diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index eee7285..04785f7 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -6,7 +6,7 @@ cgroupDriver: cgroupfs logging: format: json hairpinMode: hairpin-veth -ContainerRuntimeEndpoint: "unix:///var/run/crio/crio.sock" +containerRuntimeEndpoint: "unix:///var/run/crio/crio.sock" {{- if .Values.systemd }} resolvConf: /run/systemd/resolve/resolv.conf {{- end }} diff --git a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml index 8862430..9a32905 100644 --- a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml +++ b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml @@ -24,7 +24,7 @@ spec: volumeMounts: - name: host mountPath: /host - readOnly: true + #readOnly: true - name: workdir mountPath: /tmp env: diff --git a/charts/kubezero-telemetry/README.md b/charts/kubezero-telemetry/README.md new file mode 100644 index 0000000..b13f42a --- /dev/null +++ b/charts/kubezero-telemetry/README.md @@ -0,0 +1,61 @@ +# kubezero-telemetry + +![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Stefan Reimer | | | + +## Requirements + +Kubernetes: `>= 1.26.0` + +| Repository | Name | Version | +|------------|------|---------| +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | +| https://jaegertracing.github.io/helm-charts | jaeger | 2.1.0 | +| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.87.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| jaeger.agent.enabled | bool | `false` | | +| jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | | +| jaeger.collector.service.otlp.grpc.port | int | `4317` | | +| jaeger.collector.service.otlp.http.name | string | `"otlp-http"` | | +| jaeger.collector.service.otlp.http.port | int | `4318` | | +| jaeger.collector.serviceMonitor.enabled | bool | `false` | | +| jaeger.enabled | bool | `false` | | +| jaeger.istio.enabled | bool | `false` | | +| jaeger.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | +| jaeger.istio.url | string | `"jaeger.example.com"` | | +| jaeger.provisionDataStore.cassandra | bool | `false` | | +| jaeger.provisionDataStore.elasticsearch | bool | `false` | | +| jaeger.query.agentSidecar.enabled | bool | `false` | | +| jaeger.query.serviceMonitor.enabled | bool | `false` | | +| jaeger.storage.elasticsearch.cmdlineParams."es.tls.enabled" | string | `""` | | +| jaeger.storage.elasticsearch.cmdlineParams."es.tls.skip-host-verify" | string | `""` | | +| jaeger.storage.elasticsearch.host | string | `"telemetry"` | | +| jaeger.storage.elasticsearch.password | string | `"admin"` | | +| jaeger.storage.elasticsearch.scheme | string | `"https"` | | +| jaeger.storage.elasticsearch.user | string | `"admin"` | | +| jaeger.storage.type | string | `"elasticsearch"` | | +| opensearch.dashboard.enabled | bool | `false` | | +| opensearch.dashboard.istio.enabled | bool | `false` | | +| opensearch.dashboard.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | +| opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` | | +| opensearch.nodeSets | list | `[]` | | +| opensearch.prometheus | bool | `false` | | +| opensearch.version | string | `"2.13.0"` | | +| opentelemetry-collector.enabled | bool | `false` | | +| opentelemetry-collector.mode | string | `"deployment"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml index 6774a93..a8411d4 100644 --- a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml +++ b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml @@ -17,6 +17,14 @@ spec: enable: {{ .Values.opensearch.prometheus }} tlsConfig: insecureSkipVerify: true + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + privileged: false {{- if .Values.opensearch.dashboard.enabled }} # https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml dashboards: @@ -56,15 +64,18 @@ spec: opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }} additionalConfig: index.codec: zstd_no_dict - indices.time_series_index.default_index_merge_policy: log_byte_size + indices.time_series_index.default_index_merge_policy: log_byte_size {{- with .zone }} cluster.routing.allocation.awareness.attributes: k8s_node_name,zone node.attr.zone: {{ . }} {{- end }} + {{- with $.Values.opensearch.settings }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} security: config: - adminSecret: + adminSecret: name: {{ template "kubezero-lib.fullname" . }}-admin-tls tls: transport: diff --git a/charts/kubezero-telemetry/update.sh b/charts/kubezero-telemetry/update.sh index f2f1aa1..f015a76 100755 --- a/charts/kubezero-telemetry/update.sh +++ b/charts/kubezero-telemetry/update.sh @@ -7,3 +7,5 @@ set -ex #login_ecr_public update_helm + +update_docs diff --git a/charts/kubezero-telemetry/values-nodes.yaml b/charts/kubezero-telemetry/values-nodes.yaml index 60c6e19..1849f91 100644 --- a/charts/kubezero-telemetry/values-nodes.yaml +++ b/charts/kubezero-telemetry/values-nodes.yaml @@ -52,6 +52,10 @@ opensearch: version: 2.11.1 prometheus: false + # custom cluster settings + #settings: + # index.number_of_shards: 1 + nodeSets: - name: default replicas: 2 diff --git a/charts/kubezero-telemetry/values.yaml b/charts/kubezero-telemetry/values.yaml index b3ba859..e0c84c2 100644 --- a/charts/kubezero-telemetry/values.yaml +++ b/charts/kubezero-telemetry/values.yaml @@ -49,9 +49,13 @@ jaeger: url: jaeger.example.com opensearch: - version: 2.12.0 + version: 2.13.0 prometheus: false + # custom cluster settings + #settings: + # index.number_of_shards: 1 + nodeSets: [] #- name: default-nodes # replicas: 2 diff --git a/charts/kubezero/templates/telemetry.yaml b/charts/kubezero/templates/telemetry.yaml index 8d75171..602cea4 100644 --- a/charts/kubezero/templates/telemetry.yaml +++ b/charts/kubezero/templates/telemetry.yaml @@ -30,6 +30,11 @@ opensearch: {{- end }} {{- end }} + {{- with .Values.telemetry.opensearch.settings }} + settings: + {{- toYaml . | nindent 4 }} + {{- end }} + prometheus: {{ .Values.metrics.enabled }} {{- end }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index baf2936..121b733 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -85,7 +85,7 @@ falco: telemetry: enabled: false namespace: telemetry - targetRevision: 0.2.1 + targetRevision: 0.2.2 operators: enabled: false diff --git a/docs/v1.28.md b/docs/v1.28.md index bc9ccb6..b1a3875 100644 --- a/docs/v1.28.md +++ b/docs/v1.28.md @@ -4,7 +4,7 @@ - all KubeZero and support AMIs based on Alpine 3.19.1 - further reduced boot time, eg. less than 30s for a bastion on EC2 - sub-second timestamps for all system logs -- enabled TransparentHugePages incl. save settings for Golang +- enabled TransparentHugePages on host kernel ## Version upgrades - cilium 1.15.3