diff --git a/charts/kubezero-metrics/Chart.yaml b/charts/kubezero-metrics/Chart.yaml index d1203073..89174c55 100644 --- a/charts/kubezero-metrics/Chart.yaml +++ b/charts/kubezero-metrics/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-metrics description: KubeZero Umbrella Chart for prometheus-operator type: application -version: 0.3.0 +version: 0.3.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,7 +16,7 @@ dependencies: version: ">= 0.1.3" repository: https://zero-down-time.github.io/kubezero/ - name: kube-prometheus-stack - version: 12.2.4 + version: 12.3.0 repository: https://prometheus-community.github.io/helm-charts - name: prometheus-adapter version: 2.7.1 diff --git a/charts/kubezero-metrics/templates/istio-authorization-policy.yaml b/charts/kubezero-metrics/templates/istio-authorization-policy.yaml index e049957b..3c904c25 100644 --- a/charts/kubezero-metrics/templates/istio-authorization-policy.yaml +++ b/charts/kubezero-metrics/templates/istio-authorization-policy.yaml @@ -1,12 +1,13 @@ -{{- if .Values.grafana.istio.enabled }} -{{- if .Values.grafana.istio.ipBlocks }} +{{- range $name, $service := .Values.istio }} + +{{- if and $service.enabled $service.ipBlocks }} apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: - name: grafana-deny-not-in-ipblocks + name: {{ $name }}-deny-not-in-ipblocks namespace: istio-system labels: -{{ include "kubezero-lib.labels" . | indent 4 }} +{{ include "kubezero-lib.labels" $ | indent 4 }} spec: selector: matchLabels: @@ -16,38 +17,10 @@ spec: - from: - source: notIpBlocks: - {{- with .Values.grafana.istio.ipBlocks }} - {{- . | toYaml | nindent 8 }} - {{- end }} + {{- toYaml $service.ipBlocks | nindent 8 }} to: - operation: - hosts: ["{{ .Values.grafana.istio.url }}"] -{{- end }} -{{- end }} -{{- if .Values.prometheus.istio.enabled }} -{{- if .Values.prometheus.istio.ipBlocks }} + hosts: ["{{ $service.url }}"] --- -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: prometheus-deny-not-in-ipblocks - namespace: istio-system - labels: -{{ include "kubezero-lib.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app: istio-ingressgateway - action: DENY - rules: - - from: - - source: - notIpBlocks: - {{- with .Values.prometheus.istio.ipBlocks }} - {{- . | toYaml | nindent 8 }} - {{- end }} - to: - - operation: - hosts: ["{{ .Values.prometheus.istio.url }}"] {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/templates/istio-service.yaml b/charts/kubezero-metrics/templates/istio-service.yaml index 09c75fa9..1aa937d5 100644 --- a/charts/kubezero-metrics/templates/istio-service.yaml +++ b/charts/kubezero-metrics/templates/istio-service.yaml @@ -1,37 +1,23 @@ -{{- if .Values.grafana.istio.enabled }} +{{- range $name, $service := .Values.istio }} + +{{- if $service.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: grafana - namespace: {{ .Release.Namespace }} + name: {{ $name }} + namespace: {{ $.Release.Namespace }} labels: -{{ include "kubezero-lib.labels" . | indent 4 }} +{{ include "kubezero-lib.labels" $ | indent 4 }} spec: hosts: - - {{ .Values.grafana.istio.url }} + - {{ index $service.url }} gateways: - - {{ .Values.grafana.istio.gateway }} + - {{ index $service.gateway }} http: - route: - destination: - host: metrics-grafana -{{- end }} -{{- if .Values.prometheus.istio.enabled }} + host: metrics-{{- $name }} --- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: prometheus - namespace: {{ .Release.Namespace }} - labels: -{{ include "kubezero-lib.labels" . | indent 4 }} -spec: - hosts: - - {{ .Values.prometheus.istio.url }} - gateways: - - {{ .Values.prometheus.istio.gateway }} - http: - - route: - - destination: - host: metrics-kube-prometheus-st-prometheus +{{- end }} + {{- end }} diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml index a7e1a378..320462da 100644 --- a/charts/kubezero-metrics/values.yaml +++ b/charts/kubezero-metrics/values.yaml @@ -1,16 +1,3 @@ -grafana: - istio: - enabled: false - ipBlocks: [] - url: "" - gateway: istio-ingress/ingressgateway - -prometheus: - istio: - enabled: false - url: "" - gateway: istio-ingress/ingressgateway - kube-prometheus-stack: defaultRules: create: true @@ -144,6 +131,8 @@ kube-prometheus-stack: # Todo alertmanager: enabled: false + alertmanagerSpec: + logFormat: json # Metrics adapter prometheus-adapter: @@ -185,3 +174,22 @@ prometheus-adapter: resource: pod containerLabel: container window: 3m + +istio: + grafana: + enabled: false + ipBlocks: [] + url: "" + gateway: istio-ingress/ingressgateway + + prometheus: + enabled: false + ipBlocks: [] + url: "" + gateway: istio-ingress/ingressgateway + + alertmanager: + enabled: false + ipBlocks: [] + url: "" + gateway: istio-ingress/ingressgateway diff --git a/charts/kubezero/templates/metrics.yaml b/charts/kubezero/templates/metrics.yaml index 3d7309ad..6c09bf75 100644 --- a/charts/kubezero/templates/metrics.yaml +++ b/charts/kubezero/templates/metrics.yaml @@ -1,18 +1,8 @@ {{- define "metrics-values" }} -{{- if .Values.metrics.istio.grafana.enabled }} -grafana: - istio: - {{- with .Values.metrics.istio.grafana }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.metrics.istio.prometheus.enabled }} -prometheus: - istio: - {{- with .Values.metrics.istio.prometheus }} - {{- toYaml . | nindent 4 }} - {{- end }} +{{- with .Values.metrics.istio }} +istio: + {{- toYaml . | nindent 2 }} {{- end }} {{- if index .Values "metrics" "kube-prometheus-stack" }} kube-prometheus-stack: diff --git a/docs/Upgrade.md b/docs/Upgrade.md index dd07b14b..7f0f6450 100644 --- a/docs/Upgrade.md +++ b/docs/Upgrade.md @@ -57,6 +57,9 @@ Ingress service interruption ends. # Changelog +## Kubernetes 1.18 +https://sysdig.com/blog/whats-new-kubernetes-1-18/ + ## High level / Admin changes - ArgoCD is now optional and NOT required nor used during initial cluster bootstrap - the bootstrap process now uses the same config and templates as the optional ArgoCD applications later on