From 1429694e43ec262be273c714e0086a2365bcda78 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Mon, 5 Oct 2020 03:50:23 -0700 Subject: [PATCH] Updated helm-docs, fluentd SSL handled by Istio, ES&Istio tuning --- charts/kubezero-argo-cd/Chart.yaml | 1 - charts/kubezero-argo-cd/README.md | 24 +++++++---- charts/kubezero-argo-cd/README.md.gotmpl | 10 ++++- charts/kubezero-aws-ebs-csi-driver/README.md | 27 ++++++++---- .../README.md.gotmpl | 10 ++++- charts/kubezero-aws-efs-csi-driver/README.md | 25 ++++++++--- .../README.md.gotmpl | 10 ++++- charts/kubezero-calico/README.md | 28 ++++++++----- charts/kubezero-calico/README.md.gotmpl | 10 ++++- charts/kubezero-cert-manager/README.md | 20 ++++++--- charts/kubezero-cert-manager/README.md.gotmpl | 10 ++++- charts/kubezero-istio/README.md | 21 ++++++---- charts/kubezero-istio/README.md.gotmpl | 9 +++- .../templates/ingress-gateway.yaml | 7 +++- .../templates/istio-private-ingress.yaml | 2 +- charts/kubezero-istio/templates/istio.yaml | 2 +- charts/kubezero-kiam/README.md | 35 ++++++++++------ charts/kubezero-kiam/README.md.gotmpl | 10 ++++- .../README.md | 28 ++++++++++--- .../README.md.gotmpl | 12 +++++- charts/kubezero-logging/README.md | 42 ++++++++++--------- charts/kubezero-logging/README.md.gotmpl | 10 ++++- .../templates/eck/elasticsearch.yaml | 2 + .../fluentd/fluentd-certificate.yaml | 16 ------- charts/kubezero-logging/values.yaml | 19 +-------- charts/kubezero-metrics/README.md | 21 ++++++---- charts/kubezero-metrics/README.md.gotmpl | 11 +++-- charts/kubezero/README.md | 23 +++++++--- 28 files changed, 291 insertions(+), 154 deletions(-) delete mode 100644 charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml diff --git a/charts/kubezero-argo-cd/Chart.yaml b/charts/kubezero-argo-cd/Chart.yaml index b6109d4..52dfb8b 100644 --- a/charts/kubezero-argo-cd/Chart.yaml +++ b/charts/kubezero-argo-cd/Chart.yaml @@ -10,7 +10,6 @@ keywords: - gitops maintainers: - name: Quarky9 -dependencies: dependencies: - name: kubezero-lib version: ">= 0.1.3" diff --git a/charts/kubezero-argo-cd/README.md b/charts/kubezero-argo-cd/README.md index d0df168..eb0cea4 100644 --- a/charts/kubezero-argo-cd/README.md +++ b/charts/kubezero-argo-cd/README.md @@ -1,25 +1,33 @@ -kubezero-argo-cd -================ +# kubezero-argo-cd + +![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square) + KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application -Current chart version is `0.5.3` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| | https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | argo-cd.controller.args.appResyncPeriod | string | `"300"` | | -| argo-cd.controller.args.operationProcessors | string | `"1"` | | -| argo-cd.controller.args.statusProcessors | string | `"2"` | | +| argo-cd.controller.args.operationProcessors | string | `"2"` | | +| argo-cd.controller.args.statusProcessors | string | `"4"` | | | argo-cd.controller.metrics.enabled | bool | `false` | | | argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | | | argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | | diff --git a/charts/kubezero-argo-cd/README.md.gotmpl b/charts/kubezero-argo-cd/README.md.gotmpl index d0cf107..63b0250 100644 --- a/charts/kubezero-argo-cd/README.md.gotmpl +++ b/charts/kubezero-argo-cd/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-aws-ebs-csi-driver/README.md b/charts/kubezero-aws-ebs-csi-driver/README.md index 7dac424..aba728a 100644 --- a/charts/kubezero-aws-ebs-csi-driver/README.md +++ b/charts/kubezero-aws-ebs-csi-driver/README.md @@ -1,12 +1,25 @@ -kubezero-aws-ebs-csi-driver -=========================== +# kubezero-aws-ebs-csi-driver + +![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) + KubeZero Umbrella Chart for aws-ebs-csi-driver -Current chart version is `0.3.1` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -23,7 +36,7 @@ podAnnotations: By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS. This class is by default also set as default storage class. -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -34,7 +47,7 @@ This class is by default also set as default storage class. | aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` | | | aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume | | aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | -| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: to assume | +| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: to assume | | aws-ebs-csi-driver.replicaCount | int | `1` | | | aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` | | | aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | diff --git a/charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl b/charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl index 99719db..84bc6f1 100644 --- a/charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl +++ b/charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-aws-efs-csi-driver/README.md b/charts/kubezero-aws-efs-csi-driver/README.md index c506516..ebe4307 100644 --- a/charts/kubezero-aws-efs-csi-driver/README.md +++ b/charts/kubezero-aws-efs-csi-driver/README.md @@ -1,12 +1,25 @@ -kubezero-aws-efs-csi-driver -=========================== +# kubezero-aws-efs-csi-driver + +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + KubeZero Umbrella Chart for aws-efs-csi-driver -Current chart version is `0.1.1` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| @@ -16,7 +29,7 @@ Source code can be found [here](https://kubezero.com) Optionally creates the *efs-cs* storage class. Could also be made the default storage class if requested. -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| diff --git a/charts/kubezero-aws-efs-csi-driver/README.md.gotmpl b/charts/kubezero-aws-efs-csi-driver/README.md.gotmpl index 59d9809..72c8589 100644 --- a/charts/kubezero-aws-efs-csi-driver/README.md.gotmpl +++ b/charts/kubezero-aws-efs-csi-driver/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-calico/README.md b/charts/kubezero-calico/README.md index 4d63fa1..8b947f8 100644 --- a/charts/kubezero-calico/README.md +++ b/charts/kubezero-calico/README.md @@ -1,12 +1,20 @@ -kubezero-calico -=============== +# kubezero-calico + +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.1](https://img.shields.io/badge/AppVersion-v3.16.1-informational?style=flat-square) + KubeZero Umbrella Chart for Calico -Current chart version is `0.2.0` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -15,15 +23,15 @@ Source code can be found [here](https://kubezero.com) ## KubeZero default configuration ## AWS -The setup is based on the upstream calico-vxlan config from +The setup is based on the upstream calico-vxlan config from `https://docs.projectcalico.org/v3.15/manifests/calico-vxlan.yaml` ### Changes -- VxLAN set to Always to not expose cluster communication to VPC +- VxLAN set to Always to not expose cluster communication to VPC - -> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic - -> No need to disable source/destination check on EC2 instances + -> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic + -> No need to disable source/destination check on EC2 instances -> Prepared for optional WireGuard encryption for all inter node traffic - MTU set to 8941 @@ -34,7 +42,7 @@ The setup is based on the upstream calico-vxlan config from - Set FELIX log level to warning -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| diff --git a/charts/kubezero-calico/README.md.gotmpl b/charts/kubezero-calico/README.md.gotmpl index 74da83d..0aa472c 100644 --- a/charts/kubezero-calico/README.md.gotmpl +++ b/charts/kubezero-calico/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index b80cfcb..3023828 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,12 +1,20 @@ -kubezero-cert-manager -===================== +# kubezero-cert-manager + +![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + KubeZero Umbrella Chart for cert-manager -Current chart version is `0.3.6` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -23,7 +31,7 @@ cert-manager.podAnnotations: ## Resolver Secrets If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers. -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| diff --git a/charts/kubezero-cert-manager/README.md.gotmpl b/charts/kubezero-cert-manager/README.md.gotmpl index 229df43..2a2c695 100644 --- a/charts/kubezero-cert-manager/README.md.gotmpl +++ b/charts/kubezero-cert-manager/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index cf39c80..bdde239 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -1,15 +1,22 @@ -kubezero-istio -============== +# kubezero-istio + +![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square) + KubeZero Umbrella Chart for Istio Installs Istio Operator and KubeZero Istio profile +**Homepage:** -Current chart version is `0.3.3` +## Maintainers -Source code can be found [here](https://kubezero.com) +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | -## Chart Requirements +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -19,7 +26,7 @@ Source code can be found [here](https://kubezero.com) ## KubeZero default configuration - mapped istio-operator to run on the controller nodes only -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -30,7 +37,7 @@ Source code can be found [here](https://kubezero.com) | ingress.replicaCount | int | `2` | | | ingress.type | string | `"NodePort"` | | | istio-operator.hub | string | `"docker.io/istio"` | | -| istio-operator.tag | string | `"1.7.1"` | | +| istio-operator.tag | string | `"1.7.3"` | | | istiod.autoscaleEnabled | bool | `false` | | | istiod.replicaCount | int | `1` | | diff --git a/charts/kubezero-istio/README.md.gotmpl b/charts/kubezero-istio/README.md.gotmpl index 2a38ba6..d7f368f 100644 --- a/charts/kubezero-istio/README.md.gotmpl +++ b/charts/kubezero-istio/README.md.gotmpl @@ -1,12 +1,17 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} Installs Istio Operator and KubeZero Istio profile +{{ template "chart.homepageLine" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.maintainersSection" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-istio/templates/ingress-gateway.yaml b/charts/kubezero-istio/templates/ingress-gateway.yaml index 9fcfb33..66f447c 100644 --- a/charts/kubezero-istio/templates/ingress-gateway.yaml +++ b/charts/kubezero-istio/templates/ingress-gateway.yaml @@ -76,7 +76,12 @@ spec: - port: number: 24224 name: fluentd-forward - protocol: TCP + protocol: TLS hosts: {{- toYaml .Values.ingress.dnsNames | nindent 4 }} + tls: + mode: SIMPLE + privateKey: /etc/istio/ingressgateway-certs/tls.key + serverCertificate: /etc/istio/ingressgateway-certs/tls.crt + credentialName: public-ingress-cert {{- end }} diff --git a/charts/kubezero-istio/templates/istio-private-ingress.yaml b/charts/kubezero-istio/templates/istio-private-ingress.yaml index 5ecb118..6820900 100644 --- a/charts/kubezero-istio/templates/istio-private-ingress.yaml +++ b/charts/kubezero-istio/templates/istio-private-ingress.yaml @@ -46,7 +46,7 @@ spec: resources: limits: # cpu: 2000m - memory: 1024Mi + memory: 256Mi requests: cpu: 100m memory: 64Mi diff --git a/charts/kubezero-istio/templates/istio.yaml b/charts/kubezero-istio/templates/istio.yaml index df7af7e..c01c9e5 100644 --- a/charts/kubezero-istio/templates/istio.yaml +++ b/charts/kubezero-istio/templates/istio.yaml @@ -43,7 +43,7 @@ spec: resources: limits: #cpu: 2000m - memory: 1024Mi + memory: 256Mi requests: cpu: 100m memory: 64Mi diff --git a/charts/kubezero-kiam/README.md b/charts/kubezero-kiam/README.md index efc81e3..8366b57 100644 --- a/charts/kubezero-kiam/README.md +++ b/charts/kubezero-kiam/README.md @@ -1,12 +1,20 @@ -kubezero-kiam -============= +# kubezero-kiam + +![Version: 0.2.11](https://img.shields.io/badge/Version-0.2.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.6](https://img.shields.io/badge/AppVersion-3.6-informational?style=flat-square) + KubeZero Umbrella Chart for Kiam -Current chart version is `0.2.10` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -20,21 +28,22 @@ Therefore we also change the default port from 443 to 6444 to not collide with t Make sure any firewall rules between controllers and workers are adjusted accordingly. ## Kiam Certificates -The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform. -[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager) +The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform. +[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager) [KubeZero cert-manager](../kubezero-cert-manager/README.md) ## Metadata restrictions -Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller. -By default all access to the meta-data service is blocked, expect for: +Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller. +By default all access to the meta-data service is blocked, expect for: - `/latest/meta-data/instance-id` - `/latest/dynamic/instance-identity/document` -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| annotateKubeSystemNameSpace | bool | `false` | | | kiam.agent.gatewayTimeoutCreation | string | `"5s"` | | | kiam.agent.host.interface | string | `"cali+"` | | | kiam.agent.host.iptables | bool | `false` | | @@ -57,7 +66,7 @@ By default all access to the meta-data service is blocked, expect for: | kiam.agent.updateStrategy | string | `"RollingUpdate"` | | | kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | | | kiam.enabled | bool | `true` | | -| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role | +| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role | | kiam.server.deployment.enabled | bool | `true` | | | kiam.server.deployment.replicas | int | `1` | | | kiam.server.image.tag | string | `"v3.6"` | | @@ -83,8 +92,8 @@ By default all access to the meta-data service is blocked, expect for: | kiam.server.useHostNetwork | bool | `true` | | ## Debugging -- Verify iptables rules on hosts to be set by the kiam agent: - `iptables -L -t nat -n --line-numbers` +- Verify iptables rules on hosts to be set by the kiam agent: + `iptables -L -t nat -n --line-numbers` `iptables -t nat -D PREROUTING ` ## Resources diff --git a/charts/kubezero-kiam/README.md.gotmpl b/charts/kubezero-kiam/README.md.gotmpl index 175c341..75423d4 100644 --- a/charts/kubezero-kiam/README.md.gotmpl +++ b/charts/kubezero-kiam/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-local-volume-provisioner/README.md b/charts/kubezero-local-volume-provisioner/README.md index 836ff85..a09236e 100644 --- a/charts/kubezero-local-volume-provisioner/README.md +++ b/charts/kubezero-local-volume-provisioner/README.md @@ -1,19 +1,37 @@ -kubezero-local-volume-provisioner -================================= +# kubezero-local-volume-provisioner + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square) + KubeZero Umbrella Chart for local-static-provisioner Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. -Current chart version is `0.1.0` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | | +| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | | +| local-static-provisioner.common.namespace | string | `"kube-system"` | | +| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` | | +| local-static-provisioner.prometheus.operator.enabled | bool | `false` | | + ## KubeZero default configuration - add nodeSelector to only install on nodes actually having ephemeral local storage diff --git a/charts/kubezero-local-volume-provisioner/README.md.gotmpl b/charts/kubezero-local-volume-provisioner/README.md.gotmpl index af42ff8..7eecd10 100644 --- a/charts/kubezero-local-volume-provisioner/README.md.gotmpl +++ b/charts/kubezero-local-volume-provisioner/README.md.gotmpl @@ -1,14 +1,22 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} +{{ template "chart.valuesSection" . }} + ## KubeZero default configuration - add nodeSelector to only install on nodes actually having ephemeral local storage diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md index 89954b1..360f009 100644 --- a/charts/kubezero-logging/README.md +++ b/charts/kubezero-logging/README.md @@ -1,12 +1,20 @@ -kubezero-logging -================ +# kubezero-logging + +![Version: 0.3.9](https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square) + KubeZero Umbrella Chart for complete EFK stack -Current chart version is `0.3.6` +**Homepage:** -Source code can be found [here](https://kubezero.com) +## Maintainers -## Chart Requirements +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -31,9 +39,8 @@ Source code can be found [here](https://kubezero.com) ### Kibana - increased timeout to ES to 3 minutes - -### FluentD +### FluentD ### Fluent-bit - support for dedot Lua filter to replace "." with "_" for all annotations and labels @@ -45,8 +52,7 @@ Source code can be found [here](https://kubezero.com) - setup Kibana - create `logstash-*` Index Pattern - -## Chart Values +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -56,9 +62,9 @@ Source code can be found [here](https://kubezero.com) | es.s3Snapshot.enabled | bool | `false` | | | es.s3Snapshot.iamrole | string | `""` | | | fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | | -| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | | +| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 16MB\n Skip_Long_Lines On\n Refresh_Interval 10\n Exclude_Path *.gz,*.zip\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 8MB\n Skip_Long_Lines On\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | | | fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | | -| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | | +| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n"` | | | fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | | | fluent-bit.enabled | bool | `false` | | | fluent-bit.serviceMonitor.enabled | bool | `true` | | @@ -67,9 +73,10 @@ Source code can be found [here](https://kubezero.com) | fluent-bit.test.enabled | bool | `false` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | | fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | -| fluentd.configMaps."filter.conf" | string | `"\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n \n @type json\n \n\n"` | | -| fluentd.configMaps."forward-input.conf" | string | `"\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n \n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n \n \n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n \n\n"` | | -| fluentd.configMaps."output.conf" | string | `"\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n \n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n \n\n"` | | +| fluentd.configMaps."filter.conf" | string | `"\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n # inject_key_prefix message_json.\n emit_invalid_record_to_error false\n \n @type json\n \n\n"` | | +| fluentd.configMaps."forward-input.conf" | string | `"\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n send_keepalive_packet true\n \n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n \n\n"` | | +| fluentd.configMaps."general.conf" | string | `"\n\n @type http\n port 9880\n bind 0.0.0.0\n keepalive_timeout 30\n\n\n @type monitor_agent\n bind 0.0.0.0\n port 24220\n tag fluentd.monitor.metrics\n\n"` | | +| fluentd.configMaps."output.conf" | string | `"\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n \n @type file_single\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n overflow_action drop_oldest_chunk\n \n\n"` | | | fluentd.enabled | bool | `false` | | | fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` | | | fluentd.env.OUTPUT_USER | string | `"elastic"` | | @@ -79,13 +86,8 @@ Source code can be found [here](https://kubezero.com) | fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` | | | fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` | | | fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` | | -| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` | | -| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` | | -| fluentd.extraVolumeMounts[0].readOnly | bool | `true` | | -| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | | -| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | | | fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | | -| fluentd.image.tag | string | `"v3.0.4"` | | +| fluentd.image.tag | string | `"v2.9.0"` | | | fluentd.istio.enabled | bool | `false` | | | fluentd.metrics.enabled | bool | `false` | | | fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | | diff --git a/charts/kubezero-logging/README.md.gotmpl b/charts/kubezero-logging/README.md.gotmpl index e1d1e66..d8cb5c1 100644 --- a/charts/kubezero-logging/README.md.gotmpl +++ b/charts/kubezero-logging/README.md.gotmpl @@ -1,9 +1,15 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + {{ template "chart.description" . }} -{{ template "chart.versionLine" . }} +{{ template "chart.homepageLine" . }} -{{ template "chart.sourceLinkLine" . }} +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} diff --git a/charts/kubezero-logging/templates/eck/elasticsearch.yaml b/charts/kubezero-logging/templates/eck/elasticsearch.yaml index 1a0d431..eeb30a2 100644 --- a/charts/kubezero-logging/templates/eck/elasticsearch.yaml +++ b/charts/kubezero-logging/templates/eck/elasticsearch.yaml @@ -23,6 +23,8 @@ spec: node.attr.zone: {{ .zone }} cluster.routing.allocation.awareness.attributes: zone {{- end }} + transport.compress: true + node.processors: {{- default 1 .processors }} podTemplate: {{- if $.Values.es.s3Snapshot.iamrole }} metadata: diff --git a/charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml b/charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml deleted file mode 100644 index 15d2517..0000000 --- a/charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.fluentd.enabled }} -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: fluentd-ingress-cert - namespace: {{ .Release.Namespace }} - labels: -{{ include "kubezero-lib.labels" . | indent 4 }} -spec: - secretName: fluentd-certificate - issuerRef: - name: letsencrypt-dns-prod - kind: ClusterIssuer - dnsNames: - - "{{ .Values.fluentd.url }}" -{{- end }} diff --git a/charts/kubezero-logging/values.yaml b/charts/kubezero-logging/values.yaml index d6d6b7c..c08996e 100644 --- a/charts/kubezero-logging/values.yaml +++ b/charts/kubezero-logging/values.yaml @@ -92,15 +92,6 @@ fluentd: name: logging-fluentd-secret key: shared_key - extraVolumes: - - name: fluentd-certs - secret: - secretName: fluentd-certificate - extraVolumeMounts: - - name: fluentd-certs - mountPath: /mnt/fluentd-certs - readOnly: true - configMaps: general.conf: |