ZeroDownTime
/
kubezero
3
0
Fork 0
Code Issues 1 Pull Requests 24 Releases Wiki Activity

Improved Logging/ ArgoCD & Istio version bump #26

Merged
stefan merged 12 commits from master into stable 2020-10-06 23:29:04 +00:00
Conversation 0 Commits 12 Files Changed 37 +7123 -5354
37 changed files with 7123 additions and 5354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
charts/kubezero-argo-cd/Chart.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v2
description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
name: kubezero-argo-cd
version: 0.5.3
version: 0.5.6
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -10,12 +10,11 @@ keywords:
- gitops
maintainers:
- name: Quarky9
dependencies:
dependencies:
- name: kubezero-lib
version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/
- name: argo-cd
version: 2.7.0
version: 2.8.0
repository: https://argoproj.github.io/argo-helm
kubeVersion: ">= 1.16.0"
kubeVersion: ">= 1.17.0"

24
charts/kubezero-argo-cd/README.md
View File

@ -1,25 +1,33 @@
kubezero-argo-cd
================
# kubezero-argo-cd
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square)
KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
Current chart version is `0.5.3`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
| https://argoproj.github.io/argo-helm | argo-cd | 2.7.0 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| argo-cd.controller.args.appResyncPeriod | string | `"300"` | |
| argo-cd.controller.args.operationProcessors | string | `"1"` | |
| argo-cd.controller.args.statusProcessors | string | `"2"` | |
| argo-cd.controller.args.operationProcessors | string | `"2"` | |
| argo-cd.controller.args.statusProcessors | string | `"4"` | |
| argo-cd.controller.metrics.enabled | bool | `false` | |
| argo-cd.controller.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |

10
charts/kubezero-argo-cd/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

5
charts/kubezero-argo-cd/values.yaml
View File

@ -31,13 +31,14 @@ argo-cd:
global:
image:
tag: v1.7.5
tag: v1.7.7
controller:
args:
statusProcessors: "4"
operationProcessors: "2"
appResyncPeriod: "300"
# logFormat: json
metrics:
enabled: false
@ -62,6 +63,7 @@ argo-cd:
memory: 256Mi
repoServer:
# logFormat: json
metrics:
enabled: false
serviceMonitor:
@ -77,6 +79,7 @@ argo-cd:
effect: NoSchedule
server:
# logFormat: json
config:
# argo-cd.server.config.url -- ArgoCD hostname to be exposed via Istio
url: argocd.example.com

27
charts/kubezero-aws-ebs-csi-driver/README.md
View File

@ -1,12 +1,25 @@
kubezero-aws-ebs-csi-driver
===========================
# kubezero-aws-ebs-csi-driver
![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
KubeZero Umbrella Chart for aws-ebs-csi-driver
Current chart version is `0.3.1`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Source Code
* <https://github.com/kubernetes-sigs/aws-ebs-csi-driver>
* <https://github.com/Zero-Down-Time/kubezero>
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -23,7 +36,7 @@ podAnnotations:
By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
This class is by default also set as default storage class.
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -34,7 +47,7 @@ This class is by default also set as default storage class.
| aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` | |
| aws-ebs-csi-driver.extraVolumeTags | object | `{}` | Optional tags to be added to each EBS volume |
| aws-ebs-csi-driver.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
| aws-ebs-csi-driver.podAnnotations | object | `{}` | iam.amazonaws.com/role: <IAM role ARN> to assume |
| aws-ebs-csi-driver.replicaCount | int | `1` | |
| aws-ebs-csi-driver.tolerations[0].effect | string | `"NoSchedule"` | |
| aws-ebs-csi-driver.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |

10
charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

25
charts/kubezero-aws-efs-csi-driver/README.md
View File

@ -1,12 +1,25 @@
kubezero-aws-efs-csi-driver
===========================
# kubezero-aws-efs-csi-driver
![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
KubeZero Umbrella Chart for aws-efs-csi-driver
Current chart version is `0.1.1`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Source Code
* <https://github.com/Zero-Down-Time/kubezero>
* <https://github.com/kubernetes-sigs/aws-efs-csi-driver>
## Requirements
Kubernetes: `>=1.16.0-0`
| Repository | Name | Version |
|------------|------|---------|
@ -16,7 +29,7 @@ Source code can be found [here](https://kubezero.com)
Optionally creates the *efs-cs* storage class.
Could also be made the default storage class if requested.
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|

10
charts/kubezero-aws-efs-csi-driver/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

28
charts/kubezero-calico/README.md
View File

@ -1,12 +1,20 @@
kubezero-calico
===============
# kubezero-calico
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.1](https://img.shields.io/badge/AppVersion-v3.16.1-informational?style=flat-square)
KubeZero Umbrella Chart for Calico
Current chart version is `0.2.0`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -15,15 +23,15 @@ Source code can be found [here](https://kubezero.com)
## KubeZero default configuration
## AWS
The setup is based on the upstream calico-vxlan config from
The setup is based on the upstream calico-vxlan config from
`https://docs.projectcalico.org/v3.15/manifests/calico-vxlan.yaml`
### Changes
- VxLAN set to Always to not expose cluster communication to VPC
- VxLAN set to Always to not expose cluster communication to VPC
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
-> No need to disable source/destination check on EC2 instances
-> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic
-> No need to disable source/destination check on EC2 instances
-> Prepared for optional WireGuard encryption for all inter node traffic
- MTU set to 8941
@ -34,7 +42,7 @@ The setup is based on the upstream calico-vxlan config from
- Set FELIX log level to warning
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|

10
charts/kubezero-calico/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

20
charts/kubezero-cert-manager/README.md
View File

@ -1,12 +1,20 @@
kubezero-cert-manager
=====================
# kubezero-cert-manager
![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager
Current chart version is `0.3.6`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -23,7 +31,7 @@ cert-manager.podAnnotations:
## Resolver Secrets
If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers.
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|

10
charts/kubezero-cert-manager/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

2
charts/kubezero-istio/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
istioctl
istio-*

4
charts/kubezero-istio/Chart.yaml
View File

@ -2,8 +2,8 @@ apiVersion: v2
name: kubezero-istio
description: KubeZero Umbrella Chart for Istio
type: application
version: 0.3.3
appVersion: 1.7.1
version: 0.3.4
appVersion: 1.7.3
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

21
charts/kubezero-istio/README.md
View File

@ -1,15 +1,22 @@
kubezero-istio
==============
# kubezero-istio
![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.3](https://img.shields.io/badge/AppVersion-1.7.3-informational?style=flat-square)
KubeZero Umbrella Chart for Istio
Installs Istio Operator and KubeZero Istio profile
**Homepage:** <https://kubezero.com>
Current chart version is `0.3.3`
## Maintainers
Source code can be found [here](https://kubezero.com)
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Chart Requirements
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -19,7 +26,7 @@ Source code can be found [here](https://kubezero.com)
## KubeZero default configuration
- mapped istio-operator to run on the controller nodes only
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -30,7 +37,7 @@ Source code can be found [here](https://kubezero.com)
| ingress.replicaCount | int | `2` | |
| ingress.type | string | `"NodePort"` | |
| istio-operator.hub | string | `"docker.io/istio"` | |
| istio-operator.tag | string | `"1.7.1"` | |
| istio-operator.tag | string | `"1.7.3"` | |
| istiod.autoscaleEnabled | bool | `false` | |
| istiod.replicaCount | int | `1` | |

9
charts/kubezero-istio/README.md.gotmpl
View File

@ -1,12 +1,17 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
Installs Istio Operator and KubeZero Istio profile
{{ template "chart.homepageLine" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

7
charts/kubezero-istio/templates/ingress-gateway.yaml
View File

@ -76,7 +76,12 @@ spec:
- port:
number: 24224
name: fluentd-forward
protocol: TCP
protocol: TLS
hosts:
{{- toYaml .Values.ingress.dnsNames | nindent 4 }}
tls:
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
credentialName: public-ingress-cert
{{- end }}

11827
charts/kubezero-istio/templates/istio-base.yaml
View File

File diff suppressed because it is too large Load Diff

10
charts/kubezero-istio/templates/istio-private-ingress.yaml
View File

@ -30,13 +30,13 @@ spec:
name: istio-private-ingressgateway
{{- end }}
env:
{{- if .Values.ingress.private.http10 }}
- name: ISTIO_META_HTTP10
value: '"1"'
{{- end }}
# https://github.com/istio/istio/issues/26524, not in 1.7 either
#- name: TERMINATION_DRAIN_DURATION_SECONDS
# value: "60"
- name: ISTIO_META_HTTP10
value: '"1"'
- name: ISTIO_META_ROUTER_MODE
value: standard
#- name: ISTIO_META_IDLE_TIMEOUT
# value: "3600s"
{{- if eq .Values.ingress.type "NodePort" }}
@ -46,7 +46,7 @@ spec:
resources:
limits:
# cpu: 2000m
memory: 1024Mi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi

17
charts/kubezero-istio/templates/istio.yaml
View File

@ -27,13 +27,13 @@ spec:
name: istio-ingressgateway
{{- end }}
env:
{{- if .Values.ingress.http10 }}
- name: ISTIO_META_HTTP10
value: '"1"'
{{- end }}
# https://github.com/istio/istio/issues/26524, not in 1.7 !
#- name: TERMINATION_DRAIN_DURATION_SECONDS
# value: "60"
- name: ISTIO_META_HTTP10
value: '"1"'
- name: ISTIO_META_ROUTER_MODE
value: standard
#- name: ISTIO_META_IDLE_TIMEOUT
# value: "3600s"
{{- if eq .Values.ingress.type "NodePort" }}
@ -43,7 +43,7 @@ spec:
resources:
limits:
#cpu: 2000m
memory: 1024Mi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
@ -75,6 +75,13 @@ spec:
requests:
cpu: 100m
memory: 128Mi
env:
- name: PILOT_ENABLE_MYSQL_FILTER
value: "true"
- name: PILOT_ENABLE_REDIS_FILTER
value: "true"
- name: PILOT_HTTP10
value: "true"
policy:
enabled: true
k8s:

19
charts/kubezero-istio/update.sh
View File

@ -1,21 +1,26 @@
#!/bin/bash
set -ex
ISTIO_VERSION=1.7.1
export ISTIO_VERSION=1.7.3
NAME="istio-$ISTIO_VERSION"
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
if [ ! -d istio-$ISTIO_VERSION ]; then
NAME="istio-$ISTIO_VERSION"
URL="https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
curl -sL "$URL" | tar xz
curl -sL "$URL" | tar xz
fi
# Now lets extract what we need
rm -rf charts/istio-operator
cp -r istio-${ISTIO_VERSION}/manifests/charts/istio-operator charts
rm -rf istio-${ISTIO_VERSION}
# Apply our patch
patch -i istio-operator.patch -p0
[ -x istioctl ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
# Extract base / CRDs from istioctl into plain manifest to workaround chicken egg problem with CRDs
istioctl manifest generate --set profile=empty --set components.base.enabled=true > templates/istio-base.yaml
./istioctl manifest generate --set profile=empty --set components.base.enabled=true > templates/istio-base.yaml
# Remove double CRD
patch -i istio-base.patch -p3

2
charts/kubezero-istio/values.yaml
View File

@ -14,4 +14,4 @@ ingress:
istio-operator:
hub: docker.io/istio
tag: 1.7.1
tag: 1.7.3

35
charts/kubezero-kiam/README.md
View File

@ -1,12 +1,20 @@
kubezero-kiam
=============
# kubezero-kiam
![Version: 0.2.11](https://img.shields.io/badge/Version-0.2.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.6](https://img.shields.io/badge/AppVersion-3.6-informational?style=flat-square)
KubeZero Umbrella Chart for Kiam
Current chart version is `0.2.10`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -20,21 +28,22 @@ Therefore we also change the default port from 443 to 6444 to not collide with t
Make sure any firewall rules between controllers and workers are adjusted accordingly.
## Kiam Certificates
The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.
[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)
The required certificates for Kiam server and agents are provided by a local cert-manager, which is configured to have a cluster local self-signing CA as part of the KubeZero platform.
[Kiam TLS Config](https://github.com/uswitch/kiam/blob/master/docs/TLS.md#cert-manager)
[KubeZero cert-manager](../kubezero-cert-manager/README.md)
## Metadata restrictions
Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.
By default all access to the meta-data service is blocked, expect for:
Some services require access to some basic AWS information. One example is the `aws-ebs-csi` controller.
By default all access to the meta-data service is blocked, expect for:
- `/latest/meta-data/instance-id`
- `/latest/dynamic/instance-identity/document`
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| annotateKubeSystemNameSpace | bool | `false` | |
| kiam.agent.gatewayTimeoutCreation | string | `"5s"` | |
| kiam.agent.host.interface | string | `"cali+"` | |
| kiam.agent.host.iptables | bool | `false` | |
@ -57,7 +66,7 @@ By default all access to the meta-data service is blocked, expect for:
| kiam.agent.updateStrategy | string | `"RollingUpdate"` | |
| kiam.agent.whiteListRouteRegexp | string | `"^/latest/(meta-data/instance-id|dynamic)"` | |
| kiam.enabled | bool | `true` | |
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
| kiam.server.assumeRoleArn | string | `""` | kiam server IAM role to assume, required as we run the agents next to the servers normally, eg. arn:aws:iam::123456789012:role/kiam-server-role |
| kiam.server.deployment.enabled | bool | `true` | |
| kiam.server.deployment.replicas | int | `1` | |
| kiam.server.image.tag | string | `"v3.6"` | |
@ -83,8 +92,8 @@ By default all access to the meta-data service is blocked, expect for:
| kiam.server.useHostNetwork | bool | `true` | |
## Debugging
- Verify iptables rules on hosts to be set by the kiam agent:
`iptables -L -t nat -n --line-numbers`
- Verify iptables rules on hosts to be set by the kiam agent:
`iptables -L -t nat -n --line-numbers`
`iptables -t nat -D PREROUTING <wrong rule>`
## Resources

10
charts/kubezero-kiam/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

28
charts/kubezero-local-volume-provisioner/README.md
View File

@ -1,19 +1,37 @@
kubezero-local-volume-provisioner
=================================
# kubezero-local-volume-provisioner
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square)
KubeZero Umbrella Chart for local-static-provisioner
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
Current chart version is `0.1.0`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | |
| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | |
| local-static-provisioner.common.namespace | string | `"kube-system"` | |
| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` | |
| local-static-provisioner.prometheus.operator.enabled | bool | `false` | |
## KubeZero default configuration
- add nodeSelector to only install on nodes actually having ephemeral local storage

12
charts/kubezero-local-volume-provisioner/README.md.gotmpl
View File

@ -1,14 +1,22 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
## KubeZero default configuration
- add nodeSelector to only install on nodes actually having ephemeral local storage

2
charts/kubezero-logging/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-logging
description: KubeZero Umbrella Chart for complete EFK stack
type: application
version: 0.3.9
version: 0.4.0
appVersion: 1.2.1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

42
charts/kubezero-logging/README.md
View File

@ -1,12 +1,20 @@
kubezero-logging
================
# kubezero-logging
![Version: 0.3.9](https://img.shields.io/badge/Version-0.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.1](https://img.shields.io/badge/AppVersion-1.2.1-informational?style=flat-square)
KubeZero Umbrella Chart for complete EFK stack
Current chart version is `0.3.6`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -31,9 +39,8 @@ Source code can be found [here](https://kubezero.com)
### Kibana
- increased timeout to ES to 3 minutes
### FluentD
### FluentD
### Fluent-bit
- support for dedot Lua filter to replace "." with "_" for all annotations and labels
@ -45,8 +52,7 @@ Source code can be found [here](https://kubezero.com)
- setup Kibana
- create `logstash-*` Index Pattern
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -56,9 +62,9 @@ Source code can be found [here](https://kubezero.com)
| es.s3Snapshot.enabled | bool | `false` | |
| es.s3Snapshot.iamrole | string | `""` | |
| fluent-bit.config.filters | string | `"[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call reassemble_cri_logs\n\n[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name lua\n Match kube.*\n script /fluent-bit/etc/functions.lua\n call dedot\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 10\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n Refresh_Interval 60\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n Parser cri\n Tag kube.*\n Mem_Buf_Limit 16MB\n Skip_Long_Lines On\n Refresh_Interval 10\n Exclude_Path *.gz,*.zip\n DB /var/log/flb_kube.db\n DB.Sync Normal\n[INPUT]\n Name tail\n Path /var/log/kubernetes/audit.log\n Parser json\n Tag audit.api-server\n Mem_Buf_Limit 8MB\n Skip_Long_Lines On\n DB /var/log/flb_kube_audit.db\n DB.Sync Normal\n"` | |
| fluent-bit.config.lua | string | `"function dedot(tag, timestamp, record)\n if record[\"kubernetes\"] == nil then\n return 0, 0, 0\n end\n dedot_keys(record[\"kubernetes\"][\"annotations\"])\n dedot_keys(record[\"kubernetes\"][\"labels\"])\n return 1, timestamp, record\nend\n\nfunction dedot_keys(map)\n if map == nil then\n return\n end\n local new_map = {}\n local changed_keys = {}\n for k, v in pairs(map) do\n local dedotted = string.gsub(k, \"%.\", \"_\")\n if dedotted ~= k then\n new_map[dedotted] = v\n changed_keys[k] = true\n end\n end\n for k in pairs(changed_keys) do\n map[k] = nil\n end\n for k, v in pairs(new_map) do\n map[k] = v\n end\nend\n\nlocal reassemble_state = {}\n\nfunction reassemble_cri_logs(tag, timestamp, record)\n -- IMPORTANT: reassemble_key must be unique for each parser stream\n -- otherwise entries from different sources will get mixed up.\n -- Either make sure that your parser tags satisfy this or construct\n -- reassemble_key some other way\n local reassemble_key = tag\n -- if partial line, accumulate\n if record.logtag == 'P' then\n reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or \"\" .. record.message\n return -1, 0, 0\n end\n -- otherwise it's a full line, concatenate with accumulated partial lines if any\n record.message = reassemble_state[reassemble_key] or \"\" .. (record.message or \"\")\n reassemble_state[reassemble_key] = nil\n return 1, timestamp, record\nend\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n tls on\n tls.verify off\n Shared_Key cloudbender\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Match *\n Name forward\n Host logging-fluentd\n Port 24224\n"` | |
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 5\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
| fluent-bit.enabled | bool | `false` | |
| fluent-bit.serviceMonitor.enabled | bool | `true` | |
@ -67,9 +73,10 @@ Source code can be found [here](https://kubezero.com)
| fluent-bit.test.enabled | bool | `false` | |
| fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | |
| fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| fluentd.configMaps."filter.conf" | string | `"<filter kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n <transport tls>\n cert_path /mnt/fluentd-certs/tls.crt\n private_key_path /mnt/fluentd-certs/tls.key\n </transport>\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # Freaking ES jams under load and all is lost ...\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer>\n @type file\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n chunk_limit_size 16M\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
| fluentd.configMaps."filter.conf" | string | `"<filter disabled.kube.**>\n @type parser\n key_name message\n remove_key_name_field true\n reserve_data true\n # inject_key_prefix message_json.\n emit_invalid_record_to_error false\n <parse>\n @type json\n </parse>\n</filter>\n"` | |
| fluentd.configMaps."forward-input.conf" | string | `"<source>\n @type forward\n port 24224\n bind 0.0.0.0\n skip_invalid_event true\n send_keepalive_packet true\n <security>\n self_hostname \"#{ENV['HOSTNAME']}\"\n shared_key \"#{ENV['FLUENTD_SHARED_KEY']}\"\n </security>\n</source>\n"` | |
| fluentd.configMaps."general.conf" | string | `"<label @FLUENT_LOG>\n <match **>\n @type null\n </match>\n</label>\n<source>\n @type http\n port 9880\n bind 0.0.0.0\n keepalive_timeout 30\n</source>\n<source>\n @type monitor_agent\n bind 0.0.0.0\n port 24220\n tag fluentd.monitor.metrics\n</source>\n"` | |
| fluentd.configMaps."output.conf" | string | `"<match **>\n @id elasticsearch\n @type elasticsearch\n @log_level info\n include_tag_key true\n id_key id\n remove_keys id\n\n # KubeZero pipeline incl. GeoIP etc.\n # pipeline fluentd\n\n host \"#{ENV['OUTPUT_HOST']}\"\n port \"#{ENV['OUTPUT_PORT']}\"\n scheme \"#{ENV['OUTPUT_SCHEME']}\"\n ssl_version \"#{ENV['OUTPUT_SSL_VERSION']}\"\n ssl_verify \"#{ENV['OUTPUT_SSL_VERIFY']}\"\n user \"#{ENV['OUTPUT_USER']}\"\n password \"#{ENV['OUTPUT_PASSWORD']}\"\n\n log_es_400_reason\n logstash_format true\n reconnect_on_error true\n # reload_on_failure true\n request_timeout 15s\n suppress_type_name true\n\n <buffer tag>\n @type file_single\n path /var/log/fluentd-buffers/kubernetes.system.buffer\n flush_mode interval\n flush_thread_count 2\n flush_interval 30s\n flush_at_shutdown true\n retry_type exponential_backoff\n retry_timeout 60m\n overflow_action drop_oldest_chunk\n </buffer>\n</match>\n"` | |
| fluentd.enabled | bool | `false` | |
| fluentd.env.OUTPUT_SSL_VERIFY | string | `"false"` | |
| fluentd.env.OUTPUT_USER | string | `"elastic"` | |
@ -79,13 +86,8 @@ Source code can be found [here](https://kubezero.com)
| fluentd.extraEnvVars[1].name | string | `"FLUENTD_SHARED_KEY"` | |
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.key | string | `"shared_key"` | |
| fluentd.extraEnvVars[1].valueFrom.secretKeyRef.name | string | `"logging-fluentd-secret"` | |
| fluentd.extraVolumeMounts[0].mountPath | string | `"/mnt/fluentd-certs"` | |
| fluentd.extraVolumeMounts[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumeMounts[0].readOnly | bool | `true` | |
| fluentd.extraVolumes[0].name | string | `"fluentd-certs"` | |
| fluentd.extraVolumes[0].secret.secretName | string | `"fluentd-certificate"` | |
| fluentd.image.repository | string | `"quay.io/fluentd_elasticsearch/fluentd"` | |
| fluentd.image.tag | string | `"v3.0.4"` | |
| fluentd.image.tag | string | `"v2.9.0"` | |
| fluentd.istio.enabled | bool | `false` | |
| fluentd.metrics.enabled | bool | `false` | |
| fluentd.metrics.serviceMonitor.additionalLabels.release | string | `"metrics"` | |

10
charts/kubezero-logging/README.md.gotmpl
View File

@ -1,9 +1,15 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}

2
charts/kubezero-logging/templates/eck/elasticsearch.yaml
View File

@ -23,6 +23,8 @@ spec:
node.attr.zone: {{ .zone }}
cluster.routing.allocation.awareness.attributes: zone
{{- end }}
transport.compress: true
node.processors: {{ default 1 .processors }}
podTemplate:
{{- if $.Values.es.s3Snapshot.iamrole }}
metadata:

16
charts/kubezero-logging/templates/fluentd/fluentd-certificate.yaml
View File

@ -1,16 +0,0 @@
{{- if .Values.fluentd.enabled }}
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: fluentd-ingress-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
secretName: fluentd-certificate
issuerRef:
name: letsencrypt-dns-prod
kind: ClusterIssuer
dnsNames:
- "{{ .Values.fluentd.url }}"
{{- end }}

157
charts/kubezero-logging/values.yaml
View File

@ -92,28 +92,33 @@ fluentd:
name: logging-fluentd-secret
key: shared_key
extraVolumes:
- name: fluentd-certs
secret:
secretName: fluentd-certificate
extraVolumeMounts:
- name: fluentd-certs
mountPath: /mnt/fluentd-certs
readOnly: true
configMaps:
general.conf: |
<label @FLUENT_LOG>
<match **>
@type null
</match>
</label>
<source>
@type http
port 9880
bind 0.0.0.0
keepalive_timeout 30
</source>
<source>
@type monitor_agent
bind 0.0.0.0
port 24220
tag fluentd.monitor.metrics
</source>
forward-input.conf: |
<source>
@type forward
port 24224
bind 0.0.0.0
skip_invalid_event true
# Only for TCP not TLS
# send_keepalive_packet true
<transport tls>
cert_path /mnt/fluentd-certs/tls.crt
private_key_path /mnt/fluentd-certs/tls.key
</transport>
send_keepalive_packet true
<security>
self_hostname "#{ENV['HOSTNAME']}"
shared_key "#{ENV['FLUENTD_SHARED_KEY']}"
@ -161,53 +166,19 @@ fluentd:
</match>
filter.conf: |
<filter kube.**>
<filter disabled.kube.**>
@type parser
key_name message
remove_key_name_field true
reserve_data true
reserve_time true
# inject_key_prefix message_json.
emit_invalid_record_to_error false
<parse>
@type json
</parse>
</filter>
# <filter auth system.auth>
# @type parser
# key_name message
# reserve_data true
# reserve_time true
# <parse>
# @type grok
#
# # SSH
# <grok>
# pattern %{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user )?%{DATA:system.auth.user} from %{IPORHOST:system.auth.ip} port %{NUMBER:system.auth.port} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?
# </grok>
# <grok>
# pattern %{DATA:system.auth.ssh.event} user %{DATA:system.auth.user} from %{IPORHOST:system.auth.ip}
# </grok>
#
# # sudo
# <grok>
# pattern \s*%{DATA:system.auth.user} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}
# </grok>
#
# # Users
# <grok>
# pattern new group: name=%{DATA:system.auth.groupadd.name}, GID=%{NUMBER:system.auth.groupadd.gid}
# </grok>
# <grok>
# pattern new user: name=%{DATA:system.auth.useradd.name}, UID=%{NUMBER:system.auth.useradd.uid}, GID=%{NUMBER:system.auth.useradd.gid}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$
# </grok>
#
# <grok>
# pattern %{GREEDYDATA:message}
# </grok>
# </parse>
# </filter>
fluent-bit:
enabled: false
test:
@ -220,56 +191,56 @@ fluent-bit:
Name forward
Host logging-fluentd
Port 24224
tls on
tls.verify off
Shared_Key cloudbender
Send_options true
Require_ack_response true
customParsers: |
[PARSER]
Name cri-log
Format regex
Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<log>.*)$
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L%z
inputs: |
[INPUT]
Name tail
Path /var/log/containers/*.log
Parser cri
Tag kube.*
Mem_Buf_Limit 8MB
Parser cri-log
Tag cri.*
Mem_Buf_Limit 16MB
Skip_Long_Lines On
Refresh_Interval 10
Exclude_Path *.gz,*.zip
DB /var/log/flb_kube.db
DB.Sync Normal
[INPUT]
Name tail
Path /var/log/kubernetes/audit.log
Parser json
Tag audit.api-server
Mem_Buf_Limit 8MB
Skip_Long_Lines On
DB /var/log/flb_kube_audit.db
DB.Sync Normal
filters: |
[FILTER]
Name lua
Match kube.*
Match cri.*
script /fluent-bit/etc/functions.lua
call reassemble_cri_logs
[FILTER]
Name kubernetes
Match kube.*
Match cri.*
Merge_Log On
Merge_Log_Key kube
Kube_Tag_Prefix cri.var.log.containers.
Keep_Log Off
K8S-Logging.Parser On
K8S-Logging.Exclude On
K8S-Logging.Parser Off
K8S-Logging.Exclude Off
[FILTER]
Name lua
Match kube.*
script /fluent-bit/etc/functions.lua
call dedot
Name rewrite_tag
Match cri.*
Emitter_Name kube_tag_rewriter
Rule logtag F kube.$kubernetes['namespace_name'].$kubernetes['container_name'] false
service: |
[SERVICE]
Flush 5
Flush 1
Daemon Off
Log_Level warn
Parsers_File parsers.conf
@ -279,36 +250,6 @@ fluent-bit:
HTTP_Port 2020
lua: |
function dedot(tag, timestamp, record)
if record["kubernetes"] == nil then
return 0, 0, 0
end
dedot_keys(record["kubernetes"]["annotations"])
dedot_keys(record["kubernetes"]["labels"])
return 1, timestamp, record
end
function dedot_keys(map)
if map == nil then
return
end
local new_map = {}
local changed_keys = {}
for k, v in pairs(map) do
local dedotted = string.gsub(k, "%.", "_")
if dedotted ~= k then
new_map[dedotted] = v
changed_keys[k] = true
end
end
for k in pairs(changed_keys) do
map[k] = nil
end
for k, v in pairs(new_map) do
map[k] = v
end
end
local reassemble_state = {}
function reassemble_cri_logs(tag, timestamp, record)
@ -319,11 +260,11 @@ fluent-bit:
local reassemble_key = tag
-- if partial line, accumulate
if record.logtag == 'P' then
reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or "" .. record.message
reassemble_state[reassemble_key] = reassemble_state[reassemble_key] or "" .. record.log
return -1, 0, 0
end
-- otherwise it's a full line, concatenate with accumulated partial lines if any
record.message = reassemble_state[reassemble_key] or "" .. (record.message or "")
record.log = reassemble_state[reassemble_key] or "" .. (record.log or "")
reassemble_state[reassemble_key] = nil
return 1, timestamp, record
end

21
charts/kubezero-metrics/README.md
View File

@ -1,12 +1,20 @@
kubezero-metrics
================
# kubezero-metrics
![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for prometheus-operator
Current chart version is `0.1.4`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
@ -14,7 +22,7 @@ Source code can be found [here](https://kubezero.com)
| https://kubernetes-charts.storage.googleapis.com/ | prometheus-operator | 9.3.1 |
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -102,7 +110,6 @@ Source code can be found [here](https://kubezero.com)
| prometheus.istio.gateway | string | `"istio-system/ingressgateway"` | |
| prometheus.istio.url | string | `""` | |
# Dashboards
## Etcs

11
charts/kubezero-metrics/README.md.gotmpl
View File

@ -1,15 +1,20 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.versionLine" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.sourceLinkLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
{{ template "chart.valuesSection" . }}
# Dashboards
## Etcs

2
charts/kubezero-metrics/templates/istio-authorization-policy.yaml
View File

@ -24,9 +24,9 @@ spec:
hosts: ["{{ .Values.grafana.istio.url }}"]
{{- end }}
{{- end }}
---
{{- if .Values.prometheus.istio.enabled }}
{{- if .Values.prometheus.istio.ipBlocks }}
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:

2
charts/kubezero-metrics/templates/istio-service.yaml
View File

@ -15,8 +15,8 @@ spec:
- destination:
host: metrics-grafana
{{- end }}
---
{{- if .Values.prometheus.istio.enabled }}
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:

23
charts/kubezero/README.md
View File

@ -1,18 +1,26 @@
kubezero
========
# kubezero
![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
Current chart version is `0.4.5`
**Homepage:** <https://kubezero.com>
Source code can be found [here](https://kubezero.com)
## Maintainers
## Chart Requirements
| Name | Email | Url |
| ---- | ------ | --- |
| Quarky9 | | |
## Requirements
Kubernetes: `>= 1.16.0`
| Repository | Name | Version |
|------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
## Chart Values
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@ -34,3 +42,6 @@ Source code can be found [here](https://kubezero.com)
| metrics.enabled | bool | `false` | |
| metrics.namespace | string | `"monitoring"` | |
| platform | string | `"aws"` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)