Disable default syncPolicy, use values instead

charts/kubezero-argo-cd/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 name: kubezero-argo-cd
-version: 0.4.0
+version: 0.4.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-argo-cd/README.md

@@ -2,7 +2,7 @@ kubezero-argo-cd
 ================
 KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 
-Current chart version is `0.4.0`
+Current chart version is `0.4.1`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -60,3 +60,4 @@ Source code can be found [here](https://kubezero.com)
 
 ## Resources
 - https://argoproj.github.io/argo-cd/operator-manual/metrics/
+- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json

charts/kubezero-argo-cd/templates/app.yaml

@@ -14,12 +14,13 @@ spec:
 
     helm:
       values: |
-{{- toYaml .Values.kubezero | nindent 8 }}
+        {{- toYaml .Values.kubezero | nindent 8 }}
 
   destination:
     server: {{ .Values.kubezero.global.defaultDestination.server }}
     namespace: argocd
+
+  {{- if .Values.kubezero.global.syncPolicy }}
   syncPolicy:
-    automated:
-      prune: true
-      selfHeal: false
+    {{- toYaml .Values.kubezero.global.syncPolicy | nindent 4 }}
+  {{- end }}

charts/kubezero-argo-cd/values.yaml

@@ -15,6 +15,11 @@ kubezero:
       # kubezero.global.defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
       pathPrefix: ''
 
+    # syncPolicy, details see: https://argoproj.github.io/argo-cd/user-guide/auto_sync
+    #syncPolicy:
+    #  automated:
+    #    prune: true
+
 argo-cd:
   installCRDs: false
 

charts/kubezero-logging/README.md

@@ -2,7 +2,7 @@ kubezero-logging
 ================
 KubeZero Umbrella Chart for complete EFK stack
 
-Current chart version is `0.1.0`
+Current chart version is `0.2.0`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -10,6 +10,7 @@ Source code can be found [here](https://kubezero.com)
 
 | Repository | Name | Version |
 |------------|------|---------|
+| https://kubernetes-charts.storage.googleapis.com/ | fluentd | 2.5.1 |
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
 
 ## Changes from upstream
@@ -47,6 +48,38 @@ Source code can be found [here](https://kubezero.com)
 | es.prometheus | bool | `false` |  |
 | es.s3Snapshot.enabled | bool | `false` |  |
 | es.s3Snapshot.iamrole | string | `""` |  |
+| fluentd.configMaps."forward-input.conf" | string | `"<source>\n  @type forward\n  port 24224\n  bind 0.0.0.0\n  skip_invalid_event true\n  <transport tls>\n    cert_path /mnt/fluentd-certs/tls.crt\n    private_key_path /mnt/fluentd-certs/tls.key\n  </transport>\n  <security>\n    self_hostname \"#{ENV['HOSTNAME']}\"\n    shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n  </security>\n</source>\n"` |  |
+| fluentd.configMaps."output.conf" | string | `"<match **>\n  @id elasticsearch\n  @type elasticsearch\n  @log_level info\n  include_tag_key true\n  id_key id\n  remove_keys id\n\n  # This pipeline incl. eg. GeoIP\n  pipeline fluentd\n\n  host \"#{ENV['OUTPUT_HOST']}\"\n  port \"#{ENV['OUTPUT_PORT']}\"\n  scheme \"#{ENV['OUTPUT_SCHEME']}\"\n  ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n  ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n  user \"#{ENV['OUTPUT_USER']}\"\n  password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n  logstash_format true\n  reload_connections false\n  reconnect_on_error true\n  reload_on_failure true\n  request_timeout 15s\n\n  <buffer>\n    @type file\n    path /var/log/fluentd-buffers/kubernetes.system.buffer\n    flush_mode interval\n    flush_thread_count 2\n    flush_interval 5s\n    flush_at_shutdown true\n    retry_type exponential_backoff\n    retry_timeout 60m\n    retry_max_interval 30\n    chunk_limit_size \"#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}\"\n    queue_limit_length \"#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}\"\n    overflow_action drop_oldest_chunk\n  </buffer>\n</match>\n"` |  |
+| fluentd.enabled | bool | `false` |  |
+| fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` |  |
+| fluentd.env.OUTPUT_USER | string | `"elastic"` |  |
+| fluentd.extraEnvVars[0].name | string | `"OUTPUT_PASSWORD"` |  |
+| fluentd.extraEnvVars[0].valueFrom.secretKeyRef.key | string | `"elastic"` |  |
+| fluentd.extraEnvVars[0].valueFrom.secretKeyRef.name | string | `"logging-es-elastic-user"` |  |
+| fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` |  |
+| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` |  |
+| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` |  |
+| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` |  |
+| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` |  |
+| fluentd.extraVolumeMounts[0].readOnly | bool | `true` |  |
+| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` |  |
+| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` |  |
+| fluentd.istio.enabled | bool | `false` |  |
+| fluentd.metrics.enabled | bool | `false` |  |
+| fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` |  |
+| fluentd.metrics.serviceMonitor.enabled | bool | `true` |  |
+| fluentd.metrics.serviceMonitor.namespace | string | `"monitoring"` |  |
+| fluentd.output.host | string | `"logging-es-http"` |  |
+| fluentd.plugins.enabled | bool | `false` |  |
+| fluentd.plugins.pluginsList | string | `nil` |  |
+| fluentd.replicaCount | int | `2` |  |
+| fluentd.service.ports[0].containerPort | int | `24224` |  |
+| fluentd.service.ports[0].name | string | `"tcp-forward"` |  |
+| fluentd.service.ports[0].protocol | string | `"TCP"` |  |
+| fluentd.service.ports[1].containerPort | int | `9880` |  |
+| fluentd.service.ports[1].name | string | `"http-fluentd"` |  |
+| fluentd.service.ports[1].protocol | string | `"TCP"` |  |
+| fluentd.shared_key | string | `"cloudbender"` |  |
 | kibana.count | int | `1` |  |
 | kibana.istio.enabled | bool | `false` |  |
 | kibana.istio.gateway | string | `"istio-system/ingressgateway"` |  |

charts/kubezero/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero
 description: KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
 type: application
-version: 0.4.3
+version: 0.4.4
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero/README.md

@@ -2,7 +2,7 @@ kubezero
 ========
 KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
 
-Current chart version is `0.4.3`
+Current chart version is `0.4.4`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -18,8 +18,8 @@ Source code can be found [here](https://kubezero.com)
 |-----|------|---------|-------------|
 | aws-ebs-csi-driver.enabled | bool | `false` |  |
 | aws-efs-csi-driver.enabled | bool | `false` |  |
-| calico.enabled | bool | `true` |  |
-| cert-manager.enabled | bool | `true` |  |
+| calico.enabled | bool | `false` |  |
+| cert-manager.enabled | bool | `false` |  |
 | global.defaultDestination.server | string | `"https://kubernetes.default.svc"` |  |
 | global.defaultSource.pathPrefix | string | `""` |  |
 | global.defaultSource.repoURL | string | `"https://github.com/zero-down-time/kubezero"` |  |

charts/kubezero/templates/_app.yaml

@@ -31,4 +31,9 @@ spec:
   destination:
     server: {{ .root.Values.global.defaultDestination.server }}
     namespace: {{ default "kube-system" .namespace }}
+
+  {{- if .root.Values.global.syncPolicy }}
+  syncPolicy:
+    {{- toYaml .root.Values.global.syncPolicy | nindent 4 }}
+  {{- end }}
 {{- end }}

charts/kubezero/templates/aws-ebs-csi-driver.yaml

@@ -1,6 +1,3 @@
 {{- if index .Values "aws-ebs-csi-driver" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "aws-ebs-csi-driver" "type" "helm" }}
-  syncPolicy:
-    automated:
-      prune: true
 {{- end }}

charts/kubezero/templates/aws-efs-csi-driver.yaml

@@ -1,6 +1,3 @@
 {{- if index .Values "aws-efs-csi-driver" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "aws-efs-csi-driver" "type" "helm" }}
-  syncPolicy:
-    automated:
-      prune: true
 {{- end }}

charts/kubezero/templates/calico.yaml

@@ -1,8 +1,5 @@
 {{- if .Values.calico.enabled }}
 {{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "helm" "retain" true }}
-  syncPolicy:
-    automated:
-      prune: true
 
   ignoreDifferences:
   - group: apiextensions.k8s.io

charts/kubezero/templates/cert-manager.yaml

@@ -1,9 +1,6 @@
 {{- if index .Values "cert-manager" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "cert-manager" "type" "helm" "namespace" "cert-manager" }}
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
+
 ---
 apiVersion: v1
 kind: Namespace

charts/kubezero/templates/istio.yaml

@@ -1,8 +1,5 @@
 {{- if .Values.istio.enabled }}
 {{ template "kubezero-app.app" dict "root" . "name" "istio" "type" "helm" }}
-  syncPolicy:
-    automated:
-      prune: true
 
   ignoreDifferences:
   - group: apiextensions.k8s.io

charts/kubezero/templates/kiam.yaml

@@ -1,6 +1,3 @@
 {{- if index .Values "kiam" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "kiam" "type" "helm" }}
-  syncPolicy:
-    automated:
-      prune: true
 {{- end }}

charts/kubezero/templates/local-volume-provisioner.yaml

@@ -1,6 +1,3 @@
 {{- if index .Values "local-volume-provisioner" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "local-volume-provisioner" "type" "helm" }}
-  syncPolicy:
-    automated:
-      prune: true
 {{- end }}

charts/kubezero/templates/logging.yaml

@@ -1,8 +1,5 @@
 {{- if index .Values "logging" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "logging" "type" "helm" "namespace" "logging"}}
-  syncPolicy:
-    automated:
-      prune: true
 
   ignoreDifferences:
   - group: admissionregistration.k8s.io

charts/kubezero/templates/metrics.yaml

@@ -1,8 +1,5 @@
 {{- if index .Values "metrics" "enabled" }}
 {{ template "kubezero-app.app" dict "root" . "name" "metrics" "type" "helm" "namespace" "monitoring"}}
-  syncPolicy:
-    automated:
-      prune: true
 ---
 apiVersion: v1
 kind: Namespace

charts/kubezero/values-calico.yaml

@@ -0,0 +1,17 @@
+global:
+  defaultDestination:
+    server: https://kubernetes.default.svc
+
+  # This repoURL is used a base for all the repoURLs applications
+  # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be
+  # integrated into any repository as a git subtree if for example public internet access is unavailable
+  defaultSource:
+    # defaultSource.repoURL -- default repository for argocd applications
+    repoURL: https://github.com/zero-down-time/kubezero
+    # defaultSource.targetRevision -- default tracking of repoURL
+    targetRevision: HEAD
+    # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
+    pathPrefix: ''
+
+calico:
+  enabled: true

charts/kubezero/values.yaml

@@ -16,10 +16,10 @@ global:
 platform: aws
 
 calico:
-  enabled: true
+  enabled: false
 
 cert-manager:
-  enabled: true
+  enabled: false
 
 local-volume-provisioner:
   enabled: false