAdXMUdoqLILxvKm4h47l3o629re3ciM3u4RJAZLDagyXTzqFMsTHQw2N0hRQtDSZph7FrSG9rsDX4D75xAUR7sKuatO1ZmUJACJXnSq3KYTakixEXZUYrQ6Tm1asp4NMPcK7uRf2vMBBvh4O93XIseY6fIiyO1WieITWC1h0MeQ4kwMdKL1gKDfkUhR1SFFBySDFl6oYs8sGvg01n6HnyY3d30/F+M29dBOag8tf5xTnAkImaCVWO+dSngIVurlvof6838vQ0G++UEiQoc94jAYHDIZMx1/d1YYhEwy03IlDo9vO2vTfDTKSK8SOlWKBEKgZaqFNMUoz1EUbkRndaljpdDh2dBzACXAdGp3RRloEPtGQCMIcVgEhHTyCJxFSZM6jJYdfpj6TRnSCMzdxrgWy1EEGiqmq3VEQMhRe0qrss1/JwZCRkJo/3jeO7Ijj5sarEQZGj8tayYkJIriBDHT7oqG5XBmIYQRLWzQC3UfM6KQ1SxjIvmpoY3HVJEemQ8imddYiFLEzcIb8FOK28aLkqq0Jrze7QwhkKdVKrnKpKuqCIiFOqG0oLqszRpI4DZcJPysJrjZ5AWQpEgAi2wpyxyN9N+K70yhJVF6m697Aub2dNBj6EDOpun2BqwBvXaT6XHScLClYdkikTEMCuApfAGdy0RuECJgkMpcdthwRgETQIvI6NqtXvEpbTQAA5l+zIpUFEjGMYUzYf+3MB+f1X6v/+xY0UUHxxFwb4qNIkQkKHLgO3rsmK9IiyGIi2lsFJRucHbile5N+qWIiptGhKcdiIkUAxPJKtbIBNKb+EUV4UjQuupmgi2lcIjXTuZe66k7luzEtKiLs3OwIwGLYhnlMmGv2uu2FcwDQiIbpFYSoj1ipNWVtEZj9v2Fp7GJMTcwZwB+5Qo/z9NLjJcm76qVo7byEVig6iaZydt3zDvbKzOxprDu7gA6U2KQtB3pqJRq3kM8a6EUpBoz8Ah3VqLtGrdXoGXy2x4UxVbJs9sbPVFPN20iWDRl3AreUn8LY0ujY3aE7bfn4e3n8KHh5aHrY8/Lw8HCTpmEP5uBDysc7uIxwsTeoqrp+Jnw8vPjk16rLEbInZEvNPQsze6CmYedsys2Xm52VmmkAynoQPPxRXUKUwfZw58xScXWiOQCD0a0Svz5R+LmPpHL27spRuKf3/RumPs+5SLt1pcOnokZfNo1b5aLYcPkwSgZpuFKSia9Es5AmCODzvuE5dCXBQL848n1ycUXGm+MnQXNeyEsIJSLFo3lNnN0kQieog04VZ9euMZgQ+pzgV0N1snqEYom1xs1zrocnWXNjNa78eGuO8LGq1Yqj+LBqS641l2kUtQrSTE5fPKmrXZ5hWThUoqSX1a8oFmswLtZoE5GtCxdhMzfhAsYQEUkHbyPrYHGFlytXcOgaB4t02fT7rY+0DXPcwpZ2lsQ+ZQyfOQdPuklf0AuiPBoXRaqDg7VtUsKiw/qjAYEK5Wr9G/UOGyy7bXxYdvOGKc4YdCw8WHtYfHlL5yN07XPhUM/qFAWF/NUDYtXhg8WD98QBxnvZvonBct/rHIsLOI28VvMGSJwjPQsKTQMIcYkxnFhSe8c1CVma9e7FQN/tlYWFnVVgYWFiwsNAHWNDrDr1DhZO61S8LCvsrgsLQzhUsKPQCFCiLAEHfQS9nDOedxr8sRLTeOC6dOIwsRliM6ANGyL9x77DhY83oF8aE0YqYYBcpLST0AhImVAW4d6Bw1DD7ZWFhuOqrx6F9x2BxoRe4kKQ+RsENnPcOGi605R9My9dsXWJnyXPEngWHJwGHJGUJtouVzwcOso369+OFq5rRa7YmsQwS7K+ZLCT0AhJm0J9SetM7VPjctHvN1iWWAcMbCwwWGPrxO2gMAe/jb6Abdq/basQSZLAPERYYegEMAY1jSETvgOGwafe6LUksAYZtCwwWGPoADDHCkAtK+jdnOG1bvm4LE0vAYWj/m4RFh368aAAimPYPGj43zO7ChXIHaWmWKmGl3h5k17hcXh6DKozDbI9jLuYYFtWXnSlAVEXTPTx2y/sKGCdYpotE7Y2pq22Y9ZYgpX6SOS6LY/baKzYbcWWiM5lbuyxRS0asujh3ZFzkx8xy6Zo+8OLq+67x3TMPtgemxtj5ZGh89/L9pesOfad6bx3XZ3TGi32kyzzpLaYzWZrtAU7OvnnHs9333zPpLWBI7TjNHwpctSf43sbiX1mpsRuhXgAA
|
||||||
|
{{- end }}
|
@ -3,4 +3,5 @@
|
|||||||
helm dep update
|
helm dep update
|
||||||
|
|
||||||
# Create ZDT dashboard configmap
|
# Create ZDT dashboard configmap
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboard-jenkins.yaml templates/jenkins/grafana-dashboard.yaml
|
||||||
|
../kubezero-metrics/sync_grafana_dashboards.py dashboard-gitea.yaml templates/gitea/grafana-dashboard.yaml
|
||||||
|
@ -17,7 +17,7 @@ gitea:
|
|||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
image:
|
image:
|
||||||
tag: 1.17.3
|
#tag: 1.17.4
|
||||||
rootless: true
|
rootless: true
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
@ -49,7 +49,7 @@ gitea:
|
|||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: true
|
||||||
|
|
||||||
config:
|
config:
|
||||||
database:
|
database:
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-metrics
|
name: kubezero-metrics
|
||||||
description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
||||||
type: application
|
type: application
|
||||||
version: 0.8.8
|
version: 0.8.9
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -19,11 +19,11 @@ dependencies:
|
|||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
||||||
- name: kube-prometheus-stack
|
- name: kube-prometheus-stack
|
||||||
version: 42.2.1
|
version: 43.2.0
|
||||||
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
# Switch back to upstream once all alerts are fixed eg. etcd gpcr
|
||||||
# repository: https://prometheus-community.github.io/helm-charts
|
# repository: https://prometheus-community.github.io/helm-charts
|
||||||
- name: prometheus-adapter
|
- name: prometheus-adapter
|
||||||
version: 3.4.2
|
version: 3.5.0
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
condition: prometheus-adapter.enabled
|
condition: prometheus-adapter.enabled
|
||||||
- name: prometheus-pushgateway
|
- name: prometheus-pushgateway
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-metrics
|
# kubezero-metrics
|
||||||
|
|
||||||
![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.8.9](https://img.shields.io/badge/Version-0.8.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
|
||||||
|
|
||||||
@ -18,9 +18,9 @@ Kubernetes: `>= 1.24.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | kube-prometheus-stack | 42.2.1 |
|
| | kube-prometheus-stack | 43.2.0 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.4.2 |
|
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.5.0 |
|
||||||
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.0.2 |
|
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.0.2 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
@ -87,15 +87,15 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| kube-prometheus-stack.alertmanager.config.inhibit_rules[2].equal[0] | string | `"namespace"` | |
|
| kube-prometheus-stack.alertmanager.config.inhibit_rules[2].equal[0] | string | `"namespace"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.inhibit_rules[2].source_matchers[0] | string | `"alertname = InfoInhibitor"` | |
|
| kube-prometheus-stack.alertmanager.config.inhibit_rules[2].source_matchers[0] | string | `"alertname = InfoInhibitor"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.inhibit_rules[2].target_matchers[0] | string | `"severity = info"` | |
|
| kube-prometheus-stack.alertmanager.config.inhibit_rules[2].target_matchers[0] | string | `"severity = info"` | |
|
||||||
|
| kube-prometheus-stack.alertmanager.config.inhibit_rules[3].source_matchers[0] | string | `"alertname = ClusterAutoscalerNodeGroupsEnabled"` | |
|
||||||
|
| kube-prometheus-stack.alertmanager.config.inhibit_rules[3].target_matchers[0] | string | `"alertname =~ \"KubeCPUOvercommit|KubeMemoryOvercommit\""` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.group_by[0] | string | `"severity"` | |
|
| kube-prometheus-stack.alertmanager.config.route.group_by[0] | string | `"severity"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.group_by[1] | string | `"clusterName"` | |
|
| kube-prometheus-stack.alertmanager.config.route.group_by[1] | string | `"clusterName"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.group_interval | string | `"5m"` | |
|
| kube-prometheus-stack.alertmanager.config.route.group_interval | string | `"5m"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.group_wait | string | `"30s"` | |
|
| kube-prometheus-stack.alertmanager.config.route.group_wait | string | `"10s"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.repeat_interval | string | `"6h"` | |
|
| kube-prometheus-stack.alertmanager.config.route.repeat_interval | string | `"4h"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.routes[0].matchers[0] | string | `"alertname = Watchdog"` | |
|
| kube-prometheus-stack.alertmanager.config.route.routes[0].matchers[0] | string | `"severity = none"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.routes[0].receiver | string | `"null"` | |
|
| kube-prometheus-stack.alertmanager.config.route.routes[0].receiver | string | `"null"` | |
|
||||||
| kube-prometheus-stack.alertmanager.config.route.routes[1].matchers[0] | string | `"alertname = InfoInhibitor"` | |
|
|
||||||
| kube-prometheus-stack.alertmanager.config.route.routes[1].receiver | string | `"null"` | |
|
|
||||||
| kube-prometheus-stack.alertmanager.enabled | bool | `false` | |
|
| kube-prometheus-stack.alertmanager.enabled | bool | `false` | |
|
||||||
| kube-prometheus-stack.coreDns.enabled | bool | `true` | |
|
| kube-prometheus-stack.coreDns.enabled | bool | `true` | |
|
||||||
| kube-prometheus-stack.defaultRules.create | bool | `false` | |
|
| kube-prometheus-stack.defaultRules.create | bool | `false` | |
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
annotations:
|
annotations:
|
||||||
|
artifacthub.io/license: Apache-2.0
|
||||||
artifacthub.io/links: |
|
artifacthub.io/links: |
|
||||||
- name: Chart Source
|
- name: Chart Source
|
||||||
url: https://github.com/prometheus-community/helm-charts
|
url: https://github.com/prometheus-community/helm-charts
|
||||||
@ -6,7 +7,7 @@ annotations:
|
|||||||
url: https://github.com/prometheus-operator/kube-prometheus
|
url: https://github.com/prometheus-operator/kube-prometheus
|
||||||
artifacthub.io/operator: "true"
|
artifacthub.io/operator: "true"
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.60.1
|
appVersion: 0.61.1
|
||||||
dependencies:
|
dependencies:
|
||||||
- condition: kubeStateMetrics.enabled
|
- condition: kubeStateMetrics.enabled
|
||||||
name: kube-state-metrics
|
name: kube-state-metrics
|
||||||
@ -19,7 +20,7 @@ dependencies:
|
|||||||
- condition: grafana.enabled
|
- condition: grafana.enabled
|
||||||
name: grafana
|
name: grafana
|
||||||
repository: https://grafana.github.io/helm-charts
|
repository: https://grafana.github.io/helm-charts
|
||||||
version: 6.45.*
|
version: 6.48.*
|
||||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
||||||
and Prometheus rules combined with documentation and scripts to provide easy to
|
and Prometheus rules combined with documentation and scripts to provide easy to
|
||||||
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
||||||
@ -51,4 +52,4 @@ sources:
|
|||||||
- https://github.com/prometheus-community/helm-charts
|
- https://github.com/prometheus-community/helm-charts
|
||||||
- https://github.com/prometheus-operator/kube-prometheus
|
- https://github.com/prometheus-operator/kube-prometheus
|
||||||
type: application
|
type: application
|
||||||
version: 42.2.1
|
version: 43.2.0
|
||||||
|
@ -80,6 +80,23 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
|
|||||||
|
|
||||||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
|
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
|
||||||
|
|
||||||
|
### From 42.x to 43.x
|
||||||
|
|
||||||
|
This version upgrades Prometheus-Operator to v0.61.1, Prometheus to v2.40.5 and Thanos to v0.29.0.
|
||||||
|
|
||||||
|
Run these commands to update the CRDs before applying the upgrade.
|
||||||
|
|
||||||
|
```console
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
||||||
|
kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
|
||||||
|
```
|
||||||
|
|
||||||
### From 41.x to 42.x
|
### From 41.x to 42.x
|
||||||
|
|
||||||
This includes the overridability of container registry for all containers at the global level using `global.imageRegistry` or per container image. The defaults have not changed but if you were using a custom image, you will have to override the registry of said custom container image before you upgrade.
|
This includes the overridability of container registry for all containers at the global level using `global.imageRegistry` or per container image. The defaults have not changed but if you were using a custom image, you will have to override the registry of said custom container image before you upgrade.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 9.3.0
|
appVersion: 9.3.1
|
||||||
description: The leading tool for querying and visualizing time series and metrics.
|
description: The leading tool for querying and visualizing time series and metrics.
|
||||||
home: https://grafana.net
|
home: https://grafana.net
|
||||||
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
|
||||||
@ -19,4 +19,4 @@ name: grafana
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/grafana/grafana
|
- https://github.com/grafana/grafana
|
||||||
type: application
|
type: application
|
||||||
version: 6.45.0
|
version: 6.48.0
|
||||||
|
@ -179,6 +179,8 @@ This version requires Helm >= 3.1.0.
|
|||||||
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
|
||||||
| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
|
| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` |
|
||||||
| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
|
| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
|
||||||
|
| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` |
|
||||||
|
| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
|
||||||
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
|
||||||
| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
|
| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
|
||||||
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
|
||||||
|
@ -141,6 +141,17 @@ Return the appropriate apiVersion for ingress.
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
|
||||||
|
*/}}
|
||||||
|
{{- define "grafana.hpa.apiVersion" -}}
|
||||||
|
{{- if semverCompare "<1.23-0" .Capabilities.KubeVersion.Version }}
|
||||||
|
{{- print "autoscaling/v2beta1" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- print "autoscaling/v2" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Return the appropriate apiVersion for podDisruptionBudget.
|
Return the appropriate apiVersion for podDisruptionBudget.
|
||||||
*/}}
|
*/}}
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{{- define "grafana.pod" -}}
|
{{- define "grafana.pod" -}}
|
||||||
|
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||||
{{- $root := . -}}
|
{{- $root := . -}}
|
||||||
{{- with .Values.schedulerName }}
|
{{- with .Values.schedulerName }}
|
||||||
schedulerName: "{{ . }}"
|
schedulerName: "{{ . }}"
|
||||||
@ -384,6 +385,26 @@ containers:
|
|||||||
- name: SCRIPT
|
- name: SCRIPT
|
||||||
value: "{{ . }}"
|
value: "{{ . }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||||
|
- name: REQ_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
||||||
|
key: {{ .Values.admin.userKey | default "admin-user" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
|
||||||
|
- name: REQ_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
|
||||||
|
key: {{ .Values.admin.passwordKey | default "admin-password" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.sidecar.dashboards.skipReload }}
|
||||||
|
- name: REQ_URL
|
||||||
|
value: {{ .Values.sidecar.dashboards.reloadURL }}
|
||||||
|
- name: REQ_METHOD
|
||||||
|
value: POST
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.sidecar.dashboards.watchServerTimeout }}
|
{{- if .Values.sidecar.dashboards.watchServerTimeout }}
|
||||||
{{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }}
|
{{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }}
|
||||||
{{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }}
|
{{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }}
|
||||||
@ -561,7 +582,7 @@ containers:
|
|||||||
- name: UNIQUE_FILENAMES
|
- name: UNIQUE_FILENAMES
|
||||||
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.sidecar.notifiers.searchNamespace }}
|
{{- with .Values.sidecar.notifiers.searchNamespace }}
|
||||||
- name: NAMESPACE
|
- name: NAMESPACE
|
||||||
value: "{{ tpl (. | join ",") $root }}"
|
value: "{{ tpl (. | join ",") $root }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -1013,8 +1034,8 @@ volumes:
|
|||||||
- name: storage
|
- name: storage
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }}
|
claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }}
|
||||||
{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }}
|
{{- else if and .Values.persistence.enabled (has .Values.persistence.type $sts) }}
|
||||||
# nothing
|
{{/* nothing */}}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
- name: storage
|
- name: storage
|
||||||
{{- if .Values.persistence.inMemory.enabled }}
|
{{- if .Values.persistence.inMemory.enabled }}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- $sts := list "sts" "StatefulSet" -}}
|
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||||
{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }}
|
{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{{- $sts := list "sts" "StatefulSet" -}}
|
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||||
{{- if .Values.autoscaling.enabled }}
|
{{- if .Values.autoscaling.enabled }}
|
||||||
apiVersion: autoscaling/v2beta1
|
apiVersion: {{ include "grafana.hpa.apiVersion" . }}
|
||||||
kind: HorizontalPodAutoscaler
|
kind: HorizontalPodAutoscaler
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "grafana.fullname" . }}
|
name: {{ include "grafana.fullname" . }}
|
||||||
@ -22,5 +22,28 @@ spec:
|
|||||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||||
metrics:
|
metrics:
|
||||||
{{- toYaml .Values.autoscaling.metrics | nindent 4 }}
|
{{- if .Values.autoscaling.targetMemory }}
|
||||||
|
- type: Resource
|
||||||
|
resource:
|
||||||
|
name: memory
|
||||||
|
{{- if semverCompare "<1.23-0" .Capabilities.KubeVersion.Version }}
|
||||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetMemory }}
|
||||||
|
{{- else }}
|
||||||
|
target:
|
||||||
|
type: Utilization
|
||||||
|
averageUtilization: {{ .Values.autoscaling.targetMemory }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.autoscaling.targetCPU }}
|
||||||
|
- type: Resource
|
||||||
|
resource:
|
||||||
|
name: cpu
|
||||||
|
{{- if semverCompare "<1.23-0" .Capabilities.KubeVersion.Version }}
|
||||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetCPU }}
|
||||||
|
{{- else }}
|
||||||
|
target:
|
||||||
|
type: Utilization
|
||||||
|
averageUtilization: {{ .Values.autoscaling.targetCPU }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- $sts := list "sts" "StatefulSet" -}}
|
{{- $sts := list "sts" "StatefulSet" "statefulset" -}}
|
||||||
{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)))}}
|
{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)))}}
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: StatefulSet
|
kind: StatefulSet
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||||
apiVersion: policy/v1beta1
|
apiVersion: policy/v1beta1
|
||||||
kind: PodSecurityPolicy
|
kind: PodSecurityPolicy
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }}
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -48,17 +48,10 @@ headlessService: false
|
|||||||
#
|
#
|
||||||
autoscaling:
|
autoscaling:
|
||||||
enabled: false
|
enabled: false
|
||||||
# minReplicas: 1
|
minReplicas: 1
|
||||||
# maxReplicas: 10
|
maxReplicas: 5
|
||||||
# metrics:
|
targetCPU: "60"
|
||||||
# - type: Resource
|
targetMemory: ""
|
||||||
# resource:
|
|
||||||
# name: cpu
|
|
||||||
# targetAverageUtilization: 60
|
|
||||||
# - type: Resource
|
|
||||||
# resource:
|
|
||||||
# name: memory
|
|
||||||
# targetAverageUtilization: 60
|
|
||||||
|
|
||||||
## See `kubectl explain poddisruptionbudget.spec` for more
|
## See `kubectl explain poddisruptionbudget.spec` for more
|
||||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||||
@ -101,7 +94,7 @@ image:
|
|||||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||||
## Can be templated.
|
## Can be templated.
|
||||||
##
|
##
|
||||||
# pullSecrets:
|
pullSecrets: []
|
||||||
# - myRegistrKeySecretName
|
# - myRegistrKeySecretName
|
||||||
|
|
||||||
testFramework:
|
testFramework:
|
||||||
@ -761,7 +754,7 @@ smtp:
|
|||||||
sidecar:
|
sidecar:
|
||||||
image:
|
image:
|
||||||
repository: quay.io/kiwigrid/k8s-sidecar
|
repository: quay.io/kiwigrid/k8s-sidecar
|
||||||
tag: 1.19.2
|
tag: 1.21.0
|
||||||
sha: ""
|
sha: ""
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
resources: {}
|
resources: {}
|
||||||
@ -845,8 +838,11 @@ sidecar:
|
|||||||
# If specified, the sidecar will look for annotation with this name to create folder and put graph here.
|
# If specified, the sidecar will look for annotation with this name to create folder and put graph here.
|
||||||
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
|
# You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure.
|
||||||
folderAnnotation: null
|
folderAnnotation: null
|
||||||
|
# Endpoint to send request to reload alerts
|
||||||
|
reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload"
|
||||||
# Absolute path to shell script to execute after a configmap got reloaded
|
# Absolute path to shell script to execute after a configmap got reloaded
|
||||||
script: null
|
script: null
|
||||||
|
skipReload: false
|
||||||
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
|
# watchServerTimeout: request to the server, asking it to cleanly close the connection after that.
|
||||||
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
|
# defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S
|
||||||
# watchServerTimeout: 3600
|
# watchServerTimeout: 3600
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -313,8 +313,8 @@ spec:
|
|||||||
description: TLS configuration
|
description: TLS configuration
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use
|
description: Certificate authority used when verifying
|
||||||
for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use
|
description: ConfigMap containing data to use
|
||||||
@ -361,8 +361,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file
|
description: Client certificate to present when doing
|
||||||
for the targets.
|
client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use
|
description: ConfigMap containing data to use
|
||||||
@ -724,8 +724,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -773,8 +773,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -1170,8 +1170,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -1219,8 +1219,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -1626,8 +1626,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -1675,8 +1675,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -2160,8 +2160,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -2209,8 +2209,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -2552,8 +2552,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -2601,8 +2601,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -3026,8 +3026,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -3075,8 +3075,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -3437,8 +3437,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -3486,8 +3486,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -3808,8 +3808,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -3857,8 +3857,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -4229,8 +4229,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to
|
description: Certificate authority used when verifying
|
||||||
use for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
@ -4278,8 +4278,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert
|
description: Client certificate to present when
|
||||||
file for the targets.
|
doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to
|
description: ConfigMap containing data to
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -892,6 +892,22 @@ spec:
|
|||||||
type: array
|
type: array
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
alertmanagerConfigMatcherStrategy:
|
||||||
|
description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig
|
||||||
|
objects match the alerts. In the future more options may be added.
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
default: OnNamespace
|
||||||
|
description: If set to `OnNamespace`, the operator injects a label
|
||||||
|
matcher matching the namespace of the AlertmanagerConfig object
|
||||||
|
for all its routes and inhibition rules. `None` will not add
|
||||||
|
any additional matchers other than the ones specified in the
|
||||||
|
AlertmanagerConfig. Default is `OnNamespace`.
|
||||||
|
enum:
|
||||||
|
- OnNamespace
|
||||||
|
- None
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
alertmanagerConfigNamespaceSelector:
|
alertmanagerConfigNamespaceSelector:
|
||||||
description: Namespaces to be selected for AlertmanagerConfig discovery.
|
description: Namespaces to be selected for AlertmanagerConfig discovery.
|
||||||
If nil, only check own namespace.
|
If nil, only check own namespace.
|
||||||
@ -1205,8 +1221,8 @@ spec:
|
|||||||
description: TLS configuration for the client.
|
description: TLS configuration for the client.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use
|
description: Certificate authority used when verifying
|
||||||
for the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use
|
description: ConfigMap containing data to use
|
||||||
@ -1253,8 +1269,8 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file
|
description: Client certificate to present when doing
|
||||||
for the targets.
|
client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use
|
description: ConfigMap containing data to use
|
||||||
@ -1430,10 +1446,11 @@ spec:
|
|||||||
for this Alertmanager instance. If empty, it defaults to `alertmanager-<alertmanager-name>`.
|
for this Alertmanager instance. If empty, it defaults to `alertmanager-<alertmanager-name>`.
|
||||||
\n The Alertmanager configuration should be available under the
|
\n The Alertmanager configuration should be available under the
|
||||||
`alertmanager.yaml` key. Additional keys from the original secret
|
`alertmanager.yaml` key. Additional keys from the original secret
|
||||||
are copied to the generated secret. \n If either the secret or the
|
are copied to the generated secret and mounted into the `/etc/alertmanager/config`
|
||||||
`alertmanager.yaml` key is missing, the operator provisions an Alertmanager
|
directory in the `alertmanager` container. \n If either the secret
|
||||||
configuration with one empty receiver (effectively dropping alert
|
or the `alertmanager.yaml` key is missing, the operator provisions
|
||||||
notifications)."
|
a minimal Alertmanager configuration with one empty receiver (effectively
|
||||||
|
dropping alert notifications)."
|
||||||
type: string
|
type: string
|
||||||
containers:
|
containers:
|
||||||
description: 'Containers allows injecting additional containers. This
|
description: 'Containers allows injecting additional containers. This
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -42,8 +42,8 @@ spec:
|
|||||||
by Prometheus.
|
by Prometheus.
|
||||||
properties:
|
properties:
|
||||||
attachMetadata:
|
attachMetadata:
|
||||||
description: 'Attaches node metadata to discovered targets. Only valid
|
description: Attaches node metadata to discovered targets. Requires
|
||||||
for role: pod. Only valid in Prometheus versions 2.35.0 and newer.'
|
Prometheus v2.35.0 and above.
|
||||||
properties:
|
properties:
|
||||||
node:
|
node:
|
||||||
description: When set to true, Prometheus must have permissions
|
description: When set to true, Prometheus must have permissions
|
||||||
@ -477,8 +477,8 @@ spec:
|
|||||||
description: TLS configuration to use when scraping the endpoint.
|
description: TLS configuration to use when scraping the endpoint.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the
|
description: Certificate authority used when verifying server
|
||||||
targets.
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -522,8 +522,7 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for
|
description: Client certificate to present when doing client-authentication.
|
||||||
the targets.
|
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -589,7 +589,8 @@ spec:
|
|||||||
description: TLS configuration to use when scraping the endpoint.
|
description: TLS configuration to use when scraping the endpoint.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the targets.
|
description: Certificate authority used when verifying server
|
||||||
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the targets.
|
description: ConfigMap containing data to use for the targets.
|
||||||
@ -630,7 +631,7 @@ spec:
|
|||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
type: object
|
type: object
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for the targets.
|
description: Client certificate to present when doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the targets.
|
description: ConfigMap containing data to use for the targets.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -1055,6 +1055,9 @@ spec:
|
|||||||
description: BearerTokenFile to read from filesystem to
|
description: BearerTokenFile to read from filesystem to
|
||||||
use when authenticating to Alertmanager.
|
use when authenticating to Alertmanager.
|
||||||
type: string
|
type: string
|
||||||
|
enableHttp2:
|
||||||
|
description: Whether to enable HTTP2.
|
||||||
|
type: boolean
|
||||||
name:
|
name:
|
||||||
description: Name of Endpoints object in Namespace.
|
description: Name of Endpoints object in Namespace.
|
||||||
type: string
|
type: string
|
||||||
@ -1083,8 +1086,8 @@ spec:
|
|||||||
description: TLS Config to use for alertmanager connection.
|
description: TLS Config to use for alertmanager connection.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for
|
description: Certificate authority used when verifying
|
||||||
the targets.
|
server certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for
|
description: ConfigMap containing data to use for
|
||||||
@ -1135,8 +1138,8 @@ spec:
|
|||||||
to use for the targets.
|
to use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file
|
description: Client certificate to present when doing
|
||||||
for the targets.
|
client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for
|
description: ConfigMap containing data to use for
|
||||||
@ -1329,8 +1332,8 @@ spec:
|
|||||||
description: TLS Config to use for accessing apiserver.
|
description: TLS Config to use for accessing apiserver.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the
|
description: Certificate authority used when verifying server
|
||||||
targets.
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -1378,8 +1381,7 @@ spec:
|
|||||||
to use for the targets.
|
to use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for the
|
description: Client certificate to present when doing client-authentication.
|
||||||
targets.
|
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -4575,6 +4577,11 @@ spec:
|
|||||||
bearerTokenFile:
|
bearerTokenFile:
|
||||||
description: File to read bearer token for remote read.
|
description: File to read bearer token for remote read.
|
||||||
type: string
|
type: string
|
||||||
|
filterExternalLabels:
|
||||||
|
description: Whether to use the external labels as selectors
|
||||||
|
for the remote read endpoint. Requires Prometheus v2.34.0
|
||||||
|
and above.
|
||||||
|
type: boolean
|
||||||
headers:
|
headers:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
@ -4697,8 +4704,8 @@ spec:
|
|||||||
description: TLS Config to use for remote read.
|
description: TLS Config to use for remote read.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the
|
description: Certificate authority used when verifying server
|
||||||
targets.
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -4746,8 +4753,7 @@ spec:
|
|||||||
to use for the targets.
|
to use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for
|
description: Client certificate to present when doing client-authentication.
|
||||||
the targets.
|
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -5148,8 +5154,8 @@ spec:
|
|||||||
description: TLS Config to use for remote write.
|
description: TLS Config to use for remote write.
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the
|
description: Certificate authority used when verifying server
|
||||||
targets.
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -5197,8 +5203,7 @@ spec:
|
|||||||
to use for the targets.
|
to use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for
|
description: Client certificate to present when doing client-authentication.
|
||||||
the targets.
|
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -6437,8 +6442,8 @@ spec:
|
|||||||
Maps to the ''--grpc-server-tls-*'' CLI args.'
|
Maps to the ''--grpc-server-tls-*'' CLI args.'
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the
|
description: Certificate authority used when verifying server
|
||||||
targets.
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -6486,8 +6491,7 @@ spec:
|
|||||||
to use for the targets.
|
to use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for the
|
description: Client certificate to present when doing client-authentication.
|
||||||
targets.
|
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -44,18 +44,26 @@ spec:
|
|||||||
groups:
|
groups:
|
||||||
description: Content of Prometheus rule file
|
description: Content of Prometheus rule file
|
||||||
items:
|
items:
|
||||||
description: 'RuleGroup is a list of sequentially evaluated recording
|
description: RuleGroup is a list of sequentially evaluated recording
|
||||||
and alerting rules. Note: PartialResponseStrategy is only used
|
and alerting rules.
|
||||||
by ThanosRuler and will be ignored by Prometheus instances. Valid
|
|
||||||
values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response'
|
|
||||||
properties:
|
properties:
|
||||||
interval:
|
interval:
|
||||||
|
description: Interval determines how often rules in the group
|
||||||
|
are evaluated.
|
||||||
|
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||||
type: string
|
type: string
|
||||||
name:
|
name:
|
||||||
|
description: Name of the rule group.
|
||||||
|
minLength: 1
|
||||||
type: string
|
type: string
|
||||||
partial_response_strategy:
|
partial_response_strategy:
|
||||||
|
default: ""
|
||||||
|
description: 'PartialResponseStrategy is only used by ThanosRuler
|
||||||
|
and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response'
|
||||||
|
pattern: ^(?i)(abort|warn)?$
|
||||||
type: string
|
type: string
|
||||||
rules:
|
rules:
|
||||||
|
description: List of alerting and recording rules.
|
||||||
items:
|
items:
|
||||||
description: 'Rule describes an alerting or recording rule
|
description: 'Rule describes an alerting or recording rule
|
||||||
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
|
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
|
||||||
@ -63,23 +71,35 @@ spec:
|
|||||||
rule'
|
rule'
|
||||||
properties:
|
properties:
|
||||||
alert:
|
alert:
|
||||||
|
description: Name of the alert. Must be a valid label
|
||||||
|
value. Only one of `record` and `alert` must be set.
|
||||||
type: string
|
type: string
|
||||||
annotations:
|
annotations:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
|
description: Annotations to add to each alert. Only valid
|
||||||
|
for alerting rules.
|
||||||
type: object
|
type: object
|
||||||
expr:
|
expr:
|
||||||
anyOf:
|
anyOf:
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: string
|
- type: string
|
||||||
|
description: PromQL expression to evaluate.
|
||||||
x-kubernetes-int-or-string: true
|
x-kubernetes-int-or-string: true
|
||||||
for:
|
for:
|
||||||
|
description: Alerts are considered firing once they have
|
||||||
|
been returned for this long.
|
||||||
|
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||||
type: string
|
type: string
|
||||||
labels:
|
labels:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
|
description: Labels to add or overwrite.
|
||||||
type: object
|
type: object
|
||||||
record:
|
record:
|
||||||
|
description: Name of the time series to output to. Must
|
||||||
|
be a valid metric name. Only one of `record` and `alert`
|
||||||
|
must be set.
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- expr
|
- expr
|
||||||
@ -90,6 +110,9 @@ spec:
|
|||||||
- rules
|
- rules
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
x-kubernetes-list-map-keys:
|
||||||
|
- name
|
||||||
|
x-kubernetes-list-type: map
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
- spec
|
- spec
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -41,6 +41,15 @@ spec:
|
|||||||
description: Specification of desired Service selection for target discovery
|
description: Specification of desired Service selection for target discovery
|
||||||
by Prometheus.
|
by Prometheus.
|
||||||
properties:
|
properties:
|
||||||
|
attachMetadata:
|
||||||
|
description: Attaches node metadata to discovered targets. Requires
|
||||||
|
Prometheus v2.37.0 and above.
|
||||||
|
properties:
|
||||||
|
node:
|
||||||
|
description: When set to true, Prometheus must have permissions
|
||||||
|
to get Nodes.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
endpoints:
|
endpoints:
|
||||||
description: A list of endpoints allowed as part of this ServiceMonitor.
|
description: A list of endpoints allowed as part of this ServiceMonitor.
|
||||||
items:
|
items:
|
||||||
@ -147,6 +156,10 @@ spec:
|
|||||||
enableHttp2:
|
enableHttp2:
|
||||||
description: Whether to enable HTTP2.
|
description: Whether to enable HTTP2.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
filterRunning:
|
||||||
|
description: 'Drop pods that are not running. (Failed, Succeeded).
|
||||||
|
Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase'
|
||||||
|
type: boolean
|
||||||
followRedirects:
|
followRedirects:
|
||||||
description: FollowRedirects configures whether scrape requests
|
description: FollowRedirects configures whether scrape requests
|
||||||
follow HTTP 3xx redirects.
|
follow HTTP 3xx redirects.
|
||||||
@ -436,8 +449,8 @@ spec:
|
|||||||
description: TLS configuration to use when scraping the endpoint
|
description: TLS configuration to use when scraping the endpoint
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the
|
description: Certificate authority used when verifying server
|
||||||
targets.
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
@ -485,8 +498,7 @@ spec:
|
|||||||
to use for the targets.
|
to use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for
|
description: Client certificate to present when doing client-authentication.
|
||||||
the targets.
|
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the
|
description: ConfigMap containing data to use for the
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
|
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
@ -2238,7 +2238,8 @@ spec:
|
|||||||
the ''--grpc-server-tls-*'' CLI args.'
|
the ''--grpc-server-tls-*'' CLI args.'
|
||||||
properties:
|
properties:
|
||||||
ca:
|
ca:
|
||||||
description: Struct containing the CA cert to use for the targets.
|
description: Certificate authority used when verifying server
|
||||||
|
certificates.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the targets.
|
description: ConfigMap containing data to use for the targets.
|
||||||
@ -2283,7 +2284,7 @@ spec:
|
|||||||
use for the targets.
|
use for the targets.
|
||||||
type: string
|
type: string
|
||||||
cert:
|
cert:
|
||||||
description: Struct containing the client cert file for the targets.
|
description: Client certificate to present when doing client-authentication.
|
||||||
properties:
|
properties:
|
||||||
configMap:
|
configMap:
|
||||||
description: ConfigMap containing data to use for the targets.
|
description: ConfigMap containing data to use for the targets.
|
||||||
|
@ -31,7 +31,7 @@ data:
|
|||||||
url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }}
|
url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
access: proxy
|
access: proxy
|
||||||
isDefault: true
|
isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }}
|
||||||
jsonData:
|
jsonData:
|
||||||
timeInterval: {{ $scrapeInterval }}
|
timeInterval: {{ $scrapeInterval }}
|
||||||
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||||
|
@ -16,16 +16,16 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed }}
|
{{- if .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed }}
|
||||||
maxAllowed:
|
maxAllowed:
|
||||||
{{ toYaml .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed | nindent 8 }}
|
{{- toYaml .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.minAllowed }}
|
{{- if .Values.prometheusOperator.verticalPodAutoscaler.minAllowed }}
|
||||||
minAllowed:
|
minAllowed:
|
||||||
{{ toYaml .Values.prometheusOperator.verticalPodAutoscaler.minAllowed | nindent 8 }}
|
{{- toYaml .Values.prometheusOperator.verticalPodAutoscaler.minAllowed | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
targetRef:
|
targetRef:
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
name: {{ template "kube-prometheus-stack.fullname" . }}
|
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
|
||||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }}
|
{{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }}
|
||||||
updatePolicy:
|
updatePolicy:
|
||||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy.updateMode }}
|
{{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy.updateMode }}
|
||||||
|
@ -210,6 +210,7 @@ spec:
|
|||||||
{{ else }}
|
{{ else }}
|
||||||
ruleNamespaceSelector: {}
|
ruleNamespaceSelector: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if not (has "agent" .Values.prometheus.prometheusSpec.enableFeatures) }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.ruleSelector }}
|
{{- if .Values.prometheus.prometheusSpec.ruleSelector }}
|
||||||
ruleSelector:
|
ruleSelector:
|
||||||
{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}}
|
{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}}
|
||||||
@ -220,6 +221,7 @@ spec:
|
|||||||
{{ else }}
|
{{ else }}
|
||||||
ruleSelector: {}
|
ruleSelector: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.prometheus.prometheusSpec.storageSpec }}
|
{{- if .Values.prometheus.prometheusSpec.storageSpec }}
|
||||||
storage:
|
storage:
|
||||||
{{ tpl (toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4) . }}
|
{{ tpl (toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4) . }}
|
||||||
|
@ -463,7 +463,7 @@ alertmanager:
|
|||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: prometheus/alertmanager
|
repository: prometheus/alertmanager
|
||||||
tag: v0.24.0
|
tag: v0.25.0
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
## If true then the user will be responsible to provide a secret with alertmanager configuration
|
## If true then the user will be responsible to provide a secret with alertmanager configuration
|
||||||
@ -798,6 +798,7 @@ grafana:
|
|||||||
datasources:
|
datasources:
|
||||||
enabled: true
|
enabled: true
|
||||||
defaultDatasourceEnabled: true
|
defaultDatasourceEnabled: true
|
||||||
|
isDefaultDatasource: true
|
||||||
|
|
||||||
uid: prometheus
|
uid: prometheus
|
||||||
|
|
||||||
@ -1908,7 +1909,7 @@ prometheusOperator:
|
|||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: prometheus-operator/prometheus-operator
|
repository: prometheus-operator/prometheus-operator
|
||||||
tag: v0.60.1
|
tag: v0.61.1
|
||||||
sha: ""
|
sha: ""
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
@ -1934,7 +1935,7 @@ prometheusOperator:
|
|||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: prometheus-operator/prometheus-config-reloader
|
repository: prometheus-operator/prometheus-config-reloader
|
||||||
tag: v0.60.1
|
tag: v0.61.1
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
# resource config for prometheusConfigReloader
|
# resource config for prometheusConfigReloader
|
||||||
@ -1951,7 +1952,7 @@ prometheusOperator:
|
|||||||
thanosImage:
|
thanosImage:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: thanos/thanos
|
repository: thanos/thanos
|
||||||
tag: v0.28.1
|
tag: v0.29.0
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
## Set a Field Selector to filter watched secrets
|
## Set a Field Selector to filter watched secrets
|
||||||
@ -2389,7 +2390,7 @@ prometheus:
|
|||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: prometheus/prometheus
|
repository: prometheus/prometheus
|
||||||
tag: v2.39.1
|
tag: v2.40.5
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
## Tolerations for use with node taints
|
## Tolerations for use with node taints
|
||||||
@ -3231,7 +3232,7 @@ thanosRuler:
|
|||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: thanos/thanos
|
repository: thanos/thanos
|
||||||
tag: v0.28.1
|
tag: v0.29.0
|
||||||
sha: ""
|
sha: ""
|
||||||
|
|
||||||
## Namespaces to be selected for PrometheusRules discovery.
|
## Namespaces to be selected for PrometheusRules discovery.
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
"subdir": "contrib/mixin"
|
"subdir": "contrib/mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "f1842b6ecf67a8102766cc914eaa2a8c7ad97314",
|
"version": "9e3966fbce6dccd2271b7ade588fefeb4ca7b247",
|
||||||
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
|
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -48,7 +48,7 @@
|
|||||||
"subdir": "grafana-builder"
|
"subdir": "grafana-builder"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "ae961c84758825e4e3fd7b70a3b391ffec76e4ae",
|
"version": "d68f9a6e0b1af7c4c4056dc2b43fb8f3bac01f43",
|
||||||
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
19
charts/kubezero-metrics/templates/rules/zdt-inhibitors.yaml
Normal file
19
charts/kubezero-metrics/templates/rules/zdt-inhibitors.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PrometheusRule
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" (include "kubezero-lib.fullname" $) "zdt-inhibitors" | trunc 63 | trimSuffix "-" }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
groups:
|
||||||
|
- name: zdt-inhibitors
|
||||||
|
rules:
|
||||||
|
- alert: ClusterAutoscalerNodeGroupsEnabled
|
||||||
|
annotations:
|
||||||
|
description: "This rule is meant to inhibit other rules and should not be forwarded.\nThe Cluster Autoscaler found at least one node group"
|
||||||
|
summary: Cluster Autoscaler found at least one node group.
|
||||||
|
expr: 'cluster_autoscaler_node_groups_count{job="addons-aws-cluster-autoscaler",node_group_type="autoscaled"} > 0'
|
||||||
|
for: 15m
|
||||||
|
labels:
|
||||||
|
severity: none
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
helm dep update
|
helm repo update
|
||||||
|
|
||||||
VERSION=$(yq eval '.dependencies[] | select(.name=="kube-prometheus-stack") | .version' Chart.yaml)
|
VERSION=$(yq eval '.dependencies[] | select(.name=="kube-prometheus-stack") | .version' Chart.yaml)
|
||||||
rm -rf charts/kube-prometheus-stack
|
rm -rf charts/kube-prometheus-stack
|
||||||
@ -10,6 +10,8 @@ helm pull prometheus-community/kube-prometheus-stack --untar --untardir charts -
|
|||||||
# workaround for https://github.com/prometheus-community/helm-charts/issues/1500
|
# workaround for https://github.com/prometheus-community/helm-charts/issues/1500
|
||||||
patch -p0 -i zdt.patch --no-backup-if-mismatch
|
patch -p0 -i zdt.patch --no-backup-if-mismatch
|
||||||
|
|
||||||
|
helm dep update
|
||||||
|
|
||||||
# Create ZDT dashboard, alerts etc configmaps
|
# Create ZDT dashboard, alerts etc configmaps
|
||||||
cd jsonnet && make
|
cd jsonnet && make
|
||||||
|
|
||||||
|
@ -225,15 +225,12 @@ kube-prometheus-stack:
|
|||||||
resolve_timeout: 5m
|
resolve_timeout: 5m
|
||||||
route:
|
route:
|
||||||
group_by: ['severity', 'clusterName']
|
group_by: ['severity', 'clusterName']
|
||||||
group_wait: 30s
|
group_wait: 10s
|
||||||
group_interval: 5m
|
group_interval: 5m
|
||||||
repeat_interval: 6h
|
repeat_interval: 4h
|
||||||
routes:
|
routes:
|
||||||
- matchers:
|
- matchers:
|
||||||
- alertname = Watchdog
|
- severity = none
|
||||||
receiver: 'null'
|
|
||||||
- matchers:
|
|
||||||
- alertname = InfoInhibitor
|
|
||||||
receiver: 'null'
|
receiver: 'null'
|
||||||
inhibit_rules:
|
inhibit_rules:
|
||||||
- equal:
|
- equal:
|
||||||
@ -256,6 +253,11 @@ kube-prometheus-stack:
|
|||||||
- alertname = InfoInhibitor
|
- alertname = InfoInhibitor
|
||||||
target_matchers:
|
target_matchers:
|
||||||
- severity = info
|
- severity = info
|
||||||
|
# Disable cluster overcommiy alerts if we have cluster autoscaler available
|
||||||
|
- source_matchers:
|
||||||
|
- alertname = ClusterAutoscalerNodeGroupsEnabled
|
||||||
|
target_matchers:
|
||||||
|
- alertname =~ "KubeCPUOvercommit|KubeMemoryOvercommit"
|
||||||
alertmanagerSpec:
|
alertmanagerSpec:
|
||||||
# externalUrl:
|
# externalUrl:
|
||||||
logFormat: json
|
logFormat: json
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-network
|
name: kubezero-network
|
||||||
description: KubeZero umbrella chart for all things network
|
description: KubeZero umbrella chart for all things network
|
||||||
type: application
|
type: application
|
||||||
version: 0.4.1
|
version: 0.4.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -19,7 +19,7 @@ dependencies:
|
|||||||
version: ">= 0.1.5"
|
version: ">= 0.1.5"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: cilium
|
- name: cilium
|
||||||
version: 1.12.3
|
version: 1.12.5
|
||||||
repository: https://helm.cilium.io/
|
repository: https://helm.cilium.io/
|
||||||
condition: cilium.enabled
|
condition: cilium.enabled
|
||||||
- name: metallb
|
- name: metallb
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-network
|
# kubezero-network
|
||||||
|
|
||||||
![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things network
|
KubeZero umbrella chart for all things network
|
||||||
|
|
||||||
@ -19,7 +19,7 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
||||||
| https://helm.cilium.io/ | cilium | 1.12.3 |
|
| https://helm.cilium.io/ | cilium | 1.12.5 |
|
||||||
| https://metallb.github.io/metallb | metallb | 0.13.7 |
|
| https://metallb.github.io/metallb | metallb | 0.13.7 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
@ -52,6 +52,9 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| cilium.operator.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
| cilium.operator.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||||
| cilium.prometheus.enabled | bool | `false` | |
|
| cilium.prometheus.enabled | bool | `false` | |
|
||||||
| cilium.prometheus.port | int | `9091` | |
|
| cilium.prometheus.port | int | `9091` | |
|
||||||
|
| cilium.resources.limits.memory | string | `"1024Mi"` | |
|
||||||
|
| cilium.resources.requests.cpu | string | `"10m"` | |
|
||||||
|
| cilium.resources.requests.memory | string | `"256Mi"` | |
|
||||||
| cilium.securityContext.privileged | bool | `true` | |
|
| cilium.securityContext.privileged | bool | `true` | |
|
||||||
| cilium.tunnel | string | `"geneve"` | |
|
| cilium.tunnel | string | `"geneve"` | |
|
||||||
| metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
| metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||||
|
@ -34,6 +34,14 @@ cilium:
|
|||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 256Mi
|
||||||
|
limits:
|
||||||
|
memory: 1024Mi
|
||||||
|
# cpu: 4000m
|
||||||
|
|
||||||
cni:
|
cni:
|
||||||
binPath: "/usr/libexec/cni"
|
binPath: "/usr/libexec/cni"
|
||||||
logFile: /var/log/cilium-cni.log
|
logFile: /var/log/cilium-cni.log
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-sql
|
name: kubezero-sql
|
||||||
description: KubeZero umbrella chart for SQL databases, Percona XtraDB Cluster
|
description: KubeZero umbrella chart for SQL databases, Percona XtraDB Cluster
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.0
|
version: 0.3.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -18,7 +18,7 @@ dependencies:
|
|||||||
version: ">= 0.1.5"
|
version: ">= 0.1.5"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: pxc-operator
|
- name: pxc-operator
|
||||||
version: 1.11.1
|
version: 1.12.0
|
||||||
repository: https://percona.github.io/percona-helm-charts/
|
repository: https://percona.github.io/percona-helm-charts/
|
||||||
condition: pxc-operator.enabled
|
condition: pxc-operator.enabled
|
||||||
- name: mariadb-galera
|
- name: mariadb-galera
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-sql
|
# kubezero-sql
|
||||||
|
|
||||||
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for SQL databases, Percona XtraDB Cluster
|
KubeZero umbrella chart for SQL databases, Percona XtraDB Cluster
|
||||||
|
|
||||||
@ -20,7 +20,7 @@ Kubernetes: `>= 1.20.0`
|
|||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
||||||
| https://charts.bitnami.com/bitnami | mariadb-galera | 7.4.7 |
|
| https://charts.bitnami.com/bitnami | mariadb-galera | 7.4.7 |
|
||||||
| https://percona.github.io/percona-helm-charts/ | pxc-operator | 1.11.1 |
|
| https://percona.github.io/percona-helm-charts/ | pxc-operator | 1.12.0 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-storage
|
name: kubezero-storage
|
||||||
description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
||||||
type: application
|
type: application
|
||||||
version: 0.7.4
|
version: 0.7.5
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -28,7 +28,7 @@ dependencies:
|
|||||||
condition: gemini.enabled
|
condition: gemini.enabled
|
||||||
# repository: https://charts.fairwinds.com/stable
|
# repository: https://charts.fairwinds.com/stable
|
||||||
- name: aws-ebs-csi-driver
|
- name: aws-ebs-csi-driver
|
||||||
version: 2.13.0
|
version: 2.14.1
|
||||||
condition: aws-ebs-csi-driver.enabled
|
condition: aws-ebs-csi-driver.enabled
|
||||||
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
||||||
- name: aws-efs-csi-driver
|
- name: aws-efs-csi-driver
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-storage
|
# kubezero-storage
|
||||||
|
|
||||||
![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
||||||
|
|
||||||
@ -22,7 +22,7 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| | gemini | 1.0.0 |
|
| | gemini | 1.0.0 |
|
||||||
| | lvm-localpv | 1.0.0 |
|
| | lvm-localpv | 1.0.0 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.13.0 |
|
| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.14.1 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
"subdir": "contrib/mixin"
|
"subdir": "contrib/mixin"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "f1842b6ecf67a8102766cc914eaa2a8c7ad97314",
|
"version": "9e3966fbce6dccd2271b7ade588fefeb4ca7b247",
|
||||||
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
|
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -38,7 +38,7 @@
|
|||||||
"subdir": "grafana-builder"
|
"subdir": "grafana-builder"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"version": "ae961c84758825e4e3fd7b70a3b391ffec76e4ae",
|
"version": "d68f9a6e0b1af7c4c4056dc2b43fb8f3bac01f43",
|
||||||
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -24,6 +24,7 @@ Kubernetes: `>= 1.24.0`
|
|||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
|
| addons.aws-eks-asg-rolling-update-handler.enabled | bool | `false` | |
|
||||||
| addons.aws-node-termination-handler.enabled | bool | `false` | |
|
| addons.aws-node-termination-handler.enabled | bool | `false` | |
|
||||||
| addons.cluster-autoscaler.enabled | bool | `false` | |
|
| addons.cluster-autoscaler.enabled | bool | `false` | |
|
||||||
| addons.clusterBackup.enabled | bool | `false` | |
|
| addons.clusterBackup.enabled | bool | `false` | |
|
||||||
@ -31,12 +32,12 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| addons.external-dns.enabled | bool | `false` | |
|
| addons.external-dns.enabled | bool | `false` | |
|
||||||
| addons.forseti.enabled | bool | `false` | |
|
| addons.forseti.enabled | bool | `false` | |
|
||||||
| addons.sealed-secrets.enabled | bool | `false` | |
|
| addons.sealed-secrets.enabled | bool | `false` | |
|
||||||
| addons.targetRevision | string | `"0.7.2"` | |
|
| addons.targetRevision | string | `"0.7.3"` | |
|
||||||
| argocd.argocd-image-updater.enabled | bool | `false` | |
|
| argocd.argocd-image-updater.enabled | bool | `false` | |
|
||||||
| argocd.enabled | bool | `false` | |
|
| argocd.enabled | bool | `false` | |
|
||||||
| argocd.istio.enabled | bool | `false` | |
|
| argocd.istio.enabled | bool | `false` | |
|
||||||
| argocd.namespace | string | `"argocd"` | |
|
| argocd.namespace | string | `"argocd"` | |
|
||||||
| argocd.targetRevision | string | `"0.11.1"` | |
|
| argocd.targetRevision | string | `"0.11.2"` | |
|
||||||
| cert-manager.enabled | bool | `false` | |
|
| cert-manager.enabled | bool | `false` | |
|
||||||
| cert-manager.namespace | string | `"cert-manager"` | |
|
| cert-manager.namespace | string | `"cert-manager"` | |
|
||||||
| cert-manager.targetRevision | string | `"0.9.3"` | |
|
| cert-manager.targetRevision | string | `"0.9.3"` | |
|
||||||
@ -66,17 +67,18 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| metrics.istio.grafana | object | `{}` | |
|
| metrics.istio.grafana | object | `{}` | |
|
||||||
| metrics.istio.prometheus | object | `{}` | |
|
| metrics.istio.prometheus | object | `{}` | |
|
||||||
| metrics.namespace | string | `"monitoring"` | |
|
| metrics.namespace | string | `"monitoring"` | |
|
||||||
| metrics.targetRevision | string | `"0.8.8"` | |
|
| metrics.targetRevision | string | `"0.8.9"` | |
|
||||||
| network.cilium.cluster | object | `{}` | |
|
| network.cilium.cluster | object | `{}` | |
|
||||||
| network.enabled | bool | `true` | |
|
| network.enabled | bool | `true` | |
|
||||||
| network.retain | bool | `true` | |
|
| network.retain | bool | `true` | |
|
||||||
| network.targetRevision | string | `"0.4.1"` | |
|
| network.targetRevision | string | `"0.4.2"` | |
|
||||||
| storage.aws-ebs-csi-driver.enabled | bool | `false` | |
|
| storage.aws-ebs-csi-driver.enabled | bool | `false` | |
|
||||||
| storage.aws-efs-csi-driver.enabled | bool | `false` | |
|
| storage.aws-efs-csi-driver.enabled | bool | `false` | |
|
||||||
| storage.enabled | bool | `false` | |
|
| storage.enabled | bool | `false` | |
|
||||||
| storage.gemini.enabled | bool | `false` | |
|
| storage.gemini.enabled | bool | `false` | |
|
||||||
| storage.snapshotController.enabled | bool | `false` | |
|
| storage.snapshotController.enabled | bool | `false` | |
|
||||||
| storage.targetRevision | string | `"0.7.4"` | |
|
| storage.targetRevision | string | `"0.7.4"` | |
|
||||||
|
| storage.velero.enabled | bool | `false` | |
|
||||||
|
|
||||||
----------------------------------------------
|
----------------------------------------------
|
||||||
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
|
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
|
||||||
|
@ -28,32 +28,6 @@ forseti:
|
|||||||
iamRoleArn: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.kubezeroForseti"
|
iamRoleArn: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.kubezeroForseti"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
aws-node-termination-handler:
|
|
||||||
enabled: {{ ternary "true" "false" (or (hasKey .Values.global "aws") (index .Values "addons" "aws-node-termination-handler" "enabled")) }}
|
|
||||||
|
|
||||||
{{- with omit (index .Values "addons" "aws-node-termination-handler") "enabled" }}
|
|
||||||
{{- toYaml . | nindent 2 }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.metrics }}
|
|
||||||
enablePrometheusServer: {{ .enabled }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.global.aws }}
|
|
||||||
# AWS
|
|
||||||
queueURL: "https://sqs.{{ .Values.global.aws.region }}.amazonaws.com/{{ .Values.global.aws.accountId }}/{{ .Values.global.clusterName }}_Nth"
|
|
||||||
managedTag: "aws-node-termination-handler/{{ .Values.global.clusterName }}"
|
|
||||||
extraEnv:
|
|
||||||
- name: AWS_ROLE_ARN
|
|
||||||
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsNth"
|
|
||||||
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
||||||
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
||||||
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
||||||
value: "regional"
|
|
||||||
- name: METADATA_TRIES
|
|
||||||
value: "0"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
external-dns:
|
external-dns:
|
||||||
enabled: {{ ternary "true" "false" (or (hasKey .Values.global "aws") (index .Values "addons" "external-dns" "enabled")) }}
|
enabled: {{ ternary "true" "false" (or (hasKey .Values.global "aws") (index .Values "addons" "external-dns" "enabled")) }}
|
||||||
|
|
||||||
@ -157,6 +131,58 @@ sealed-secrets:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.global.aws }}
|
||||||
|
# AWS only
|
||||||
|
aws-node-termination-handler:
|
||||||
|
enabled: {{ default "true" (index .Values "addons" "aws-node-termination-handler" "enabled") }}
|
||||||
|
|
||||||
|
{{- with omit (index .Values "addons" "aws-node-termination-handler") "enabled" }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- with .Values.metrics }}
|
||||||
|
enablePrometheusServer: {{ .enabled }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
queueURL: "https://sqs.{{ .Values.global.aws.region }}.amazonaws.com/{{ .Values.global.aws.accountId }}/{{ .Values.global.clusterName }}_Nth"
|
||||||
|
managedTag: "aws-node-termination-handler/{{ .Values.global.clusterName }}"
|
||||||
|
extraEnv:
|
||||||
|
- name: AWS_ROLE_ARN
|
||||||
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsNth"
|
||||||
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||||
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||||
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||||
|
value: "regional"
|
||||||
|
- name: METADATA_TRIES
|
||||||
|
value: "0"
|
||||||
|
|
||||||
|
aws-eks-asg-rolling-update-handler:
|
||||||
|
enabled: {{ default "true" (index .Values "addons" "aws-eks-asg-rolling-update-handler" "enabled") }}
|
||||||
|
|
||||||
|
{{- with omit (index .Values "addons" "aws-eks-asg-rolling-update-handler") "enabled" }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
environmentVars:
|
||||||
|
- name: CLUSTER_NAME
|
||||||
|
value: {{ .Values.global.clusterName }}
|
||||||
|
- name: AWS_REGION
|
||||||
|
value: {{ .Values.global.aws.region }}
|
||||||
|
- name: EXECUTION_INTERVAL
|
||||||
|
value: "60"
|
||||||
|
- name: METRICS
|
||||||
|
value: "{{ .Values.metrics.enabled }}"
|
||||||
|
- name: EAGER_CORDONING
|
||||||
|
value: "true"
|
||||||
|
- name: SLOW_MODE
|
||||||
|
value: "true"
|
||||||
|
- name: AWS_ROLE_ARN
|
||||||
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsRuh"
|
||||||
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||||
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||||
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- define "addons-argo" }}
|
{{- define "addons-argo" }}
|
||||||
|
@ -10,24 +10,26 @@ global:
|
|||||||
|
|
||||||
addons:
|
addons:
|
||||||
enabled: true
|
enabled: true
|
||||||
targetRevision: 0.7.2
|
targetRevision: 0.7.3
|
||||||
external-dns:
|
external-dns:
|
||||||
enabled: false
|
enabled: false
|
||||||
forseti:
|
forseti:
|
||||||
enabled: false
|
enabled: false
|
||||||
clusterBackup:
|
clusterBackup:
|
||||||
enabled: false
|
enabled: false
|
||||||
aws-node-termination-handler:
|
|
||||||
enabled: false
|
|
||||||
cluster-autoscaler:
|
cluster-autoscaler:
|
||||||
enabled: false
|
enabled: false
|
||||||
sealed-secrets:
|
sealed-secrets:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
aws-node-termination-handler:
|
||||||
|
enabled: false
|
||||||
|
aws-eks-asg-rolling-update-handler:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
network:
|
network:
|
||||||
enabled: true
|
enabled: true
|
||||||
retain: true
|
retain: true
|
||||||
targetRevision: 0.4.1
|
targetRevision: 0.4.2
|
||||||
cilium:
|
cilium:
|
||||||
cluster: {}
|
cluster: {}
|
||||||
|
|
||||||
@ -74,7 +76,7 @@ istio-private-ingress:
|
|||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
targetRevision: 0.8.8
|
targetRevision: 0.8.9
|
||||||
istio:
|
istio:
|
||||||
grafana: {}
|
grafana: {}
|
||||||
prometheus: {}
|
prometheus: {}
|
||||||
@ -87,7 +89,7 @@ logging:
|
|||||||
argocd:
|
argocd:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
targetRevision: 0.11.1
|
targetRevision: 0.11.2
|
||||||
argocd-image-updater:
|
argocd-image-updater:
|
||||||
enabled: false
|
enabled: false
|
||||||
istio:
|
istio:
|
||||||
|
@ -2,8 +2,8 @@ apiVersion: v2
|
|||||||
name: manticore
|
name: manticore
|
||||||
description: Chart for Manticore
|
description: Chart for Manticore
|
||||||
type: application
|
type: application
|
||||||
version: 5.0.02
|
version: 5.0.25
|
||||||
appVersion: 5.0.02
|
appVersion: 5.0.25
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -17,5 +17,6 @@ dependencies:
|
|||||||
version: ">= 0.1.4"
|
version: ">= 0.1.4"
|
||||||
repository: https://cdn.zero-downtime.net/charts
|
repository: https://cdn.zero-downtime.net/charts
|
||||||
- name: manticoresearch
|
- name: manticoresearch
|
||||||
version: "=5.0.02"
|
version: "5.0.25"
|
||||||
|
repository: https://helm.manticoresearch.com
|
||||||
kubeVersion: ">= 1.20.0"
|
kubeVersion: ">= 1.20.0"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# manticore
|
# manticore
|
||||||
|
|
||||||
![Version: 5.0.02](https://img.shields.io/badge/Version-5.0.02-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.02](https://img.shields.io/badge/AppVersion-5.0.02-informational?style=flat-square)
|
![Version: 5.0.25](https://img.shields.io/badge/Version-5.0.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.25](https://img.shields.io/badge/AppVersion-5.0.25-informational?style=flat-square)
|
||||||
|
|
||||||
Chart for Manticore
|
Chart for Manticore
|
||||||
|
|
||||||
@ -18,8 +18,8 @@ Kubernetes: `>= 1.20.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | manticoresearch | =5.0.02 |
|
|
||||||
| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.4 |
|
| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.4 |
|
||||||
|
| https://helm.manticoresearch.com | manticoresearch | 5.0.25 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
|
@ -3,8 +3,11 @@
|
|||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
## What's new - Major themes
|
## What's new - Major themes
|
||||||
- Cilium is now the default CNI, calico got removed
|
- Cilium is now the default CNI, calico gets removed
|
||||||
- cluster-autoscaler is enabled by default on AWS
|
- cluster-autoscaler is enabled by default on AWS
|
||||||
|
- worker nodes are now automatically update to latest AMI and config in a rolling fashion
|
||||||
|
- integrated Bitnami Sealed Secrets controller
|
||||||
|
|
||||||
|
|
||||||
## Version upgrades
|
## Version upgrades
|
||||||
- cilium
|
- cilium
|
||||||
@ -13,6 +16,9 @@
|
|||||||
- aws-node-termination-handler
|
- aws-node-termination-handler
|
||||||
- aws-ebs-csi-driver
|
- aws-ebs-csi-driver
|
||||||
- aws-efs-csi-driver
|
- aws-efs-csi-driver
|
||||||
|
- istio 1.16
|
||||||
|
- argocd 2.5.5 + tweaks
|
||||||
|
- all things prometheus incl. automated muting of certain alarms, eg. CPUOverCommit when cluster-autoscaler is available
|
||||||
|
|
||||||
### FeatureGates
|
### FeatureGates
|
||||||
- PodAndContainerStatsFromCRI
|
- PodAndContainerStatsFromCRI
|
||||||
@ -21,22 +27,25 @@
|
|||||||
# Upgrade
|
# Upgrade
|
||||||
`(No, really, you MUST read this before you upgrade)`
|
`(No, really, you MUST read this before you upgrade)`
|
||||||
|
|
||||||
- Ensure your Kube context points to the correct cluster !
|
Ensure your Kube context points to the correct cluster !
|
||||||
|
|
||||||
1. Review CFN config for controller and workers ( enable containerProxy, remove legacy version settings etc )
|
1. Review CFN config for controller and workers, no mandatory changes during this release though
|
||||||
|
|
||||||
2. Upgrade CFN stacks for the control plane and all worker groups
|
2. Upgrade CFN stacks for the control plane *ONLY* !
|
||||||
|
Updating the workers CFN stacks would trigger rolling updates right away !
|
||||||
|
|
||||||
3. Trigger fully-automated cluster upgrade:
|
3. Trigger cluster upgrade:
|
||||||
`./admin/upgrade_cluster.sh <path to the argocd app kubezero yaml for THIS cluster>`
|
`./admin/upgrade_cluster.sh <path to the argocd app kubezero yaml for THIS cluster>`
|
||||||
|
|
||||||
4. Reboot controller(s) one by one
|
4. Reboot controller(s) one by one
|
||||||
Wait each time for controller to join and all pods running.
|
Wait each time for controller to join and all pods running.
|
||||||
Might take a while ...
|
Might take a while ...
|
||||||
|
|
||||||
5. Launch new set of workers eg. by doubling `desired` for each worker ASG
|
5. Upgrade CFN stacks for the workers.
|
||||||
once new workers are ready, cordon and drain all old workers
|
This in turn will trigger automated worker updates by evicting pods and launching new workers in a rolling fashion.
|
||||||
The cluster-autoscaler will remove the old workers automatically after about 10min !
|
Grab a coffee and keep an eye on the cluster to be safe ...
|
||||||
|
|
||||||
6. If all looks good, commit the ArgoApp resouce for Kubezero, before re-enabling ArgoCD itself.
|
6. If all looks good, commit the ArgoApp resouce for Kubezero, before re-enabling ArgoCD itself.
|
||||||
git add / commit / push `<cluster/env/kubezero/application.yaml>`
|
git add / commit / push `<cluster/env/kubezero/application.yaml>`
|
||||||
|
|
||||||
|
7. Head over to ArgoCD and sync all KubeZero modules incl. `pruning` enabled to remove eg. Calico
|
||||||
|
Loading…
Reference in New Issue
Block a user