Latest Istio 1.7.1, ES heap configruable, Fluent-bit version bump #20
|
@ -2,8 +2,8 @@ apiVersion: v2
|
||||||
name: kubezero-istio
|
name: kubezero-istio
|
||||||
description: KubeZero Umbrella Chart for Istio
|
description: KubeZero Umbrella Chart for Istio
|
||||||
type: application
|
type: application
|
||||||
version: 0.2.4
|
version: 0.3.0
|
||||||
appVersion: 1.6.7
|
appVersion: 1.7.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -16,5 +16,5 @@ dependencies:
|
||||||
version: ">= 0.1.3"
|
version: ">= 0.1.3"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: istio-operator
|
- name: istio-operator
|
||||||
version: ">= 1.6"
|
version: ">= 1.7"
|
||||||
kubeVersion: ">= 1.16.0"
|
kubeVersion: ">= 1.16.0"
|
||||||
|
|
|
@ -5,7 +5,7 @@ KubeZero Umbrella Chart for Istio
|
||||||
Installs Istio Operator and KubeZero Istio profile
|
Installs Istio Operator and KubeZero Istio profile
|
||||||
|
|
||||||
|
|
||||||
Current chart version is `0.2.4`
|
Current chart version is `0.3.0`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | istio-operator | >= 1.6 |
|
| | istio-operator | >= 1.7 |
|
||||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||||
|
|
||||||
## KubeZero default configuration
|
## KubeZero default configuration
|
||||||
|
@ -30,10 +30,12 @@ Source code can be found [here](https://kubezero.com)
|
||||||
| ingress.replicaCount | int | `2` | |
|
| ingress.replicaCount | int | `2` | |
|
||||||
| ingress.type | string | `"NodePort"` | |
|
| ingress.type | string | `"NodePort"` | |
|
||||||
| istio-operator.hub | string | `"docker.io/istio"` | |
|
| istio-operator.hub | string | `"docker.io/istio"` | |
|
||||||
| istio-operator.tag | string | `"1.6.7"` | |
|
| istio-operator.tag | string | `"1.7.1"` | |
|
||||||
| istiod.autoscaleEnabled | bool | `false` | |
|
| istiod.autoscaleEnabled | bool | `false` | |
|
||||||
| istiod.replicaCount | int | `1` | |
|
| istiod.replicaCount | int | `1` | |
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
|
- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
|
||||||
|
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
|
||||||
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
||||||
|
|
|
@ -17,4 +17,6 @@ Installs Istio Operator and KubeZero Istio profile
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
|
- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
|
||||||
|
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
|
||||||
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
- https://istio.io/latest/docs/setup/install/standalone-operator/
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
name: istio-operator
|
name: istio-operator
|
||||||
version: 1.6.0
|
version: 1.7.0
|
||||||
tillerVersion: ">=2.7.2"
|
tillerVersion: ">=2.7.2"
|
||||||
description: Helm chart for deploying Istio operator
|
description: Helm chart for deploying Istio operator
|
||||||
keywords:
|
keywords:
|
||||||
- istio
|
- istio
|
||||||
- operator
|
- operator
|
||||||
sources:
|
sources:
|
||||||
- http://github.com/istio/istio/operator
|
- https://github.com/istio/istio/tree/master/operator
|
||||||
engine: gotpl
|
engine: gotpl
|
||||||
icon: https://istio.io/favicons/android-192x192.png
|
icon: https://istio.io/latest/favicons/android-192x192.png
|
||||||
|
|
|
@ -0,0 +1,74 @@
|
||||||
|
# SYNC WITH manifests/charts/base/files
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: istiooperators.install.istio.io
|
||||||
|
labels:
|
||||||
|
release: istio
|
||||||
|
spec:
|
||||||
|
group: install.istio.io
|
||||||
|
names:
|
||||||
|
kind: IstioOperator
|
||||||
|
plural: istiooperators
|
||||||
|
singular: istiooperator
|
||||||
|
shortNames:
|
||||||
|
- iop
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- additionalPrinterColumns:
|
||||||
|
- description: Istio control plane revision
|
||||||
|
jsonPath: .spec.revision
|
||||||
|
name: Revision
|
||||||
|
type: string
|
||||||
|
- description: IOP current state
|
||||||
|
jsonPath: .status.status
|
||||||
|
type: string
|
||||||
|
name: Status
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
description:
|
||||||
|
"CreationTimestamp is a timestamp representing the server time when
|
||||||
|
this object was created. It is not guaranteed to be set in happens-before order
|
||||||
|
across separate operations. Clients may not set this value. It is represented
|
||||||
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
||||||
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description:
|
||||||
|
"APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values.
|
||||||
|
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources"
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description:
|
||||||
|
"Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase.
|
||||||
|
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
|
||||||
|
type: string
|
||||||
|
spec:
|
||||||
|
description:
|
||||||
|
"Specification of the desired state of the istio control plane resource.
|
||||||
|
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
description:
|
||||||
|
"Status describes each of istio control plane component status at the current time.
|
||||||
|
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
|
||||||
|
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
|
||||||
|
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
---
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
rules:
|
rules:
|
||||||
# istio groups
|
# istio groups
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
@ -29,12 +29,6 @@ rules:
|
||||||
- '*'
|
- '*'
|
||||||
verbs:
|
verbs:
|
||||||
- '*'
|
- '*'
|
||||||
- apiGroups:
|
|
||||||
- rbac.istio.io
|
|
||||||
resources:
|
|
||||||
- '*'
|
|
||||||
verbs:
|
|
||||||
- '*'
|
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- security.istio.io
|
- security.istio.io
|
||||||
resources:
|
resources:
|
||||||
|
@ -81,6 +75,7 @@ rules:
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- create
|
- create
|
||||||
|
- update
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- policy
|
- policy
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
namespace: {{.Values.operatorNamespace}}
|
namespace: {{.Values.operatorNamespace}}
|
||||||
roleRef:
|
roleRef:
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
---
|
---
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
# SYNC WITH manifests/charts/base/files
|
|
||||||
apiVersion: apiextensions.k8s.io/v1beta1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: istiooperators.install.istio.io
|
|
||||||
spec:
|
|
||||||
group: install.istio.io
|
|
||||||
names:
|
|
||||||
kind: IstioOperator
|
|
||||||
plural: istiooperators
|
|
||||||
singular: istiooperator
|
|
||||||
shortNames:
|
|
||||||
- iop
|
|
||||||
scope: Namespaced
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
validation:
|
|
||||||
openAPIV3Schema:
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: 'APIVersion defines the versioned schema of this representation
|
|
||||||
of an object. Servers should convert recognized schemas to the latest
|
|
||||||
internal value, and may reject unrecognized values.
|
|
||||||
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: 'Kind is a string value representing the REST resource this
|
|
||||||
object represents. Servers may infer this from the endpoint the client
|
|
||||||
submits requests to. Cannot be updated. In CamelCase.
|
|
||||||
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
||||||
type: string
|
|
||||||
spec:
|
|
||||||
description: 'Specification of the desired state of the istio control plane resource.
|
|
||||||
More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
|
|
||||||
type: object
|
|
||||||
status:
|
|
||||||
description: 'Status describes each of istio control plane component status at the current time.
|
|
||||||
0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
|
|
||||||
More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
|
|
||||||
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
|
|
||||||
type: object
|
|
||||||
versions:
|
|
||||||
- name: v1alpha1
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
---
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
{{- if .Values.enableCRDTemplates -}}
|
||||||
|
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}}
|
||||||
|
---
|
||||||
|
{{ $.Files.Get $path }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
namespace: {{.Values.operatorNamespace}}
|
namespace: {{.Values.operatorNamespace}}
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
|
@ -13,7 +13,7 @@ spec:
|
||||||
labels:
|
labels:
|
||||||
name: istio-operator
|
name: istio-operator
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: istio-operator
|
serviceAccountName: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
node-role.kubernetes.io/master: ""
|
node-role.kubernetes.io/master: ""
|
||||||
|
@ -26,23 +26,32 @@ spec:
|
||||||
command:
|
command:
|
||||||
- operator
|
- operator
|
||||||
- server
|
- server
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1337
|
||||||
|
runAsUser: 1337
|
||||||
|
runAsNonRoot: true
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
resources:
|
resources:
|
||||||
limits:
|
{{ toYaml .Values.operator.resources | trim | indent 12 }}
|
||||||
cpu: 200m
|
|
||||||
memory: 256Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 128Mi
|
|
||||||
env:
|
env:
|
||||||
- name: WATCH_NAMESPACE
|
- name: WATCH_NAMESPACE
|
||||||
value: {{.Values.istioNamespace}}
|
value: {{.Values.watchedNamespaces | quote}}
|
||||||
- name: LEADER_ELECTION_NAMESPACE
|
- name: LEADER_ELECTION_NAMESPACE
|
||||||
value: {{.Values.operatorNamespace}}
|
value: {{.Values.operatorNamespace | quote}}
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: metadata.name
|
fieldPath: metadata.name
|
||||||
- name: OPERATOR_NAME
|
- name: OPERATOR_NAME
|
||||||
value: {{.Values.operatorNamespace}}
|
value: {{.Values.operatorNamespace | quote}}
|
||||||
|
- name: WAIT_FOR_RESOURCES_TIMEOUT
|
||||||
|
value: {{.Values.waitForResourcesTimeout | quote}}
|
||||||
|
- name: REVISION
|
||||||
|
value: {{.Values.revision | quote}}
|
||||||
---
|
---
|
||||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
||||||
namespace: {{.Values.operatorNamespace}}
|
namespace: {{.Values.operatorNamespace}}
|
||||||
labels:
|
labels:
|
||||||
name: istio-operator
|
name: istio-operator
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: http-metrics
|
- name: http-metrics
|
||||||
|
|
|
@ -2,5 +2,5 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
namespace: {{.Values.operatorNamespace}}
|
namespace: {{.Values.operatorNamespace}}
|
||||||
name: istio-operator
|
name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
---
|
---
|
||||||
|
|
|
@ -1,4 +1,25 @@
|
||||||
hub: gcr.io/istio-testing
|
hub: gcr.io/istio-testing
|
||||||
tag: 1.6-dev
|
tag: latest
|
||||||
|
|
||||||
operatorNamespace: istio-operator
|
operatorNamespace: istio-operator
|
||||||
istioNamespace: istio-system
|
|
||||||
|
# Used to replace istioNamespace to support operator watch multiple namespaces.
|
||||||
|
watchedNamespaces: istio-system
|
||||||
|
waitForResourcesTimeout: 300s
|
||||||
|
|
||||||
|
# Used for helm2 to add the CRDs to templates.
|
||||||
|
enableCRDTemplates: false
|
||||||
|
|
||||||
|
# revision for the operator resources
|
||||||
|
revision: ""
|
||||||
|
|
||||||
|
# Operator resource defaults
|
||||||
|
operator:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 128Mi
|
||||||
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# First delete old 1.4
|
|
||||||
kubectl delete -f ingress-gateway.yaml
|
|
||||||
kubectl delete -f istio.yaml
|
|
||||||
kubectl delete -f istio-init.yaml
|
|
||||||
kubectl delete -f namespace.yaml
|
|
|
@ -1,11 +1,9 @@
|
||||||
diff --git a/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml b/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
|
--- charts/istio-operator/templates/deployment.yaml 2020-09-11 14:57:25.007439918 +0100
|
||||||
index 5ef7848..8350dd5 100644
|
+++ charts/istio-operator/templates/deployment.yaml 2020-09-11 14:59:57.998019251 +0100
|
||||||
--- a/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
|
@@ -14,6 +14,12 @@
|
||||||
+++ b/charts/kubezero-istio/charts/istio-operator/templates/deployment.yaml
|
|
||||||
@@ -14,6 +14,12 @@ spec:
|
|
||||||
name: istio-operator
|
name: istio-operator
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: istio-operator
|
serviceAccountName: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||||||
+ nodeSelector:
|
+ nodeSelector:
|
||||||
+ kubernetes.io/os: linux
|
+ kubernetes.io/os: linux
|
||||||
+ node-role.kubernetes.io/master: ""
|
+ node-role.kubernetes.io/master: ""
|
||||||
|
|
|
@ -5220,6 +5220,7 @@ spec:
|
||||||
storage: true
|
storage: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
# Cni component is disabled.
|
# Cni component is disabled.
|
||||||
|
|
||||||
# EgressGateways istio-egressgateway component is disabled.
|
# EgressGateways istio-egressgateway component is disabled.
|
||||||
|
|
|
@ -30,15 +30,15 @@ spec:
|
||||||
name: istio-private-ingressgateway
|
name: istio-private-ingressgateway
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
# https://github.com/istio/istio/issues/26524
|
# https://github.com/istio/istio/issues/26524, not in 1.7 either
|
||||||
#- name: TERMINATION_DRAIN_DURATION_SECONDS
|
#- name: TERMINATION_DRAIN_DURATION_SECONDS
|
||||||
# value: "60"
|
# value: "60"
|
||||||
- name: ISTIO_META_HTTP10
|
- name: ISTIO_META_HTTP10
|
||||||
value: '"1"'
|
value: '"1"'
|
||||||
- name: ISTIO_META_ROUTER_MODE
|
- name: ISTIO_META_ROUTER_MODE
|
||||||
value: standard
|
value: standard
|
||||||
- name: ISTIO_META_IDLE_TIMEOUT
|
#- name: ISTIO_META_IDLE_TIMEOUT
|
||||||
value: "3600s"
|
# value: "3600s"
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node.kubernetes.io/ingress.private: "{{ .Values.ingress.private.nodeSelector }}"
|
node.kubernetes.io/ingress.private: "{{ .Values.ingress.private.nodeSelector }}"
|
||||||
|
@ -64,6 +64,10 @@ spec:
|
||||||
- path: spec.template.spec.terminationGracePeriodSeconds
|
- path: spec.template.spec.terminationGracePeriodSeconds
|
||||||
value: 90
|
value: 90
|
||||||
|
|
||||||
|
meshConfig:
|
||||||
|
accessLogFile: /dev/stdout
|
||||||
|
accessLogEncoding: 'JSON'
|
||||||
|
|
||||||
values:
|
values:
|
||||||
gateways:
|
gateways:
|
||||||
istio-ingressgateway:
|
istio-ingressgateway:
|
||||||
|
@ -87,11 +91,13 @@ spec:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: http2
|
- name: http2
|
||||||
port: 80
|
port: 80
|
||||||
|
targetPort: 8080
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodePort: 31080
|
nodePort: 31080
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: https
|
- name: https
|
||||||
port: 443
|
port: 443
|
||||||
|
targetPort: 8443
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodePort: 31443
|
nodePort: 31443
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -110,24 +116,11 @@ spec:
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodePort: 31672
|
nodePort: 31672
|
||||||
{{- end }}
|
{{- end }}
|
||||||
sds:
|
|
||||||
enabled: true
|
|
||||||
image: node-agent-k8s
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 2000m
|
|
||||||
memory: 1024Mi
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 128Mi
|
|
||||||
secretVolumes:
|
|
||||||
- mountPath: /etc/istio/ingressgateway-certs
|
|
||||||
name: ingressgateway-certs
|
|
||||||
secretName: istio-ingressgateway-certs
|
|
||||||
- mountPath: /etc/istio/ingressgateway-ca-certs
|
|
||||||
name: ingressgateway-ca-certs
|
|
||||||
secretName: istio-ingressgateway-ca-certs
|
|
||||||
|
|
||||||
global:
|
global:
|
||||||
jwtPolicy: first-party-jwt
|
jwtPolicy: first-party-jwt
|
||||||
|
logAsJson: true
|
||||||
|
defaultPodDisruptionBudget:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -7,14 +7,7 @@ metadata:
|
||||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
profile: empty
|
profile: empty
|
||||||
addonComponents:
|
|
||||||
prometheus:
|
|
||||||
enabled: false
|
|
||||||
components:
|
components:
|
||||||
citadel:
|
|
||||||
enabled: false
|
|
||||||
galley:
|
|
||||||
enabled: false
|
|
||||||
ingressGateways:
|
ingressGateways:
|
||||||
- enabled: true
|
- enabled: true
|
||||||
k8s:
|
k8s:
|
||||||
|
@ -34,22 +27,22 @@ spec:
|
||||||
name: istio-ingressgateway
|
name: istio-ingressgateway
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
# https://github.com/istio/istio/issues/26524
|
# https://github.com/istio/istio/issues/26524, not in 1.7 !
|
||||||
#- name: TERMINATION_DRAIN_DURATION_SECONDS
|
#- name: TERMINATION_DRAIN_DURATION_SECONDS
|
||||||
# value: "60"
|
# value: "60"
|
||||||
- name: ISTIO_META_HTTP10
|
- name: ISTIO_META_HTTP10
|
||||||
value: '"1"'
|
value: '"1"'
|
||||||
- name: ISTIO_META_ROUTER_MODE
|
- name: ISTIO_META_ROUTER_MODE
|
||||||
value: standard
|
value: standard
|
||||||
- name: ISTIO_META_IDLE_TIMEOUT
|
#- name: ISTIO_META_IDLE_TIMEOUT
|
||||||
value: "3600s"
|
# value: "3600s"
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node.kubernetes.io/ingress.public: "30080_30443"
|
node.kubernetes.io/ingress.public: "30080_30443"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
# cpu: 2000m
|
#cpu: 2000m
|
||||||
memory: 1024Mi
|
memory: 1024Mi
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
@ -92,10 +85,11 @@ spec:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
|
||||||
sidecarInjector:
|
|
||||||
enabled: false
|
|
||||||
telemetry:
|
telemetry:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
meshConfig:
|
||||||
|
accessLogFile: /dev/stdout
|
||||||
|
accessLogEncoding: 'JSON'
|
||||||
values:
|
values:
|
||||||
gateways:
|
gateways:
|
||||||
istio-ingressgateway:
|
istio-ingressgateway:
|
||||||
|
@ -119,45 +113,22 @@ spec:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: http2
|
- name: http2
|
||||||
port: 80
|
port: 80
|
||||||
|
targetPort: 8080
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodePort: 30080
|
nodePort: 30080
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: https
|
- name: https
|
||||||
port: 443
|
port: 443
|
||||||
|
targetPort: 8443
|
||||||
{{- if eq .Values.ingress.type "NodePort" }}
|
{{- if eq .Values.ingress.type "NodePort" }}
|
||||||
nodePort: 30443
|
nodePort: 30443
|
||||||
{{- end }}
|
{{- end }}
|
||||||
sds:
|
|
||||||
enabled: true
|
|
||||||
image: node-agent-k8s
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 2000m
|
|
||||||
memory: 1024Mi
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 128Mi
|
|
||||||
secretVolumes:
|
|
||||||
- mountPath: /etc/istio/ingressgateway-certs
|
|
||||||
name: ingressgateway-certs
|
|
||||||
secretName: istio-ingressgateway-certs
|
|
||||||
- mountPath: /etc/istio/ingressgateway-ca-certs
|
|
||||||
name: ingressgateway-ca-certs
|
|
||||||
secretName: istio-ingressgateway-ca-certs
|
|
||||||
meshConfig:
|
|
||||||
accessLogFile: /dev/stdout
|
|
||||||
disablePolicyChecks: false
|
|
||||||
global:
|
global:
|
||||||
jwtPolicy: first-party-jwt
|
jwtPolicy: first-party-jwt
|
||||||
omitSidecarInjectorConfigMap: true
|
logAsJson: true
|
||||||
proxy:
|
defaultPodDisruptionBudget:
|
||||||
accessLogEncoding: JSON
|
enabled: false
|
||||||
autoInject: disabled
|
|
||||||
envoyStatsd:
|
|
||||||
enabled: false
|
|
||||||
useMCP: false
|
|
||||||
pilot:
|
pilot:
|
||||||
sidecar: false
|
|
||||||
autoscaleEnabled: false
|
autoscaleEnabled: false
|
||||||
mixer:
|
mixer:
|
||||||
policy:
|
policy:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
ISTIO_VERSION=1.6.7
|
ISTIO_VERSION=1.7.1
|
||||||
|
|
||||||
NAME="istio-$ISTIO_VERSION"
|
NAME="istio-$ISTIO_VERSION"
|
||||||
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
|
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
|
||||||
|
@ -15,7 +15,7 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/istio-operator charts
|
||||||
rm -rf istio-${ISTIO_VERSION}
|
rm -rf istio-${ISTIO_VERSION}
|
||||||
|
|
||||||
# Apply our patch
|
# Apply our patch
|
||||||
patch -i istio-operator.patch -p3
|
patch -i istio-operator.patch -p0
|
||||||
|
|
||||||
# Extract base / CRDs from istioctl into plain manifest to workaround chicken egg problem with CRDs
|
# Extract base / CRDs from istioctl into plain manifest to workaround chicken egg problem with CRDs
|
||||||
istioctl manifest generate --set profile=empty --set components.base.enabled=true > templates/istio-base.yaml
|
istioctl manifest generate --set profile=empty --set components.base.enabled=true > templates/istio-base.yaml
|
||||||
|
|
|
@ -14,4 +14,4 @@ ingress:
|
||||||
|
|
||||||
istio-operator:
|
istio-operator:
|
||||||
hub: docker.io/istio
|
hub: docker.io/istio
|
||||||
tag: 1.6.7
|
tag: 1.7.1
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-kiam
|
name: kubezero-kiam
|
||||||
description: KubeZero Umbrella Chart for Kiam
|
description: KubeZero Umbrella Chart for Kiam
|
||||||
type: application
|
type: application
|
||||||
version: 0.2.9
|
version: 0.2.10
|
||||||
appVersion: 3.6
|
appVersion: 3.6
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
@ -18,4 +18,5 @@ dependencies:
|
||||||
- name: kiam
|
- name: kiam
|
||||||
version: 5.8.1
|
version: 5.8.1
|
||||||
repository: https://uswitch.github.io/kiam-helm-charts/charts/
|
repository: https://uswitch.github.io/kiam-helm-charts/charts/
|
||||||
|
condition: kiam.enabled
|
||||||
kubeVersion: ">= 1.16.0"
|
kubeVersion: ">= 1.16.0"
|
||||||
|
|
|
@ -2,7 +2,7 @@ kubezero-kiam
|
||||||
=============
|
=============
|
||||||
KubeZero Umbrella Chart for Kiam
|
KubeZero Umbrella Chart for Kiam
|
||||||
|
|
||||||
Current chart version is `0.2.8`
|
Current chart version is `0.2.10`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
@ -43,6 +43,10 @@ By default all access to the meta-data service is blocked, expect for:
|
||||||
| kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | |
|
| kiam.agent.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||||
| kiam.agent.prometheus.servicemonitor.interval | string | `"30s"` | |
|
| kiam.agent.prometheus.servicemonitor.interval | string | `"30s"` | |
|
||||||
| kiam.agent.prometheus.servicemonitor.labels.release | string | `"metrics"` | |
|
| kiam.agent.prometheus.servicemonitor.labels.release | string | `"metrics"` | |
|
||||||
|
| kiam.agent.resources.limits.cpu | string | `"50m"` | |
|
||||||
|
| kiam.agent.resources.limits.memory | string | `"20Mi"` | |
|
||||||
|
| kiam.agent.resources.requests.cpu | string | `"50m"` | |
|
||||||
|
| kiam.agent.resources.requests.memory | string | `"20Mi"` | |
|
||||||
| kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
| kiam.agent.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
||||||
| kiam.agent.tlsCerts.caFileName | string | `"ca.crt"` | |
|
| kiam.agent.tlsCerts.caFileName | string | `"ca.crt"` | |
|
||||||
| kiam.agent.tlsCerts.certFileName | string | `"tls.crt"` | |
|
| kiam.agent.tlsCerts.certFileName | string | `"tls.crt"` | |
|
||||||
|
@ -52,6 +56,7 @@ By default all access to the meta-data service is blocked, expect for:
|
||||||
| kiam.agent.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
| kiam.agent.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||||
| kiam.agent.updateStrategy | string | `"RollingUpdate"` | |
|
| kiam.agent.updateStrategy | string | `"RollingUpdate"` | |
|
||||||
| kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | |
|
| kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | |
|
||||||
|
| kiam.enabled | bool | `true` | |
|
||||||
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
|
||||||
| kiam.server.deployment.enabled | bool | `true` | |
|
| kiam.server.deployment.enabled | bool | `true` | |
|
||||||
| kiam.server.deployment.replicas | int | `1` | |
|
| kiam.server.deployment.replicas | int | `1` | |
|
||||||
|
@ -61,6 +66,10 @@ By default all access to the meta-data service is blocked, expect for:
|
||||||
| kiam.server.prometheus.servicemonitor.enabled | bool | `false` | |
|
| kiam.server.prometheus.servicemonitor.enabled | bool | `false` | |
|
||||||
| kiam.server.prometheus.servicemonitor.interval | string | `"30s"` | |
|
| kiam.server.prometheus.servicemonitor.interval | string | `"30s"` | |
|
||||||
| kiam.server.prometheus.servicemonitor.labels.release | string | `"metrics"` | |
|
| kiam.server.prometheus.servicemonitor.labels.release | string | `"metrics"` | |
|
||||||
|
| kiam.server.resources.limits.cpu | string | `"100m"` | |
|
||||||
|
| kiam.server.resources.limits.memory | string | `"50Mi"` | |
|
||||||
|
| kiam.server.resources.requests.cpu | string | `"100m"` | |
|
||||||
|
| kiam.server.resources.requests.memory | string | `"50Mi"` | |
|
||||||
| kiam.server.service.port | int | `6444` | |
|
| kiam.server.service.port | int | `6444` | |
|
||||||
| kiam.server.service.targetPort | int | `6444` | |
|
| kiam.server.service.targetPort | int | `6444` | |
|
||||||
| kiam.server.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
| kiam.server.sslCertHostPath | string | `"/etc/ssl/certs"` | |
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
kiam:
|
kiam:
|
||||||
|
enabled: true
|
||||||
server:
|
server:
|
||||||
image:
|
image:
|
||||||
tag: "v3.6"
|
tag: "v3.6"
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-logging
|
name: kubezero-logging
|
||||||
description: KubeZero Umbrella Chart for complete EFK stack
|
description: KubeZero Umbrella Chart for complete EFK stack
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.2
|
version: 0.3.5
|
||||||
appVersion: 1.2.1
|
appVersion: 1.2.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
@ -23,7 +23,7 @@ dependencies:
|
||||||
repository: https://kubernetes-charts.storage.googleapis.com/
|
repository: https://kubernetes-charts.storage.googleapis.com/
|
||||||
condition: fluentd.enabled
|
condition: fluentd.enabled
|
||||||
- name: fluent-bit
|
- name: fluent-bit
|
||||||
version: 0.6.4
|
version: 0.7.2
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
# repository: https://fluent.github.io/helm-charts
|
# repository: https://fluent.github.io/helm-charts
|
||||||
condition: fluent-bit.enabled
|
condition: fluent-bit.enabled
|
||||||
|
|
|
@ -2,7 +2,7 @@ kubezero-logging
|
||||||
================
|
================
|
||||||
KubeZero Umbrella Chart for complete EFK stack
|
KubeZero Umbrella Chart for complete EFK stack
|
||||||
|
|
||||||
Current chart version is `0.3.2`
|
Current chart version is `0.3.5`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ Source code can be found [here](https://kubezero.com)
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://kubernetes-charts.storage.googleapis.com/ | fluentd | 2.5.1 |
|
| https://kubernetes-charts.storage.googleapis.com/ | fluentd | 2.5.1 |
|
||||||
| https://zero-down-time.github.io/kubezero/ | fluent-bit | 0.6.4 |
|
| https://zero-down-time.github.io/kubezero/ | fluent-bit | 0.7.2 |
|
||||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||||
|
|
||||||
## Changes from upstream
|
## Changes from upstream
|
||||||
|
@ -56,7 +56,7 @@ Source code can be found [here](https://kubezero.com)
|
||||||
| es.s3Snapshot.enabled | bool | `false` | |
|
| es.s3Snapshot.enabled | bool | `false` | |
|
||||||
| es.s3Snapshot.iamrole | string | `""` | |
|
| es.s3Snapshot.iamrole | string | `""` | |
|
||||||
| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
|
| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
|
||||||
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag kube.api.audit\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
|
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
|
||||||
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
|
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
|
||||||
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | |
|
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | |
|
||||||
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
|
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
|
||||||
|
|
|
@ -48,13 +48,16 @@ spec:
|
||||||
- name: elasticsearch
|
- name: elasticsearch
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: {{ default "200m" .cpu_request }}
|
||||||
memory: 2500Mi
|
memory: {{ mul 2 ( default "2" .jvm_heap ) }}Gi
|
||||||
limits:
|
limits:
|
||||||
memory: 4Gi
|
{{- if .cpu_limit }}
|
||||||
|
cpu: {{ .cpu_limit }}
|
||||||
|
{{- end }}
|
||||||
|
memory: {{ mul 2 ( default "2" .jvm_heap ) }}Gi
|
||||||
env:
|
env:
|
||||||
- name: ES_JAVA_OPTS
|
- name: ES_JAVA_OPTS
|
||||||
value: "-Xms2g -Xmx2g"
|
value: -Xms{{ default "2" .jvm_heap }}g -Xmx{{ default "2" .jvm_heap }}g
|
||||||
affinity:
|
affinity:
|
||||||
podAntiAffinity:
|
podAntiAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
|
|
@ -18,6 +18,8 @@ es:
|
||||||
size: 512Gi
|
size: 512Gi
|
||||||
class: ebs-sc-gp2-xfs
|
class: ebs-sc-gp2-xfs
|
||||||
zone: us-west-2a
|
zone: us-west-2a
|
||||||
|
jvm_heap: 4
|
||||||
|
cpu_limit: 2
|
||||||
s3Snapshot:
|
s3Snapshot:
|
||||||
enabled: true
|
enabled: true
|
||||||
iamrole: "dfsf" # INSERT_CLOUDFORMATION_OUTPUT_ElasticSearchSnapshots
|
iamrole: "dfsf" # INSERT_CLOUDFORMATION_OUTPUT_ElasticSearchSnapshots
|
||||||
|
@ -32,3 +34,6 @@ kibana:
|
||||||
|
|
||||||
fluentd:
|
fluentd:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
fluent-bit:
|
||||||
|
enabled: true
|
||||||
|
|
|
@ -79,10 +79,13 @@ Source code can be found [here](https://kubezero.com)
|
||||||
| prometheus-operator.nodeExporter.serviceMonitor.relabelings[0].targetLabel | string | `"node"` | |
|
| prometheus-operator.nodeExporter.serviceMonitor.relabelings[0].targetLabel | string | `"node"` | |
|
||||||
| prometheus-operator.prometheus.enabled | bool | `true` | |
|
| prometheus-operator.prometheus.enabled | bool | `true` | |
|
||||||
| prometheus-operator.prometheus.prometheusSpec.portName | string | `"http-prometheus"` | |
|
| prometheus-operator.prometheus.prometheusSpec.portName | string | `"http-prometheus"` | |
|
||||||
| prometheus-operator.prometheus.prometheusSpec.resources.requests.memory | string | `"512Mi"` | |
|
| prometheus-operator.prometheus.prometheusSpec.resources.limits.cpu | string | `"1000m"` | |
|
||||||
|
| prometheus-operator.prometheus.prometheusSpec.resources.limits.memory | string | `"3Gi"` | |
|
||||||
|
| prometheus-operator.prometheus.prometheusSpec.resources.requests.cpu | string | `"500m"` | |
|
||||||
|
| prometheus-operator.prometheus.prometheusSpec.resources.requests.memory | string | `"1Gi"` | |
|
||||||
| prometheus-operator.prometheus.prometheusSpec.retention | string | `"8d"` | |
|
| prometheus-operator.prometheus.prometheusSpec.retention | string | `"8d"` | |
|
||||||
| prometheus-operator.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.accessModes[0] | string | `"ReadWriteOnce"` | |
|
| prometheus-operator.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.accessModes[0] | string | `"ReadWriteOnce"` | |
|
||||||
| prometheus-operator.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage | string | `"8Gi"` | |
|
| prometheus-operator.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage | string | `"16Gi"` | |
|
||||||
| prometheus-operator.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.storageClassName | string | `"ebs-sc-gp2-xfs"` | |
|
| prometheus-operator.prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.storageClassName | string | `"ebs-sc-gp2-xfs"` | |
|
||||||
| prometheus-operator.prometheusOperator.admissionWebhooks.enabled | bool | `false` | |
|
| prometheus-operator.prometheusOperator.admissionWebhooks.enabled | bool | `false` | |
|
||||||
| prometheus-operator.prometheusOperator.createCustomResource | bool | `true` | |
|
| prometheus-operator.prometheusOperator.createCustomResource | bool | `true` | |
|
||||||
|
|
|
@ -40,8 +40,8 @@ else
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Deploy initial argo-cad
|
# Deploy initial argocd
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set cert-manager.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-1.yaml > generated-values.yaml
|
||||||
helm install -n argocd kubezero kubezero/kubezero-argo-cd --create-namespace -f generated-values.yaml
|
helm install -n argocd kubezero kubezero/kubezero-argo-cd --create-namespace -f generated-values.yaml
|
||||||
# Wait for argocd-server to be running
|
# Wait for argocd-server to be running
|
||||||
kubectl rollout status deployment -n argocd kubezero-argocd-server
|
kubectl rollout status deployment -n argocd kubezero-argocd-server
|
||||||
|
@ -55,7 +55,7 @@ EOF
|
||||||
if [ -f cert-manager-backup.yaml ]; then
|
if [ -f cert-manager-backup.yaml ]; then
|
||||||
kubectl apply -f cert-manager-backup.yaml
|
kubectl apply -f cert-manager-backup.yaml
|
||||||
else
|
else
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-2.yaml > generated-values.yaml
|
||||||
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
||||||
wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
|
wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
|
||||||
wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
|
wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
|
||||||
|
@ -64,17 +64,17 @@ EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
|
# Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set kiam.enabled=false --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
|
||||||
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
||||||
|
|
||||||
# Now lets make sure kiam is working
|
# Now lets make sure kiam is working
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml
|
||||||
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
||||||
wait_for kubectl get daemonset -n kube-system kiam-agent 2>/dev/null 1>&2
|
wait_for kubectl get daemonset -n kube-system kiam-agent 2>/dev/null 1>&2
|
||||||
kubectl rollout status daemonset -n kube-system kiam-agent
|
kubectl rollout status daemonset -n kube-system kiam-agent
|
||||||
|
|
||||||
# Install Istio if enabled, but keep ArgoCD istio support disabled for now in case
|
# Install Istio if enabled, but keep ArgoCD istio support disabled for now in case
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set argo-cd.istio.enabled=false --set metrics.istio.prometheus.enabled=false --set metrics.istio.grafana.enabled=false > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-5.yaml > generated-values.yaml
|
||||||
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
||||||
wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
|
wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
|
||||||
kubectl rollout status deployment -n istio-operator istio-operator
|
kubectl rollout status deployment -n istio-operator istio-operator
|
||||||
|
|
|
@ -8,22 +8,20 @@ kubezero:
|
||||||
values:
|
values:
|
||||||
network: {{ default "vxlan" .Values.calico.network }}
|
network: {{ default "vxlan" .Values.calico.network }}
|
||||||
mtu: {{ default "8941" .Values.calico.mtu }}
|
mtu: {{ default "8941" .Values.calico.mtu }}
|
||||||
prometheus: {{ .Values.metrics.enabled }}
|
prometheus: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
cert-manager:
|
cert-manager:
|
||||||
enabled: {{ index .Values "cert-manager" "enabled" }}
|
enabled: {{ index .Values "cert-manager" "enabled" }}
|
||||||
values:
|
values:
|
||||||
# Disable all until webhook is in place
|
# Disable all until webhook is in place
|
||||||
{{- if index .Values "cert-manager" "not_ready" }}
|
|
||||||
localCA:
|
localCA:
|
||||||
enabled: false
|
enabled: {{ index .Values "cert-manager" "ready" }}
|
||||||
{{- end }}
|
|
||||||
{{- if eq .Values.platform "aws" }}
|
{{- if eq .Values.platform "aws" }}
|
||||||
cert-manager:
|
cert-manager:
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
|
iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if not .Values.kiam.not_ready }}
|
{{- if and .Values.kiam.enabled .Values.kiam.ready }}
|
||||||
clusterIssuer:
|
clusterIssuer:
|
||||||
name: letsencrypt-dns-prod
|
name: letsencrypt-dns-prod
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
@ -47,25 +45,24 @@ kubezero:
|
||||||
|
|
||||||
|
|
||||||
{{- if eq .Values.platform "aws" }}
|
{{- if eq .Values.platform "aws" }}
|
||||||
{{- if not ( index .Values "cert-manager" "not_ready" ) }}
|
|
||||||
kiam:
|
kiam:
|
||||||
enabled: {{ .Values.kiam.enabled }}
|
enabled: {{ .Values.kiam.enabled }}
|
||||||
values:
|
values:
|
||||||
kiam:
|
kiam:
|
||||||
|
enabled: {{ not .Values.kiam.certsOnly }}
|
||||||
server:
|
server:
|
||||||
assumeRoleArn: "{{ .Values.kiam.IamArn }}"
|
assumeRoleArn: "{{ .Values.kiam.IamArn }}"
|
||||||
deployment:
|
deployment:
|
||||||
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
||||||
prometheus:
|
prometheus:
|
||||||
servicemonitor:
|
servicemonitor:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
agent:
|
agent:
|
||||||
prometheus:
|
prometheus:
|
||||||
servicemonitor:
|
servicemonitor:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if not .Values.kiam.not_ready }}
|
{{- if and .Values.kiam.enabled .Values.kiam.ready }}
|
||||||
# AWS only components
|
# AWS only components
|
||||||
aws-ebs-csi-driver:
|
aws-ebs-csi-driver:
|
||||||
enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
|
enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
|
||||||
|
@ -95,7 +92,7 @@ kubezero:
|
||||||
values:
|
values:
|
||||||
istiod:
|
istiod:
|
||||||
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
||||||
{{- if not ( index .Values "cert-manager" "not_ready" ) }}
|
{{- if index .Values "cert-manager" "ready" }}
|
||||||
{{- if .Values.istio.ingress }}
|
{{- if .Values.istio.ingress }}
|
||||||
ingress:
|
ingress:
|
||||||
{{- toYaml .Values.istio.ingress | nindent 8 }}
|
{{- toYaml .Values.istio.ingress | nindent 8 }}
|
||||||
|
@ -105,14 +102,14 @@ kubezero:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
values:
|
values:
|
||||||
{{- if and .Values.metrics.istio.grafana.enabled .Values.istio.enabled }}
|
{{- if and .Values.metrics.istio.grafana.enabled .Values.istio.ready }}
|
||||||
grafana:
|
grafana:
|
||||||
istio:
|
istio:
|
||||||
{{- with .Values.metrics.istio.grafana }}
|
{{- with .Values.metrics.istio.grafana }}
|
||||||
{{- toYaml . | nindent 10 }}
|
{{- toYaml . | nindent 10 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.enabled }}
|
{{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.ready }}
|
||||||
prometheus:
|
prometheus:
|
||||||
istio:
|
istio:
|
||||||
{{- with .Values.metrics.istio.prometheus }}
|
{{- with .Values.metrics.istio.prometheus }}
|
||||||
|
@ -149,7 +146,7 @@ kubezero:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
prometheus: {{ .Values.metrics.enabled }}
|
prometheus: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
|
|
||||||
{{- if .Values.logging.es.s3Snapshot }}
|
{{- if .Values.logging.es.s3Snapshot }}
|
||||||
s3Snapshot:
|
s3Snapshot:
|
||||||
|
@ -169,9 +166,9 @@ kubezero:
|
||||||
fluentd:
|
fluentd:
|
||||||
enabled: {{ .Values.logging.fluentd.enabled }}
|
enabled: {{ .Values.logging.fluentd.enabled }}
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
url: {{ .Values.logging.fluentd.url }}
|
url: {{ .Values.logging.fluentd.url }}
|
||||||
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled }}
|
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled .Values.istio.ready }}
|
||||||
istio:
|
istio:
|
||||||
{{- with .Values.logging.fluentd.istio }}
|
{{- with .Values.logging.fluentd.istio }}
|
||||||
{{- toYaml . | nindent 10 }}
|
{{- toYaml . | nindent 10 }}
|
||||||
|
@ -181,7 +178,7 @@ kubezero:
|
||||||
fluent-bit:
|
fluent-bit:
|
||||||
enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
|
enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
{{- if index .Values.logging "fluent-bit" "config" }}
|
{{- if index .Values.logging "fluent-bit" "config" }}
|
||||||
config:
|
config:
|
||||||
{{- with index .Values.logging "fluent-bit" "config" }}
|
{{- with index .Values.logging "fluent-bit" "config" }}
|
||||||
|
@ -192,13 +189,13 @@ kubezero:
|
||||||
argo-cd:
|
argo-cd:
|
||||||
controller:
|
controller:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
repoServer:
|
repoServer:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
server:
|
server:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
{{- with index .Values "argo-cd" "server" }}
|
{{- with index .Values "argo-cd" "server" }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -206,7 +203,7 @@ argo-cd:
|
||||||
configs:
|
configs:
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
|
{{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled .Values.istio.ready }}
|
||||||
istio:
|
istio:
|
||||||
{{- with index .Values "argo-cd" "istio" }}
|
{{- with index .Values "argo-cd" "istio" }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
kiam:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
cert-manager:
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
istio:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
logging:
|
||||||
|
enabled: false
|
|
@ -0,0 +1,17 @@
|
||||||
|
kiam:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
cert-manager:
|
||||||
|
ready: true
|
||||||
|
|
||||||
|
istio:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
logging:
|
||||||
|
enabled: false
|
|
@ -0,0 +1,17 @@
|
||||||
|
kiam:
|
||||||
|
certsOnly: true
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
cert-manager:
|
||||||
|
ready: true
|
||||||
|
|
||||||
|
istio:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
logging:
|
||||||
|
enabled: false
|
|
@ -0,0 +1,16 @@
|
||||||
|
kiam:
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
cert-manager:
|
||||||
|
ready: true
|
||||||
|
|
||||||
|
istio:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
logging:
|
||||||
|
enabled: false
|
|
@ -0,0 +1,6 @@
|
||||||
|
istio:
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
ready: false
|
|
@ -9,6 +9,7 @@ calico:
|
||||||
|
|
||||||
cert-manager:
|
cert-manager:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ready: true
|
||||||
IamArn: ""
|
IamArn: ""
|
||||||
|
|
||||||
aws-ebs-csi-driver:
|
aws-ebs-csi-driver:
|
||||||
|
@ -20,13 +21,16 @@ aws-efs-csi-driver:
|
||||||
|
|
||||||
kiam:
|
kiam:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ready: true
|
||||||
IamArn: ""
|
IamArn: ""
|
||||||
|
|
||||||
istio:
|
istio:
|
||||||
|
ready: true
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
ready: true
|
||||||
istio:
|
istio:
|
||||||
grafana:
|
grafana:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
Loading…
Reference in New Issue