charts/kubezero-argo-cd/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 name: kubezero-argo-cd
-version: 0.5.2
+version: 0.5.3
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-argo-cd/README.md

@@ -2,7 +2,7 @@ kubezero-argo-cd
 ================
 KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 
-Current chart version is `0.5.1`
+Current chart version is `0.5.3`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -25,12 +25,13 @@ Source code can be found [here](https://kubezero.com)
 | argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` |  |
 | argo-cd.controller.metrics.serviceMonitor.namespace | string | `"monitoring"` |  |
 | argo-cd.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
-| argo-cd.controller.resources.limits.memory | string | `"512Mi"` |  |
+| argo-cd.controller.resources.limits.memory | string | `"1536Mi"` |  |
 | argo-cd.controller.resources.requests.cpu | string | `"100m"` |  |
-| argo-cd.controller.resources.requests.memory | string | `"192Mi"` |  |
+| argo-cd.controller.resources.requests.memory | string | `"256Mi"` |  |
 | argo-cd.controller.tolerations[0].effect | string | `"NoSchedule"` |  |
 | argo-cd.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
 | argo-cd.dex.enabled | bool | `false` |  |
+| argo-cd.global.image.tag | string | `"v1.7.5"` |  |
 | argo-cd.installCRDs | bool | `false` |  |
 | argo-cd.istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
 | argo-cd.istio.gateway | string | `"istio-system/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |

charts/kubezero-argo-cd/values.yaml

@@ -29,10 +29,14 @@ argo-cd:
   #    argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
   #    argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
 
+  global:
+    image:
+      tag: v1.7.5
+
   controller:
     args:
-      statusProcessors: "2"
-      operationProcessors: "1"
+      statusProcessors: "4"
+      operationProcessors: "2"
       appResyncPeriod: "300"
 
     metrics:

charts/kubezero-istio/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.3.2
+version: 0.3.3
 appVersion: 1.7.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

charts/kubezero-istio/README.md

@@ -5,7 +5,7 @@ KubeZero Umbrella Chart for Istio
 Installs Istio Operator and KubeZero Istio profile
 
 
-Current chart version is `0.3.0`
+Current chart version is `0.3.3`
 
 Source code can be found [here](https://kubezero.com)
 

charts/kubezero-istio/templates/envoyfilter.yaml

@@ -0,0 +1,68 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: ingressgateway-listener-tcp-keepalive
+  namespace: istio-system
+spec:
+  workloadSelector:
+    labels:
+      istio: ingressgateway
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        socket_options:
+          # SOL_SOCKET = 1
+          # SO_KEEPALIVE = 9
+          - level: 1
+            name: 9
+            int_value: 1
+            state: STATE_LISTENING
+          # IPPROTO_TCP = 6
+          # TCP_KEEPIDLE = 4
+          - level: 6
+            name: 4
+            int_value: 60
+            state: STATE_LISTENING
+          # TCP_KEEPINTVL = 5
+          - level: 6
+            name: 5
+            int_value: 60
+            state: STATE_LISTENING
+
+{{- if .Values.ingress.private.enabled }}
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: private-ingressgateway-listener-tcp-keepalive
+  namespace: istio-system
+spec:
+  workloadSelector:
+    labels:
+      istio: private-ingressgateway
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        socket_options:
+          # SOL_SOCKET = 1
+          # SO_KEEPALIVE = 9
+          - level: 1
+            name: 9
+            int_value: 1
+            state: STATE_LISTENING
+          # IPPROTO_TCP = 6
+          # TCP_KEEPIDLE = 4
+          - level: 6
+            name: 4
+            int_value: 60
+            state: STATE_LISTENING
+          # TCP_KEEPINTVL = 5
+          - level: 6
+            name: 5
+            int_value: 60
+            state: STATE_LISTENING
+{{- end }}

charts/kubezero-kiam/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-kiam
 description: KubeZero Umbrella Chart for Kiam
 type: application
-version: 0.2.10
+version: 0.2.11
 appVersion: 3.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

charts/kubezero-kiam/templates/sync-ns.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.annotateKubeSystemNameSpace }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -63,3 +64,4 @@ spec:
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master
+{{- end }}

charts/kubezero-kiam/values.yaml

@@ -1,3 +1,5 @@
+annotateKubeSystemNameSpace: false
+
 kiam:
   enabled: true
   server:

charts/kubezero-logging/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-logging
 description: KubeZero Umbrella Chart for complete EFK stack
 type: application
-version: 0.3.5
+version: 0.3.6
 appVersion: 1.2.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

charts/kubezero-logging/README.md

@@ -2,7 +2,7 @@ kubezero-logging
 ================
 KubeZero Umbrella Chart for complete EFK stack
 
-Current chart version is `0.3.5`
+Current chart version is `0.3.6`
 
 Source code can be found [here](https://kubezero.com)
 

charts/kubezero-logging/values.yaml

@@ -70,6 +70,7 @@ fluentd:
       namespace: monitoring
 
   output:
+    # Default should be "logging-kubezero-logging-es-http" if fullnameOverride is NOT used
     host: logging-es-http
 
   shared_key: "cloudbender"
@@ -78,6 +79,7 @@ fluentd:
     OUTPUT_USER: elastic
     OUTPUT_SSL_VERIFY: "false"
 
+  # Same here the secret names change if fullnameOverride is not used !!
   extraEnvVars:
   - name: OUTPUT_PASSWORD
     valueFrom:

deploy/deploy.sh

@@ -8,7 +8,7 @@ function wait_for() {
   local TRIES=0
   while true; do
     $@ && break
-    [ $TRIES -eq 100 ] && return 1
+    [ $TRIES -eq 200 ] && return 1
     let TRIES=$TRIES+1
     sleep 3
   done
@@ -60,12 +60,15 @@ EOF
     wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
     wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
     kubectl wait --for=condition=Ready -n kube-system Issuer/kubezero-local-ca-issuer
-    kubectl wait --for=condition=Ready ClusterIssuer/letsencrypt-dns-prod
   fi
 
+  # Make sure kube-system is allowed to kiam
+  kubectl annotate --overwrite namespace kube-system 'iam.amazonaws.com/permitted=.*'
+
   # Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
   helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
   helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
+  kubectl wait --for=condition=Ready -n kube-system certificates/kiam-server
 
   # Now lets make sure kiam is working
   helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml
@@ -79,12 +82,10 @@ EOF
   wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
   kubectl rollout status deployment -n istio-operator istio-operator
 
-  # Todo: Now we need to wait till all is synced and healthy ... argocd cli or kubectl ?
-  # Wait for aws-ebs or kiam to be all ready, or all pods running ?
-
-  # Todo: 
-  # - integrate Prometheus-Grafana
-  # - integrate ES based logging
+  # Metrics
+  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-6.yaml  > generated-values.yaml
+  helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
+  wait_for kubectl get crds servicemonitors.monitoring.coreos.com 2>/dev/null 1>&2
 
   # Finally we could enable the actual config and deploy all
   helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > generated-values.yaml

deploy/templates/values.yaml

@@ -8,7 +8,7 @@ kubezero:
     values:
       network: {{ default "vxlan" .Values.calico.network }}
       mtu: {{ default "8941" .Values.calico.mtu }}
-      prometheus: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+      prometheus: {{ and .Values.metrics.enabled .Values.metrics.ready }}
   cert-manager:
     enabled: {{ index .Values "cert-manager" "enabled" }}
     values:
@@ -56,11 +56,11 @@ kubezero:
             replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
           prometheus:
             servicemonitor:
-              enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+              enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
         agent:
           prometheus:
             servicemonitor:
-              enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+              enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
 
   {{- if and .Values.kiam.enabled .Values.kiam.ready }}
   # AWS only components
@@ -146,7 +146,7 @@ kubezero:
         {{- toYaml . | nindent 8 }}
         {{- end }}
         {{- end }}
-        prometheus: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+        prometheus: {{ and .Values.metrics.enabled .Values.metrics.ready }}
 
         {{- if .Values.logging.es.s3Snapshot }}
         s3Snapshot:
@@ -166,8 +166,16 @@ kubezero:
       fluentd:
         enabled: {{ .Values.logging.fluentd.enabled }}
         metrics:
-          enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+          enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
         url: {{ .Values.logging.fluentd.url }}
+        {{- if .Values.logging.fluentd.output }}
+        output:
+          host: {{ .Values.logging.fluentd.output.host }}
+        {{- end }}
+        {{- if .Values.logging.fluentd.extraEnvVars }}
+        extraEnvVars:
+          {{- toYaml .Values.logging.fluentd.extraEnvVars | nindent 10 }}
+        {{- end }}
         {{- if and .Values.logging.fluentd.istio .Values.istio.enabled .Values.istio.ready }}
         istio:
           {{- with .Values.logging.fluentd.istio }}
@@ -178,7 +186,7 @@ kubezero:
       fluent-bit:
         enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
         metrics:
-          enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+          enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
         {{- if index .Values.logging "fluent-bit" "config" }}
         config:
           {{- with index .Values.logging "fluent-bit" "config" }}
@@ -189,13 +197,13 @@ kubezero:
 argo-cd:
   controller:
     metrics:
-      enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+      enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
   repoServer:
     metrics:
-      enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+      enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
   server:
     metrics:
-      enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
+      enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
     {{- with index .Values "argo-cd" "server" }}
     {{- toYaml . | nindent 4 }}
     {{- end }}

deploy/values-step-5.yaml

@@ -4,3 +4,6 @@ istio:
 metrics:
   enabled: false
   ready: false
+
+logging:
+  enabled: false

deploy/values-step-6.yaml

@@ -0,0 +1,6 @@
+metrics:
+  enabled: true
+  ready: false
+
+logging:
+  enabled: false