Compare commits
1 Commits
0c811fb09f
...
d795846cdb
| Author | SHA1 | Date | |
|---|---|---|---|
| d795846cdb |
@ -20,28 +20,20 @@ post_control_plane_upgrade_cluster() {
|
||||
|
||||
# All things AFTER all contollers are on the new version
|
||||
pre_cluster_upgrade_final() {
|
||||
set +e
|
||||
|
||||
if [ "$PLATFORM" == "aws" ];then
|
||||
# cleanup aws-iam-authenticator
|
||||
kubectl delete clusterrolebinding aws-iam-authenticator
|
||||
kubectl delete clusterrole aws-iam-authenticator
|
||||
kubectl delete serviceaccount aws-iam-authenticator -n kube-system
|
||||
kubectl delete cm aws-iam-authenticator -n kube-system
|
||||
kubectl delete ds aws-iam-authenticator -n kube-system
|
||||
kubectl delete IAMIdentityMapping kubezero-worker-nodes
|
||||
kubectl delete IAMIdentityMapping kubernetes-admin
|
||||
kubectl delete crd iamidentitymappings.iamauthenticator.k8s.aws
|
||||
kubectl delete secret aws-iam-certs -n kube-system
|
||||
kubectl delete clusterrolebinding aws-iam-authenticator || true
|
||||
kubectl delete clusterrole aws-iam-authenticator || true
|
||||
kubectl delete serviceaccount aws-iam-authenticator -n kube-system || true
|
||||
kubectl delete cm aws-iam-authenticator -n kube-system || true
|
||||
kubectl delete ds aws-iam-authenticator -n kube-system || true
|
||||
kubectl delete IAMIdentityMapping kubezero-worker-nodes || true
|
||||
kubectl delete IAMIdentityMapping kubernetes-admin || true
|
||||
kubectl delete crd iamidentitymappings.iamauthenticator.k8s.aws || true
|
||||
|
||||
kubectl delete secret aws-iam-certs -n kube-system || true
|
||||
fi
|
||||
|
||||
# Remove any helm hook related resources
|
||||
kubectl delete rolebinding argo-argocd-redis-secret-init -n argocd
|
||||
kubectl delete sa argo-argocd-redis-secret-init -n argocd
|
||||
kubectl delete role argo-argocd-redis-secret-init -n argocd
|
||||
kubectl delete job argo-argocd-redis-secret-init -n argocd
|
||||
|
||||
set -e
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -14,6 +14,6 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
||||
3
charts/envoy-ratelimit/.gitignore
vendored
3
charts/envoy-ratelimit/.gitignore
vendored
@ -1,3 +0,0 @@
|
||||
istioctl
|
||||
istio
|
||||
istio.zdt
|
||||
@ -1,32 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
||||
README.md.gotmpl
|
||||
*.patch
|
||||
*.sh
|
||||
*.py
|
||||
|
||||
istioctl
|
||||
istio
|
||||
istio.zdt
|
||||
@ -1,19 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: envoy-ratelimit
|
||||
description: Envoy gobal ratelimiting service - part of KubeZero
|
||||
type: application
|
||||
version: 0.1.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- envoy
|
||||
- istio
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
kubeVersion: ">= 1.31.0-0"
|
||||
@ -1,37 +0,0 @@
|
||||
# envoy-ratelimit
|
||||
|
||||
 
|
||||
|
||||
Envoy gobal ratelimiting service - part of KubeZero
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.31.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| descriptors.ingress[0].key | string | `"remote_address"` | |
|
||||
| descriptors.ingress[0].rate_limit.requests_per_unit | int | `10` | |
|
||||
| descriptors.ingress[0].rate_limit.unit | string | `"second"` | |
|
||||
| descriptors.privateIngress[0].key | string | `"remote_address"` | |
|
||||
| descriptors.privateIngress[0].rate_limit.requests_per_unit | int | `10` | |
|
||||
| descriptors.privateIngress[0].rate_limit.unit | string | `"second"` | |
|
||||
| failureModeDeny | bool | `false` | |
|
||||
| localCacheSize | int | `1048576` | |
|
||||
| log.format | string | `"json"` | |
|
||||
| log.level | string | `"warn"` | |
|
||||
| metrics.enabled | bool | `true` | |
|
||||
@ -1,16 +0,0 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
@ -1,24 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ratelimit-redis
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ratelimit-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ratelimit-redis
|
||||
spec:
|
||||
containers:
|
||||
- image: redis:6-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: redis
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: 6379
|
||||
restartPolicy: Always
|
||||
serviceAccountName: ""
|
||||
@ -1,13 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ratelimit-redis
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: ratelimit-redis
|
||||
spec:
|
||||
ports:
|
||||
- name: redis
|
||||
port: 6379
|
||||
selector:
|
||||
app: ratelimit-redis
|
||||
@ -1,27 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ratelimit
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: ratelimit
|
||||
spec:
|
||||
ports:
|
||||
#- name: http-port
|
||||
# port: 8080
|
||||
# targetPort: 8080
|
||||
# protocol: TCP
|
||||
- name: grpc-port
|
||||
port: 8081
|
||||
targetPort: 8081
|
||||
protocol: TCP
|
||||
#- name: http-debug
|
||||
# port: 6070
|
||||
# targetPort: 6070
|
||||
# protocol: TCP
|
||||
- name: http-monitoring
|
||||
port: 9102
|
||||
targetPort: 9102
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: ratelimit
|
||||
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
#login_ecr_public
|
||||
update_helm
|
||||
|
||||
update_docs
|
||||
@ -1,26 +0,0 @@
|
||||
log:
|
||||
level: warn
|
||||
format: json
|
||||
|
||||
# 1MB local cache for already reached limits to reduce calls to Redis
|
||||
localCacheSize: 1048576
|
||||
|
||||
# Wether to block requests if ratelimiting is down
|
||||
failureModeDeny: false
|
||||
|
||||
# rate limit descriptors for each domain, examples 10 req/s per sourceIP
|
||||
descriptors:
|
||||
ingress:
|
||||
- key: remote_address
|
||||
rate_limit:
|
||||
unit: second
|
||||
requests_per_unit: 10
|
||||
|
||||
privateIngress:
|
||||
- key: remote_address
|
||||
rate_limit:
|
||||
unit: second
|
||||
requests_per_unit: 10
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
@ -14,7 +14,7 @@ KubeZero umbrella chart for various optional cluster addons
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.30.0-0`
|
||||
Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -94,8 +94,9 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| aws-node-termination-handler.managedTag | string | `"zdt:kubezero:nth:${ClusterName}"` | "zdt:kubezero:nth:${ClusterName}" |
|
||||
| aws-node-termination-handler.metadataTries | int | `0` | |
|
||||
| aws-node-termination-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| aws-node-termination-handler.podMonitor.create | bool | `false` | |
|
||||
| aws-node-termination-handler.queueURL | string | `""` | https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${ClusterName}_Nth |
|
||||
| aws-node-termination-handler.serviceMonitor.create | bool | `false` | |
|
||||
| aws-node-termination-handler.rbac.pspEnabled | bool | `false` | |
|
||||
| aws-node-termination-handler.taintNode | bool | `true` | |
|
||||
| aws-node-termination-handler.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| aws-node-termination-handler.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
@ -109,7 +110,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
||||
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
||||
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.31.1"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.30.2"` | |
|
||||
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
|
||||
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |
|
||||
@ -158,9 +159,6 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| neuron-helm-chart.enabled | bool | `false` | |
|
||||
| neuron-helm-chart.npd.enabled | bool | `false` | |
|
||||
| nvidia-device-plugin.cdi.nvidiaHookPath | string | `"/usr/bin"` | |
|
||||
| nvidia-device-plugin.config.default | string | `"default"` | |
|
||||
| nvidia-device-plugin.config.map.default | string | `"version: v1\nflags:\n migStrategy: none"` | |
|
||||
| nvidia-device-plugin.config.map.time-slice-4x | string | `"version: v1\nflags:\n migStrategy: none\nsharing:\n timeSlicing:\n resources:\n - name: nvidia.com/gpu\n replicas: 4"` | |
|
||||
| nvidia-device-plugin.deviceDiscoveryStrategy | string | `"nvml"` | |
|
||||
| nvidia-device-plugin.enabled | bool | `false` | |
|
||||
| nvidia-device-plugin.runtimeClassName | string | `"nvidia"` | |
|
||||
|
||||
@ -185,22 +185,6 @@ neuron-helm-chart:
|
||||
nvidia-device-plugin:
|
||||
enabled: false
|
||||
|
||||
config:
|
||||
default: "default"
|
||||
map:
|
||||
default: |-
|
||||
version: v1
|
||||
flags:
|
||||
migStrategy: none
|
||||
time-slice-4x: |-
|
||||
version: v1
|
||||
flags:
|
||||
migStrategy: none
|
||||
sharing:
|
||||
timeSlicing:
|
||||
resources:
|
||||
- name: nvidia.com/gpu
|
||||
replicas: 4
|
||||
cdi:
|
||||
nvidiaHookPath: /usr/bin
|
||||
deviceDiscoveryStrategy: nvml
|
||||
|
||||
@ -15,7 +15,7 @@ maintainers:
|
||||
# Url: https://github.com/argoproj/argo-helm/tree/main/charts
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: argo-events
|
||||
version: 2.4.13
|
||||
|
||||
@ -106,12 +106,10 @@ argo-cd:
|
||||
extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7UgK7Z4dDcuIW1uMOsuwhrqdkJCvYG/ZjHtLM7WaKFxVRnzNnNkQJNncWIGNDUQ1xxrbsoSNRZDtk0NlOjNtx2aApSWl4iWghkpXELvsZtOZ7I9FSC/E6ImLC3KWfK7P0mhZaF6kHPfpu8Y6pjUyLBTpV1AaVwr0I8onyqGazJOVotTFaBFEi/sT0O2FUk7agwZYfj61w3JGOy3c+fmBcK3lXf/QM90tosOpJNuJ7n5Vk5FDDLkl9rO4XR/+mXHFvITiWb8F5C50YAwjYcy36yWSSryUAAHAuqpgotwh65vSG6fZvFhmEwO2BrCkOV5+k8iRfhy/yZODJzZ5V/5cbMbdZrY6lm/p5/S1wv8BEyPekBGdseqQjEO0IQiQHcMrfgTrrQ7ndbZzVZRByZI+wbGFkBCzNSJcNsoiHjs2EblxYyuW0qUvvrBxLnySvaxyPm4BOukSAZAOEaUrajpQlnHdnY1CGcgbwxw0LNv3euKQ3tDJSUlKO0Wd8d85PRv1THW4Ui9Lhsmv+BPA2vJZDOkx/n0oyPFAB0oyd5JNM38eFxLCmPC2OE63gDP+WmzVO61YCVTnvhpQjEOLawEWVFsk0y25R5z5BboDqJaOFnZF6i517O96cn17z3Ls4hxw3+0rlKczYRoyfUHs7KQENa4mY8YlJweNTBgld//RMUQ=="
|
||||
|
||||
params:
|
||||
controller.status.processors: 8
|
||||
controller.operation.processors: 4
|
||||
controller.kubectl.parallelism.limit: 8
|
||||
controller.resource.health.persist: "false"
|
||||
controller.status.processors: "10"
|
||||
controller.operation.processors: "5"
|
||||
controller.diff.server.side: "true"
|
||||
controller.sync.timeout.seconds: 1800
|
||||
controller.sync.timeout.seconds: "1800"
|
||||
|
||||
server.insecure: true
|
||||
server.enable.gzip: true
|
||||
@ -180,9 +178,6 @@ argo-cd:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
redisSecretInit:
|
||||
enabled: false
|
||||
|
||||
# redis:
|
||||
# We might want to try to keep redis close to the controller
|
||||
# affinity:
|
||||
|
||||
@ -14,7 +14,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: keycloak
|
||||
repository: "oci://registry-1.docker.io/bitnamicharts"
|
||||
|
||||
@ -14,7 +14,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.2.1"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: redis
|
||||
version: 20.0.3
|
||||
|
||||
@ -13,7 +13,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cert-manager
|
||||
version: v1.17.1
|
||||
|
||||
@ -22,7 +22,7 @@ dependencies:
|
||||
repository: https://dl.gitea.io/charts/
|
||||
condition: gitea.enabled
|
||||
- name: jenkins
|
||||
version: 5.8.17
|
||||
version: 5.8.16
|
||||
repository: https://charts.jenkins.io
|
||||
condition: jenkins.enabled
|
||||
- name: trivy
|
||||
@ -30,7 +30,7 @@ dependencies:
|
||||
repository: https://aquasecurity.github.io/helm-charts/
|
||||
condition: trivy.enabled
|
||||
- name: renovate
|
||||
version: 39.182.3
|
||||
version: 39.181.0
|
||||
repository: https://docs.renovatebot.com/helm-charts
|
||||
condition: renovate.enabled
|
||||
kubeVersion: ">= 1.25.0"
|
||||
|
||||
@ -13,7 +13,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: falco
|
||||
version: 4.2.5
|
||||
|
||||
@ -13,7 +13,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.2.1"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: neo4j
|
||||
version: 5.26.0
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio-gateway
|
||||
description: KubeZero Umbrella Chart for Istio gateways
|
||||
type: application
|
||||
version: 0.24.3
|
||||
version: 0.24.2
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -14,9 +14,9 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: gateway
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-istio-gateway
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Istio gateways
|
||||
|
||||
@ -20,8 +20,8 @@ Kubernetes: `>= 1.30.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.3 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.2 |
|
||||
|
||||
## Values
|
||||
|
||||
@ -32,8 +32,8 @@ Kubernetes: `>= 1.30.0-0`
|
||||
| gateway.autoscaling.maxReplicas | int | `4` | |
|
||||
| gateway.autoscaling.minReplicas | int | `1` | |
|
||||
| gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
|
||||
| gateway.minReadySeconds | int | `10` | |
|
||||
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"90s\" }"` | |
|
||||
| gateway.minReadySeconds | int | `120` | |
|
||||
| gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | |
|
||||
| gateway.replicaCount | int | `1` | |
|
||||
| gateway.resources.limits.memory | string | `"512Mi"` | |
|
||||
| gateway.resources.requests.cpu | string | `"50m"` | |
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.24.3
|
||||
appVersion: 1.24.2
|
||||
description: Helm chart for deploying Istio gateways
|
||||
icon: https://istio.io/latest/favicons/android-192x192.png
|
||||
keywords:
|
||||
@ -9,4 +9,4 @@ name: gateway
|
||||
sources:
|
||||
- https://github.com/istio/istio
|
||||
type: application
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
|
||||
@ -77,7 +77,7 @@ spec:
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
{{- if not (eq (.Values.platform | default "") "openshift") }}
|
||||
{{- if not (eq .Values.platform "openshift") }}
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
{{- end }}
|
||||
|
||||
@ -49,7 +49,7 @@ Finally, we can set all of that under .Values so the chart behaves without aware
|
||||
{{- $a := mustMergeOverwrite $defaults $profile }}
|
||||
{{- end }}
|
||||
# Flatten globals, if defined on a per-chart basis
|
||||
{{- if true }}
|
||||
{{- if false }}
|
||||
{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }}
|
||||
{{- end }}
|
||||
{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }}
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio
|
||||
description: KubeZero Umbrella Chart for Istio
|
||||
type: application
|
||||
version: 0.24.3
|
||||
version: 0.24.2
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -13,20 +13,16 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: envoy-ratelimit
|
||||
version: 0.1.0
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
condition: envoy-ratelimit.enabled
|
||||
- name: base
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: istiod
|
||||
version: 1.24.3
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: kiali-server
|
||||
version: "2.6.0"
|
||||
version: "2.5.0"
|
||||
repository: https://kiali.org/helm-charts
|
||||
condition: kiali-server.enabled
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-istio
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero Umbrella Chart for Istio
|
||||
|
||||
@ -20,27 +20,15 @@ Kubernetes: `>= 1.30.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | envoy-ratelimit | 0.1.0 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
| https://istio-release.storage.googleapis.com/charts | base | 1.24.3 |
|
||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.3 |
|
||||
| https://kiali.org/helm-charts | kiali-server | 2.6.0 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://istio-release.storage.googleapis.com/charts | base | 1.24.2 |
|
||||
| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.2 |
|
||||
| https://kiali.org/helm-charts | kiali-server | 2.5.0 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| envoy-ratelimit.descriptors.ingress[0].key | string | `"remote_address"` | |
|
||||
| envoy-ratelimit.descriptors.ingress[0].rate_limit.requests_per_unit | int | `10` | |
|
||||
| envoy-ratelimit.descriptors.ingress[0].rate_limit.unit | string | `"second"` | |
|
||||
| envoy-ratelimit.descriptors.privateIngress[0].key | string | `"remote_address"` | |
|
||||
| envoy-ratelimit.descriptors.privateIngress[0].rate_limit.requests_per_unit | int | `10` | |
|
||||
| envoy-ratelimit.descriptors.privateIngress[0].rate_limit.unit | string | `"second"` | |
|
||||
| envoy-ratelimit.enabled | bool | `false` | |
|
||||
| envoy-ratelimit.failureModeDeny | bool | `false` | |
|
||||
| envoy-ratelimit.localCacheSize | int | `1048576` | |
|
||||
| envoy-ratelimit.log.format | string | `"json"` | |
|
||||
| envoy-ratelimit.log.level | string | `"warn"` | |
|
||||
| global.defaultPodDisruptionBudget.enabled | bool | `false` | |
|
||||
| global.logAsJson | bool | `true` | |
|
||||
| global.variant | string | `"distroless"` | |
|
||||
@ -62,6 +50,17 @@ Kubernetes: `>= 1.30.0-0`
|
||||
| kiali-server.istio.enabled | bool | `false` | |
|
||||
| kiali-server.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||
| kiali-server.server.metrics_enabled | bool | `false` | |
|
||||
| rateLimiting.descriptors.ingress[0].key | string | `"remote_address"` | |
|
||||
| rateLimiting.descriptors.ingress[0].rate_limit.requests_per_unit | int | `10` | |
|
||||
| rateLimiting.descriptors.ingress[0].rate_limit.unit | string | `"second"` | |
|
||||
| rateLimiting.descriptors.privateIngress[0].key | string | `"remote_address"` | |
|
||||
| rateLimiting.descriptors.privateIngress[0].rate_limit.requests_per_unit | int | `10` | |
|
||||
| rateLimiting.descriptors.privateIngress[0].rate_limit.unit | string | `"second"` | |
|
||||
| rateLimiting.enabled | bool | `false` | |
|
||||
| rateLimiting.failureModeDeny | bool | `false` | |
|
||||
| rateLimiting.localCacheSize | int | `1048576` | |
|
||||
| rateLimiting.log.format | string | `"json"` | |
|
||||
| rateLimiting.log.level | string | `"warn"` | |
|
||||
|
||||
## Resources
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
{{- if .Values.metrics.enabled }}
|
||||
{{- if .Values.rateLimiting.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
@ -1,3 +1,4 @@
|
||||
{{- if .Values.rateLimiting.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
@ -9,9 +10,10 @@ data:
|
||||
ingress.yaml: |
|
||||
domain: ingress
|
||||
descriptors:
|
||||
{{- toYaml .Values.descriptors.ingress | nindent 4 }}
|
||||
{{- toYaml .Values.rateLimiting.descriptors.ingress | nindent 4 }}
|
||||
|
||||
private-ingress.yaml: |
|
||||
domain: private-ingress
|
||||
descriptors:
|
||||
{{- toYaml .Values.descriptors.privateIngress | nindent 4 }}
|
||||
{{- toYaml .Values.rateLimiting.descriptors.privateIngress | nindent 4 }}
|
||||
{{- end }}
|
||||
@ -1,3 +1,4 @@
|
||||
{{- if .Values.rateLimiting.enabled }}
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: EnvoyFilter
|
||||
metadata:
|
||||
@ -26,7 +27,7 @@ spec:
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
|
||||
domain: ingress
|
||||
failure_mode_deny: {{ .Values.failureModeDeny }}
|
||||
failure_mode_deny: {{ .Values.rateLimiting.failureModeDeny }}
|
||||
timeout: 0.5s
|
||||
rate_limit_service:
|
||||
grpc_service:
|
||||
@ -84,7 +85,7 @@ spec:
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
|
||||
domain: private-ingress
|
||||
failure_mode_deny: {{ .Values.failureModeDeny }}
|
||||
failure_mode_deny: {{ .Values.rateLimiting.failureModeDeny }}
|
||||
timeout: 0.5s
|
||||
rate_limit_service:
|
||||
grpc_service:
|
||||
@ -112,3 +113,4 @@ spec:
|
||||
socket_address:
|
||||
address: ratelimit.istio-system
|
||||
port_value: 8081
|
||||
{{- end }}
|
||||
@ -1,3 +1,71 @@
|
||||
{{- if .Values.rateLimiting.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ratelimit-redis
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: ratelimit-redis
|
||||
spec:
|
||||
ports:
|
||||
- name: redis
|
||||
port: 6379
|
||||
selector:
|
||||
app: ratelimit-redis
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ratelimit-redis
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ratelimit-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ratelimit-redis
|
||||
spec:
|
||||
containers:
|
||||
- image: redis:6-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: redis
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: 6379
|
||||
restartPolicy: Always
|
||||
serviceAccountName: ""
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ratelimit
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: ratelimit
|
||||
spec:
|
||||
ports:
|
||||
#- name: http-port
|
||||
# port: 8080
|
||||
# targetPort: 8080
|
||||
# protocol: TCP
|
||||
- name: grpc-port
|
||||
port: 8081
|
||||
targetPort: 8081
|
||||
protocol: TCP
|
||||
#- name: http-debug
|
||||
# port: 6070
|
||||
# targetPort: 6070
|
||||
# protocol: TCP
|
||||
- name: http-monitoring
|
||||
port: 9102
|
||||
targetPort: 9102
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: ratelimit
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -22,9 +90,9 @@ spec:
|
||||
command: ["/bin/ratelimit"]
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: {{ default "WARN" .Values.log.level }}
|
||||
value: {{ default "WARN" .Values.rateLimiting.log.level }}
|
||||
- name: LOG_FORMAT
|
||||
value: {{ default "text" .Values.log.format }}
|
||||
value: {{ default "text" .Values.rateLimiting.log.format }}
|
||||
- name: REDIS_SOCKET_TYPE
|
||||
value: tcp
|
||||
- name: REDIS_URL
|
||||
@ -44,7 +112,7 @@ spec:
|
||||
- name: RUNTIME_IGNOREDOTFILES
|
||||
value: "true"
|
||||
- name: LOCAL_CACHE_SIZE_IN_BYTES
|
||||
value: "{{ default 0 .Values.localCacheSize | int }}"
|
||||
value: "{{ default 0 .Values.rateLimiting.localCacheSize | int }}"
|
||||
ports:
|
||||
#- containerPort: 8080
|
||||
- containerPort: 8081
|
||||
@ -83,3 +151,4 @@ spec:
|
||||
- name: statsd-exporter-config
|
||||
configMap:
|
||||
name: ratelimit-statsd-exporter-config
|
||||
{{- end }}
|
||||
@ -1,4 +1,4 @@
|
||||
{{- if and .Values.metrics.enabled }}
|
||||
{{- if and .Values.istiod.telemetry.enabled .Values.rateLimiting.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
@ -56,7 +56,7 @@ kiali-server:
|
||||
#url: "kiali.example.com"
|
||||
|
||||
|
||||
envoy-ratelimit:
|
||||
rateLimiting:
|
||||
enabled: false
|
||||
|
||||
log:
|
||||
|
||||
@ -10,4 +10,4 @@ keywords:
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
kubeVersion: ">= 1.30.0"
|
||||
|
||||
@ -17,7 +17,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: fluentd
|
||||
version: 0.5.2
|
||||
|
||||
@ -16,7 +16,7 @@ maintainers:
|
||||
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: kube-prometheus-stack
|
||||
version: 69.2.3
|
||||
|
||||
@ -14,7 +14,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: nats
|
||||
version: 1.2.2
|
||||
|
||||
@ -16,7 +16,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cilium
|
||||
version: 1.16.6
|
||||
|
||||
@ -17,7 +17,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: opensearch-operator
|
||||
version: 2.7.0
|
||||
|
||||
@ -14,7 +14,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: mariadb-galera
|
||||
version: 14.0.10
|
||||
|
||||
@ -17,7 +17,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: lvm-localpv
|
||||
version: 1.6.2
|
||||
|
||||
@ -16,7 +16,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: opentelemetry-collector
|
||||
version: 0.108.0
|
||||
|
||||
@ -13,6 +13,6 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.2.1"
|
||||
repository: https://cdn.zero-downtime.net/charts
|
||||
kubeVersion: ">= 1.31.0-0"
|
||||
|
||||
@ -64,13 +64,13 @@ storage:
|
||||
istio:
|
||||
enabled: false
|
||||
namespace: istio-system
|
||||
targetRevision: 0.24.3
|
||||
targetRevision: 0.24.2
|
||||
|
||||
istio-ingress:
|
||||
enabled: false
|
||||
chart: kubezero-istio-gateway
|
||||
namespace: istio-ingress
|
||||
targetRevision: 0.24.3
|
||||
targetRevision: 0.24.2
|
||||
gateway:
|
||||
service: {}
|
||||
|
||||
@ -78,7 +78,7 @@ istio-private-ingress:
|
||||
enabled: false
|
||||
chart: kubezero-istio-gateway
|
||||
namespace: istio-ingress
|
||||
targetRevision: 0.24.3
|
||||
targetRevision: 0.24.2
|
||||
gateway:
|
||||
service: {}
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.4"
|
||||
repository: https://cdn.zero-downtime.net/charts
|
||||
- name: manticoresearch
|
||||
version: "5.0.25"
|
||||
|
||||
@ -14,6 +14,6 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
version: ">= 0.1.5"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
kubeVersion: ">= 1.20.0"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user