master #23
|
@ -1,7 +1,7 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
|
description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
|
||||||
name: kubezero-argo-cd
|
name: kubezero-argo-cd
|
||||||
version: 0.5.2
|
version: 0.5.3
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
|
|
@ -2,7 +2,7 @@ kubezero-argo-cd
|
||||||
================
|
================
|
||||||
KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
|
KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
|
||||||
|
|
||||||
Current chart version is `0.5.1`
|
Current chart version is `0.5.3`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
@ -25,12 +25,13 @@ Source code can be found [here](https://kubezero.com)
|
||||||
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
| argo-cd.controller.metrics.serviceMonitor.namespace | string | `"monitoring"` | |
|
| argo-cd.controller.metrics.serviceMonitor.namespace | string | `"monitoring"` | |
|
||||||
| argo-cd.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
| argo-cd.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||||
| argo-cd.controller.resources.limits.memory | string | `"512Mi"` | |
|
| argo-cd.controller.resources.limits.memory | string | `"1536Mi"` | |
|
||||||
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
||||||
| argo-cd.controller.resources.requests.memory | string | `"192Mi"` | |
|
| argo-cd.controller.resources.requests.memory | string | `"256Mi"` | |
|
||||||
| argo-cd.controller.tolerations[0].effect | string | `"NoSchedule"` | |
|
| argo-cd.controller.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||||
| argo-cd.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
| argo-cd.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||||
| argo-cd.dex.enabled | bool | `false` | |
|
| argo-cd.dex.enabled | bool | `false` | |
|
||||||
|
| argo-cd.global.image.tag | string | `"v1.7.5"` | |
|
||||||
| argo-cd.installCRDs | bool | `false` | |
|
| argo-cd.installCRDs | bool | `false` | |
|
||||||
| argo-cd.istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
|
| argo-cd.istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
|
||||||
| argo-cd.istio.gateway | string | `"istio-system/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
|
| argo-cd.istio.gateway | string | `"istio-system/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
|
||||||
|
|
|
@ -29,10 +29,14 @@ argo-cd:
|
||||||
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
||||||
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
||||||
|
|
||||||
|
global:
|
||||||
|
image:
|
||||||
|
tag: v1.7.5
|
||||||
|
|
||||||
controller:
|
controller:
|
||||||
args:
|
args:
|
||||||
statusProcessors: "2"
|
statusProcessors: "4"
|
||||||
operationProcessors: "1"
|
operationProcessors: "2"
|
||||||
appResyncPeriod: "300"
|
appResyncPeriod: "300"
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-istio
|
name: kubezero-istio
|
||||||
description: KubeZero Umbrella Chart for Istio
|
description: KubeZero Umbrella Chart for Istio
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.2
|
version: 0.3.3
|
||||||
appVersion: 1.7.1
|
appVersion: 1.7.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
|
|
@ -5,7 +5,7 @@ KubeZero Umbrella Chart for Istio
|
||||||
Installs Istio Operator and KubeZero Istio profile
|
Installs Istio Operator and KubeZero Istio profile
|
||||||
|
|
||||||
|
|
||||||
Current chart version is `0.3.0`
|
Current chart version is `0.3.3`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
apiVersion: networking.istio.io/v1alpha3
|
||||||
|
kind: EnvoyFilter
|
||||||
|
metadata:
|
||||||
|
name: ingressgateway-listener-tcp-keepalive
|
||||||
|
namespace: istio-system
|
||||||
|
spec:
|
||||||
|
workloadSelector:
|
||||||
|
labels:
|
||||||
|
istio: ingressgateway
|
||||||
|
configPatches:
|
||||||
|
- applyTo: LISTENER
|
||||||
|
patch:
|
||||||
|
operation: MERGE
|
||||||
|
value:
|
||||||
|
socket_options:
|
||||||
|
# SOL_SOCKET = 1
|
||||||
|
# SO_KEEPALIVE = 9
|
||||||
|
- level: 1
|
||||||
|
name: 9
|
||||||
|
int_value: 1
|
||||||
|
state: STATE_LISTENING
|
||||||
|
# IPPROTO_TCP = 6
|
||||||
|
# TCP_KEEPIDLE = 4
|
||||||
|
- level: 6
|
||||||
|
name: 4
|
||||||
|
int_value: 60
|
||||||
|
state: STATE_LISTENING
|
||||||
|
# TCP_KEEPINTVL = 5
|
||||||
|
- level: 6
|
||||||
|
name: 5
|
||||||
|
int_value: 60
|
||||||
|
state: STATE_LISTENING
|
||||||
|
|
||||||
|
{{- if .Values.ingress.private.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: networking.istio.io/v1alpha3
|
||||||
|
kind: EnvoyFilter
|
||||||
|
metadata:
|
||||||
|
name: private-ingressgateway-listener-tcp-keepalive
|
||||||
|
namespace: istio-system
|
||||||
|
spec:
|
||||||
|
workloadSelector:
|
||||||
|
labels:
|
||||||
|
istio: private-ingressgateway
|
||||||
|
configPatches:
|
||||||
|
- applyTo: LISTENER
|
||||||
|
patch:
|
||||||
|
operation: MERGE
|
||||||
|
value:
|
||||||
|
socket_options:
|
||||||
|
# SOL_SOCKET = 1
|
||||||
|
# SO_KEEPALIVE = 9
|
||||||
|
- level: 1
|
||||||
|
name: 9
|
||||||
|
int_value: 1
|
||||||
|
state: STATE_LISTENING
|
||||||
|
# IPPROTO_TCP = 6
|
||||||
|
# TCP_KEEPIDLE = 4
|
||||||
|
- level: 6
|
||||||
|
name: 4
|
||||||
|
int_value: 60
|
||||||
|
state: STATE_LISTENING
|
||||||
|
# TCP_KEEPINTVL = 5
|
||||||
|
- level: 6
|
||||||
|
name: 5
|
||||||
|
int_value: 60
|
||||||
|
state: STATE_LISTENING
|
||||||
|
{{- end }}
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-kiam
|
name: kubezero-kiam
|
||||||
description: KubeZero Umbrella Chart for Kiam
|
description: KubeZero Umbrella Chart for Kiam
|
||||||
type: application
|
type: application
|
||||||
version: 0.2.10
|
version: 0.2.11
|
||||||
appVersion: 3.6
|
appVersion: 3.6
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{{- if .Values.annotateKubeSystemNameSpace }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -63,3 +64,4 @@ spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
annotateKubeSystemNameSpace: false
|
||||||
|
|
||||||
kiam:
|
kiam:
|
||||||
enabled: true
|
enabled: true
|
||||||
server:
|
server:
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-logging
|
name: kubezero-logging
|
||||||
description: KubeZero Umbrella Chart for complete EFK stack
|
description: KubeZero Umbrella Chart for complete EFK stack
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.5
|
version: 0.3.6
|
||||||
appVersion: 1.2.1
|
appVersion: 1.2.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
|
|
@ -2,7 +2,7 @@ kubezero-logging
|
||||||
================
|
================
|
||||||
KubeZero Umbrella Chart for complete EFK stack
|
KubeZero Umbrella Chart for complete EFK stack
|
||||||
|
|
||||||
Current chart version is `0.3.5`
|
Current chart version is `0.3.6`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
|
|
@ -70,6 +70,7 @@ fluentd:
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
|
|
||||||
output:
|
output:
|
||||||
|
# Default should be "logging-kubezero-logging-es-http" if fullnameOverride is NOT used
|
||||||
host: logging-es-http
|
host: logging-es-http
|
||||||
|
|
||||||
shared_key: "cloudbender"
|
shared_key: "cloudbender"
|
||||||
|
@ -78,6 +79,7 @@ fluentd:
|
||||||
OUTPUT_USER: elastic
|
OUTPUT_USER: elastic
|
||||||
OUTPUT_SSL_VERIFY: "false"
|
OUTPUT_SSL_VERIFY: "false"
|
||||||
|
|
||||||
|
# Same here the secret names change if fullnameOverride is not used !!
|
||||||
extraEnvVars:
|
extraEnvVars:
|
||||||
- name: OUTPUT_PASSWORD
|
- name: OUTPUT_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
@ -8,7 +8,7 @@ function wait_for() {
|
||||||
local TRIES=0
|
local TRIES=0
|
||||||
while true; do
|
while true; do
|
||||||
$@ && break
|
$@ && break
|
||||||
[ $TRIES -eq 100 ] && return 1
|
[ $TRIES -eq 200 ] && return 1
|
||||||
let TRIES=$TRIES+1
|
let TRIES=$TRIES+1
|
||||||
sleep 3
|
sleep 3
|
||||||
done
|
done
|
||||||
|
@ -60,12 +60,15 @@ EOF
|
||||||
wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
|
wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
|
||||||
wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
|
wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
|
||||||
kubectl wait --for=condition=Ready -n kube-system Issuer/kubezero-local-ca-issuer
|
kubectl wait --for=condition=Ready -n kube-system Issuer/kubezero-local-ca-issuer
|
||||||
kubectl wait --for=condition=Ready ClusterIssuer/letsencrypt-dns-prod
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Make sure kube-system is allowed to kiam
|
||||||
|
kubectl annotate --overwrite namespace kube-system 'iam.amazonaws.com/permitted=.*'
|
||||||
|
|
||||||
# Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
|
# Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
|
||||||
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
||||||
|
kubectl wait --for=condition=Ready -n kube-system certificates/kiam-server
|
||||||
|
|
||||||
# Now lets make sure kiam is working
|
# Now lets make sure kiam is working
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml
|
||||||
|
@ -79,12 +82,10 @@ EOF
|
||||||
wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
|
wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
|
||||||
kubectl rollout status deployment -n istio-operator istio-operator
|
kubectl rollout status deployment -n istio-operator istio-operator
|
||||||
|
|
||||||
# Todo: Now we need to wait till all is synced and healthy ... argocd cli or kubectl ?
|
# Metrics
|
||||||
# Wait for aws-ebs or kiam to be all ready, or all pods running ?
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-6.yaml > generated-values.yaml
|
||||||
|
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
|
||||||
# Todo:
|
wait_for kubectl get crds servicemonitors.monitoring.coreos.com 2>/dev/null 1>&2
|
||||||
# - integrate Prometheus-Grafana
|
|
||||||
# - integrate ES based logging
|
|
||||||
|
|
||||||
# Finally we could enable the actual config and deploy all
|
# Finally we could enable the actual config and deploy all
|
||||||
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > generated-values.yaml
|
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > generated-values.yaml
|
||||||
|
|
|
@ -8,7 +8,7 @@ kubezero:
|
||||||
values:
|
values:
|
||||||
network: {{ default "vxlan" .Values.calico.network }}
|
network: {{ default "vxlan" .Values.calico.network }}
|
||||||
mtu: {{ default "8941" .Values.calico.mtu }}
|
mtu: {{ default "8941" .Values.calico.mtu }}
|
||||||
prometheus: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
prometheus: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
cert-manager:
|
cert-manager:
|
||||||
enabled: {{ index .Values "cert-manager" "enabled" }}
|
enabled: {{ index .Values "cert-manager" "enabled" }}
|
||||||
values:
|
values:
|
||||||
|
@ -56,11 +56,11 @@ kubezero:
|
||||||
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
|
||||||
prometheus:
|
prometheus:
|
||||||
servicemonitor:
|
servicemonitor:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
agent:
|
agent:
|
||||||
prometheus:
|
prometheus:
|
||||||
servicemonitor:
|
servicemonitor:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
|
|
||||||
{{- if and .Values.kiam.enabled .Values.kiam.ready }}
|
{{- if and .Values.kiam.enabled .Values.kiam.ready }}
|
||||||
# AWS only components
|
# AWS only components
|
||||||
|
@ -146,7 +146,7 @@ kubezero:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
prometheus: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
prometheus: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
|
|
||||||
{{- if .Values.logging.es.s3Snapshot }}
|
{{- if .Values.logging.es.s3Snapshot }}
|
||||||
s3Snapshot:
|
s3Snapshot:
|
||||||
|
@ -166,8 +166,16 @@ kubezero:
|
||||||
fluentd:
|
fluentd:
|
||||||
enabled: {{ .Values.logging.fluentd.enabled }}
|
enabled: {{ .Values.logging.fluentd.enabled }}
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
url: {{ .Values.logging.fluentd.url }}
|
url: {{ .Values.logging.fluentd.url }}
|
||||||
|
{{- if .Values.logging.fluentd.output }}
|
||||||
|
output:
|
||||||
|
host: {{ .Values.logging.fluentd.output.host }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.logging.fluentd.extraEnvVars }}
|
||||||
|
extraEnvVars:
|
||||||
|
{{- toYaml .Values.logging.fluentd.extraEnvVars | nindent 10 }}
|
||||||
|
{{- end }}
|
||||||
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled .Values.istio.ready }}
|
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled .Values.istio.ready }}
|
||||||
istio:
|
istio:
|
||||||
{{- with .Values.logging.fluentd.istio }}
|
{{- with .Values.logging.fluentd.istio }}
|
||||||
|
@ -178,7 +186,7 @@ kubezero:
|
||||||
fluent-bit:
|
fluent-bit:
|
||||||
enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
|
enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
{{- if index .Values.logging "fluent-bit" "config" }}
|
{{- if index .Values.logging "fluent-bit" "config" }}
|
||||||
config:
|
config:
|
||||||
{{- with index .Values.logging "fluent-bit" "config" }}
|
{{- with index .Values.logging "fluent-bit" "config" }}
|
||||||
|
@ -189,13 +197,13 @@ kubezero:
|
||||||
argo-cd:
|
argo-cd:
|
||||||
controller:
|
controller:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
repoServer:
|
repoServer:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
server:
|
server:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ default .Values.metrics.enabled .Values.metrics.ready }}
|
enabled: {{ and .Values.metrics.enabled .Values.metrics.ready }}
|
||||||
{{- with index .Values "argo-cd" "server" }}
|
{{- with index .Values "argo-cd" "server" }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -4,3 +4,6 @@ istio:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
ready: false
|
ready: false
|
||||||
|
|
||||||
|
logging:
|
||||||
|
enabled: false
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
ready: false
|
||||||
|
|
||||||
|
logging:
|
||||||
|
enabled: false
|
Loading…
Reference in New Issue