From c2e817040690d91275297571faeec8fbec9ceb2c Mon Sep 17 00:00:00 2001 From: Kaiwalya Joshi Date: Fri, 22 Jul 2022 09:25:25 -0700 Subject: [PATCH] feat: Release DKP-Insights v0.2.1 Relase DKP-Insights v0.2.1 --- hack/images.yaml | 7 + services/dkp-insights/0.2.1/defaults/cm.yaml | 1054 +++++++++++++++++ .../0.2.1/defaults/kustomization.yaml | 5 + services/dkp-insights/0.2.1/dkp-insights.yaml | 26 + .../dkp-insights/0.2.1/kustomization.yaml | 6 + 5 files changed, 1098 insertions(+) create mode 100644 services/dkp-insights/0.2.1/defaults/cm.yaml create mode 100644 services/dkp-insights/0.2.1/defaults/kustomization.yaml create mode 100644 services/dkp-insights/0.2.1/dkp-insights.yaml create mode 100644 services/dkp-insights/0.2.1/kustomization.yaml diff --git a/hack/images.yaml b/hack/images.yaml index 776cbdc..e8dad97 100644 --- a/hack/images.yaml +++ b/hack/images.yaml @@ -35,3 +35,10 @@ dkp-insights-0.2.0: - "docker.io/mesosphere/insights:v0.2.0" - "docker.io/chrislusf/seaweedfs:3.16" - "quay.io/fairwinds/polaris:5.1" +dkp-insights-0.2.1: + - "docker.io/bitnami/postgresql:11.14.0-debian-10-r28" + - "docker.io/bitnami/bitnami-shell:10-debian-10-r305" + - "docker.io/bitnami/postgres-exporter:0.10.0-debian-10-r172" + - "docker.io/mesosphere/insights:v0.2.1" + - "docker.io/chrislusf/seaweedfs:3.16" + - "quay.io/fairwinds/polaris:5.1" diff --git a/services/dkp-insights/0.2.1/defaults/cm.yaml b/services/dkp-insights/0.2.1/defaults/cm.yaml new file mode 100644 index 0000000..2846bb9 --- /dev/null +++ b/services/dkp-insights/0.2.1/defaults/cm.yaml @@ -0,0 +1,1054 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: dkp-insights-0.2.1-d2iq-defaults + namespace: ${releaseNamespace} +data: + values.yaml: | + image: + registry: "docker.io" + repository: "mesosphere/insights" + tag: "v0.2.1" + imagePullPolicy: "IfNotPresent" + backend: + webhookPort: "8080" + apiPort: "8090" + log_level: "INFO" + alertmanager: + db_channel_buffer_size: "16" + eventExpirationTime: "24h" + synchronous_view_details: false + resources: + limits: + cpu: "1000m" + memory: "512Mi" + requests: + cpu: "250m" + memory: "128Mi" + cleanup: + schedule: "@every 37m" + logLevel: "INFO" + insightsTTL: "168h" + eventsTTL: "168h" + alertsTTL: "168h" + rejectedAlertsTTL: "168h" + resolutionAggregatesTTL: "10000h" + # Database size after which Insights might become unoperational. + # Should be equal to or less than postgres.persistence.size + dbSizeLimit: 8Gi + resources: + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + initdb: + resources: + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + polaris: + enabled: true + schedule: "@every 37m" + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + image: + repository: "quay.io/fairwinds/polaris" + tag: "5.1" + pullPolicy: "IfNotPresent" + config: + # See https://github.com/FairwindsOps/polaris/blob/master/examples/config.yaml + checks: + # reliability + deploymentMissingReplicas: warning + priorityClassNotSet: ignore + tagNotSpecified: danger + pullPolicyNotAlways: warning + readinessProbeMissing: warning + livenessProbeMissing: warning + metadataAndNameMismatched: ignore + pdbDisruptionsIsZero: warning + missingPodDisruptionBudget: ignore + + # efficiency + cpuRequestsMissing: warning + cpuLimitsMissing: warning + memoryRequestsMissing: warning + memoryLimitsMissing: warning + # security + hostIPCSet: danger + hostPIDSet: danger + notReadOnlyRootFilesystem: warning + privilegeEscalationAllowed: danger + runAsRootAllowed: danger + runAsPrivileged: danger + dangerousCapabilities: danger + insecureCapabilities: warning + hostNetworkSet: danger + hostPortSet: warning + tlsSettingsMissing: warning + + exemptions: + - namespace: kube-system + controllerNames: + - kube-apiserver + - kube-proxy + - kube-scheduler + - etcd-manager-events + - kube-controller-manager + - kube-dns + - etcd-manager-main + rules: + - hostPortSet + - hostNetworkSet + - readinessProbeMissing + - livenessProbeMissing + - cpuRequestsMissing + - cpuLimitsMissing + - memoryRequestsMissing + - memoryLimitsMissing + - runAsRootAllowed + - runAsPrivileged + - notReadOnlyRootFilesystem + - hostPIDSet + + - controllerNames: + - kube-flannel-ds + rules: + - notReadOnlyRootFilesystem + - runAsRootAllowed + - notReadOnlyRootFilesystem + - readinessProbeMissing + - livenessProbeMissing + - cpuLimitsMissing + + - controllerNames: + - cert-manager + rules: + - notReadOnlyRootFilesystem + - runAsRootAllowed + - readinessProbeMissing + - livenessProbeMissing + + - controllerNames: + - cluster-autoscaler + rules: + - notReadOnlyRootFilesystem + - runAsRootAllowed + - readinessProbeMissing + + - controllerNames: + - vpa + rules: + - runAsRootAllowed + - readinessProbeMissing + - livenessProbeMissing + - notReadOnlyRootFilesystem + + - controllerNames: + - datadog + rules: + - runAsRootAllowed + - readinessProbeMissing + - livenessProbeMissing + - notReadOnlyRootFilesystem + + - controllerNames: + - nginx-ingress-controller + rules: + - privilegeEscalationAllowed + - insecureCapabilities + - runAsRootAllowed + + - controllerNames: + - dns-controller + - datadog-datadog + - kube-flannel-ds + - kube2iam + - aws-iam-authenticator + - datadog + - kube2iam + rules: + - hostNetworkSet + + - controllerNames: + - aws-iam-authenticator + - aws-cluster-autoscaler + - kube-state-metrics + - dns-controller + - external-dns + - dnsmasq + - autoscaler + - kubernetes-dashboard + - install-cni + - kube2iam + rules: + - readinessProbeMissing + - livenessProbeMissing + + - controllerNames: + - aws-iam-authenticator + - nginx-ingress-default-backend + - aws-cluster-autoscaler + - kube-state-metrics + - dns-controller + - external-dns + - kubedns + - dnsmasq + - autoscaler + - tiller + - kube2iam + rules: + - runAsRootAllowed + + - controllerNames: + - aws-iam-authenticator + - nginx-ingress-controller + - nginx-ingress-default-backend + - aws-cluster-autoscaler + - kube-state-metrics + - dns-controller + - external-dns + - kubedns + - dnsmasq + - autoscaler + - tiller + - kube2iam + rules: + - notReadOnlyRootFilesystem + + - controllerNames: + - cert-manager + - dns-controller + - kubedns + - dnsmasq + - autoscaler + - insights-agent-goldilocks-vpa-install + - datadog + rules: + - cpuRequestsMissing + - cpuLimitsMissing + - memoryRequestsMissing + - memoryLimitsMissing + + - controllerNames: + - kube2iam + - kube-flannel-ds + rules: + - runAsPrivileged + + - controllerNames: + - kube-hunter + rules: + - hostPIDSet + + - controllerNames: + - polaris + - kube-hunter + - goldilocks + - insights-agent-goldilocks-vpa-install + rules: + - notReadOnlyRootFilesystem + + - controllerNames: + - insights-agent-goldilocks-controller + rules: + - livenessProbeMissing + - readinessProbeMissing + + - controllerNames: + - insights-agent-goldilocks-vpa-install + - kube-hunter + rules: + - runAsRootAllowed + + # Additional exemptions for DKP 2.3 components. + # From an attached cluster in a default installation: + - controllerNames: + - kubecost-grafana + - kubecost-kube-state-metrics + - kubecost-prometheus-alertmanager + - kubecost-prometheus-server + - prereq-wait + rules: + - cpuLimitsMissing + - cpuRequestsMissing + - memoryLimitsMissing + - memoryRequestsMissing + - controllerNames: + - prereq-wait + rules: + - insecureCapabilities + - notReadOnlyRootFilesystem + - privilegeEscalationAllowed + - runAsRootAllowed + - controllerNames: + - kubecost-grafana + - kubecost-kube-state-metrics + - kubecost-prometheus-alertmanager + - kubecost-prometheus-server + - prereq-wait + rules: + - pullPolicyNotAlways + - controllerNames: + - kubecost-cost-analyzer + rules: + - cpuLimitsMissing + - memoryLimitsMissing + - controllerNames: + - kubecost-cost-analyzer + - kubecost-grafana + - kubecost-kube-state-metrics + - kubecost-prometheus-alertmanager + - kubecost-prometheus-server + rules: + - insecureCapabilities + - notReadOnlyRootFilesystem + - privilegeEscalationAllowed + - controllerNames: + - kubecost-cost-analyzer + - kubecost-grafana + - kubecost-kube-state-metrics + - kubecost-prometheus-alertmanager + - kubecost-prometheus-server + rules: + - deploymentMissingReplicas + - controllerNames: + - kubecost-cost-analyzer + rules: + - livenessProbeMissing + - tlsSettingsMissing + - controllerNames: + - kubecost-grafana + - kubecost-prometheus-alertmanager + - kubecost-prometheus-server + rules: + - livenessProbeMissing + - readinessProbeMissing + - controllerNames: + - kubecost-grafana + rules: + - tlsSettingsMissing + + # From a management cluster in a default installation: + - controllerNames: + - calico-kube-controllers + - calico-node + - calico-typha + - capa-controller-manager + - capi-controller-manager + - capi-kubeadm-bootstrap-controller-manager + - capi-kubeadm-control-plane-controller-manager + - capv-controller-manager + - capz-controller-manager + - cleanup-old-certificate + - cluster-autoscaler + - console + - delete-minio-operator-deployment + - dex-dex-controller + - dex-grpc-certs + - ebs-csi-controller + - ebs-csi-node + - gitea + - grafana-logging + - grafana-loki-loki-distributed-compactor + - grafana-loki-loki-distributed-distributor + - grafana-loki-loki-distributed-gateway + - grafana-loki-loki-distributed-ingester + - grafana-loki-loki-distributed-querier + - grafana-loki-loki-distributed-query-frontend + # It is karma-traefik-certs-{workspace}-cert-federation, + # but Polaris only matches a prefix + - karma-traefik-certs + - kubecost-traefik-certs + - prometheus-traefik-certs + - kommander-appmanagement + - kommander-cm + - kommander-flux-operator + - kommander-licensing-cm + - kube-oidc-proxy + - kube-prometheus-stack-grafana + - kube-prometheus-stack-kube-state-metrics + - kube-prometheus-stack-operator + - kube-prometheus-stack-prometheus-node-exporter + - kubernetes-dashboard + - logging-operator-logging-fluentd + - node-feature-discovery-master + - node-feature-discovery-worker + - prometheus-kube-prometheus-stack-prometheus + - snapshot-controller + - tigera-operator + - velero + - update-tenant-crd-metadata + rules: + - cpuLimitsMissing + - cpuRequestsMissing + - memoryLimitsMissing + - memoryRequestsMissing + - controllerNames: + - calico-kube-controllers + - calico-node + - calico-typha + - capa-controller-manager + - capi-controller-manager + - capi-kubeadm-bootstrap-controller-manager + - capi-kubeadm-control-plane-controller-manager + - capv-controller-manager + - capz-controller-manager + - cleanup-old-certificate + - cluster-observer + - delete-minio-operator-deployment + - dex + - dex-dex-controller + - dex-k8s-authenticator + - ebs-csi-controller + - ebs-csi-node + - gitea + - grafana-loki-minio-ss + # It is karma-traefik-certs-{workspace}-cert-federation, + # but Polaris only matches a prefix + - karma-traefik-certs + - kubecost-traefik-certs + - prometheus-traefik-certs + - kommander-fluent-bit + - kommander-flux-operator + - kommander-kommander-ui + - kommander-traefik + - kube-oidc-proxy + - kubetunnel + - logging-operator + - logging-operator-logging-fluentbit + - logging-operator-logging-fluentd + - snapshot-controller + - tigera-operator + - traefik-forward-auth + - traefik-forward-auth-mgmt + - velero + - update-tenant-crd-metadata + rules: + - insecureCapabilities + - notReadOnlyRootFilesystem + - privilegeEscalationAllowed + - runAsRootAllowed + - controllerNames: + - alertmanager-kube-prometheus-stack-alertmanager + - calico-kube-controllers + - calico-node + - calico-typha + - capa-controller-manager + - capi-controller-manager + - capi-kubeadm-bootstrap-controller-manager + - capi-kubeadm-control-plane-controller-manager + - cappp-controller-manager + - capv-controller-manager + - capz-controller-manager + - cert-manager + - cert-manager-cainjector + - cert-manager-webhook + - cleanup-old-certificate + - cluster-autoscaler + - cluster-observer-2360587938 + - cluster-observer-764580614 + - console + - coredns + - delete-minio-operator-deployment + - dex + - dex-dex-controller + - dex-grpc-certs + - dex-k8s-authenticator + - ebs-csi-controller + - ebs-csi-node + - gatekeeper-audit + - gatekeeper-controller-manager + - gitea-memcached + - gitea-postgresql + - grafana-logging + - grafana-loki-loki-distributed-compactor + - grafana-loki-loki-distributed-distributor + - grafana-loki-loki-distributed-gateway + - grafana-loki-loki-distributed-ingester + - grafana-loki-loki-distributed-querier + - grafana-loki-loki-distributed-query-frontend + - grafana-loki-minio-ss + - helm-controller + + # It is karma-traefik-certs-{workspace}-cert-federation, + # but Polaris only matches a prefix + - karma-traefik-certs + - kubecost-traefik-certs + - prometheus-traefik-certs + - kommander-appmanagement + - kommander-authorizedlister + - kommander-capimate + - kommander-cm + - kommander-flux-operator + - kommander-kommander-ui + - kommander-licensing-cm + - kommander-licensing-webhook + - kommander-reloader-reloader + - kommander-traefik + - kommander-webhook + - kube-oidc-proxy + - kube-prometheus-stack-grafana + - kube-prometheus-stack-kube-state-metrics + - kube-prometheus-stack-operator + - kube-prometheus-stack-prometheus-node-exporter + - kube-proxy + - kube-scheduler + - kubefed-admission-webhook + - kubefed-controller-manager + - kubetunnel + - kubetunnel-webhook + - kustomize-controller + - logging-operator + - logging-operator-logging-fluentbit + - logging-operator-logging-fluentd + - minio + - minio-operator + - node-feature-discovery-master + - node-feature-discovery-worker + - notification-controller + - prometheus-adapter + - prometheus-kube-prometheus-stack-prometheus + - snapshot-controller + - source-controller + - tigera-operator + - traefik-forward-auth + - traefik-forward-auth-mgmt + - velero + - update-tenant-crd-metadata + rules: + - pullPolicyNotAlways + - controllerNames: + - console + - dex-grpc-certs + - gitea-memcached + - gitea-postgresql + - grafana-logging + - kommander-appmanagement + - kommander-authorizedlister + - kommander-capimate + - kommander-cm + - kommander-licensing-cm + - kommander-licensing-webhook + - kommander-reloader-reloader + - kommander-webhook + - kube-prometheus-stack-grafana + - kube-prometheus-stack-kube-state-metrics + - kube-prometheus-stack-prometheus-node-exporter + - kubefed-admission-webhook + - kubefed-controller-manager + - kubetunnel-webhook + - minio + - minio-operator + - update-tenant-crd-metadata + rules: + - insecureCapabilities + - notReadOnlyRootFilesystem + - privilegeEscalationAllowed + - controllerNames: + - alertmanager-kube-prometheus-stack-alertmanager + - capa-controller-manager + - cluster-observer + - console + - dex + - dex-dex-controller + - ebs-csi-controller + - ebs-csi-node + - grafana-logging + - grafana-loki-loki-distributed-query-frontend + - grafana-loki-minio-ss + + # It is karma-traefik-certs-{workspace}-cert-federation, + # but Polaris only matches a prefix + - karma-traefik-certs + - kubecost-traefik-certs + - prometheus-traefik-certs + + - kommander-appmanagement + - kommander-authorizedlister + - kommander-cm + - kommander-flux-operator + - kommander-licensing-cm + - kube-prometheus-stack-grafana + - kube-prometheus-stack-operator + - kubetunnel + - logging-operator + - logging-operator-logging-fluentbit + - logging-operator-logging-fluentd + - minio + - minio-operator + - node-feature-discovery-worker + - prometheus-kube-prometheus-stack-prometheus + - snapshot-controller + - tigera-operator + - velero + rules: + - livenessProbeMissing + - readinessProbeMissing + - controllerNames: + - dex + - dex-k8s-authenticator + - gitea-memcached + - gitea-postgresql + - minio-operator + - traefik-forward-auth + - traefik-forward-auth-mgmt + rules: + - cpuLimitsMissing + - memoryLimitsMissing + - controllerNames: + - cluster-autoscaler + - grafana-loki-loki-distributed-compactor + - grafana-loki-loki-distributed-distributor + - grafana-loki-loki-distributed-gateway + - grafana-loki-loki-distributed-ingester + - grafana-loki-loki-distributed-querier + - kubefed-admission-webhook + rules: + - livenessProbeMissing + - controllerNames: + - dex + - dex-k8s-authenticator + - gitea + - grafana-logging + - kommander-kommander-ui + - kube-prometheus-stack-alertmanager + - kube-prometheus-stack-grafana + - kube-prometheus-stack-prometheus + - traefik-dashboard + - traefik-forward-auth + - traefik-forward-auth-mgmt + - velero-minio + - velero-minio-ssl + rules: + - tlsSettingsMissing + - controllerNames: + - cert-manager + - cert-manager-cainjector + - cert-manager-webhook + - cluster-autoscaler + - kube-proxy + - kube-scheduler + rules: + - insecureCapabilities + - privilegeEscalationAllowed + - controllerNames: + - kommander-fluent-bit + rules: + - cpuLimitsMissing + - runAsPrivileged + - controllerNames: + - calico-node + rules: + - hostNetworkSet + - runAsPrivileged + - controllerNames: + - logging-operator-logging-fluentbit + rules: + - cpuLimitsMissing + - controllerNames: + - ebs-csi-node + rules: + - runAsPrivileged + - controllerNames: + - kube-prometheus-stack-prometheus-node-exporter + rules: + - hostNetworkSet + - hostPIDSet + - hostPortSet + - controllerNames: + - calico-typha + rules: + - hostNetworkSet + - hostPortSet + - controllerNames: + - calico-kube-controllers + - capa-controller-manager + - capi-controller-manager + - capi-kubeadm-bootstrap-controller-manager + - capi-kubeadm-control-plane-controller-manager + - cappp-controller-manager + - capv-controller-manager + - capz-controller-manager + - cert-manager + - cert-manager-cainjector + - cert-manager-webhook + - cluster-autoscaler + - cluster-observer + - console + - dex + - dex-dex-controller + - dex-k8s-authenticator + - gatekeeper-audit + - gitea-memcached + - grafana-logging + - grafana-loki-loki-distributed-compactor + - grafana-loki-loki-distributed-distributor + - grafana-loki-loki-distributed-gateway + - grafana-loki-loki-distributed-query-frontend + - helm-controller + + # It is karma-traefik-certs-{workspace}-cert-federation, + # but Polaris only matches a prefix + - karma-traefik-certs + - kubecost-traefik-certs + - prometheus-traefik-certs + + - kommander-appmanagement + - kommander-authorizedlister + - kommander-cm + - kommander-flux-operator + - kommander-kommander-ui + - kommander-licensing-cm + - kommander-licensing-webhook + - kommander-reloader-reloader + - kommander-webhook + - kube-oidc-proxy + - kube-prometheus-stack-grafana + - kube-prometheus-stack-kube-state-metrics + - kube-prometheus-stack-operator + - kubefed-admission-webhook + - kubernetes-dashboard + - kubetunnel + - kubetunnel-webhook + - kustomize-controller + - logging-operator + - minio-operator + - node-feature-discovery-master + - notification-controller + - prometheus-adapter + - source-controller + - tigera-operator + - traefik-forward-auth + - traefik-forward-auth-mgmt + - velero + rules: + - deploymentMissingReplicas + - controllerNames: + - kube-oidc-proxy + rules: + - livenessProbeMissing + - tlsSettingsMissing + - controllerNames: + - kubernetes-dashboard + rules: + - insecureCapabilities + - tlsSettingsMissing + - controllerNames: + - kommander-traefik + rules: + - memoryLimitsMissing + - memoryRequestsMissing + - controllerNames: + - tigera-operator + rules: + - hostNetworkSet + - controllerNames: + - kommander-capimate + - kubefed-controller-manager + rules: + - readinessProbeMissing + - controllerNames: + - kube-prometheus-stack-operator + rules: + - insecureCapabilities + - controllerNames: + - coredns + rules: + - cpuLimitsMissing + - runAsRootAllowed + - controllerNames: + - cappp-controller-manager + rules: + - insecureCapabilities + - notReadOnlyRootFilesystem + + # Permanent exemptions for DKP Insights: + - controllerNames: + # The whole prefix is exempt: + - dkp-insights + rules: + # Insights do not use "latest" and never re-upload existings tags + # with different content + - pullPolicyNotAlways + # Most components are not running in HA by default + - deploymentMissingReplicas + # Kommander Traefik has its TLS configured globally + - tlsSettingsMissing + - controllerNames: + - dkp-insights-postgresql + rules: + # As of now, Postgres components write into /tmp in the root FS + - notReadOnlyRootFilesystem + # Temporary exemptions for DKP Insights: + - controllerNames: + - dkp-insights-management-mgmt-cm + - dkp-insights-backend-reforwarder + - dkp-insights-backend-deployment + - dkp-insights-resolution-cm + rules: + - livenessProbeMissing + - readinessProbeMissing + - controllerNames: + - dkp-insights-seaweedfs + rules: + - insecureCapabilities + - notReadOnlyRootFilesystem + - privilegeEscalationAllowed + - runAsRootAllowed + + + upload: + logLevel: "INFO" + resources: + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + + reforwarder: + resources: + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + resolutionCM: + resources: + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + objectstore: + initTTL: + image: + registry: "docker.io" + repository: "chrislusf/seaweedfs" + tag: "3.16" + imagePullPolicy: "IfNotPresent" + resources: + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + + postgresql: + global: + postgresql: + postgresqlDatabase: "dkp-insights" + # TODO@kjoshi: This value needs to be changed, and warrants discussion. + postgresqlPassword: "dkp-insights" + servicePort: 5432 + containerSecurityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - ALL + persistence: + # Check cleanup.dbSizeLimit when adjusting this value + size: 8Gi + resources: + limits: + memory: 256Mi + cpu: 250m + requests: + memory: 256Mi + cpu: 250m + seaweedfs: + nameOverride: "dkp-insights-seaweedfs" + global: + enableReplication: true + # NOTE: The misspelling of "Placment" is intentional here, and follows upstream values. + # Replication type is XYZ: + # X number of replica in other data centers + # Y number of replica in other racks in the same data center + # Z number of replica in other servers in the same rack + # Each of X,Y,Z is in the range of 0 <= X,Y,Z <= 2 + replicationPlacment: "002" + master: + port: 9333 + grpcPort: 19333 + volumeSizeLimitMB: "512" + storage: "2Gi" + resources: | + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + # Have an affinity towards filer is okay, but anti-affinity towards volumes and other masters. + affinity: | + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - seaweedfs + - key: component + operator: In + values: + - filer + topologyKey: topology.kubernetes.io/hostname + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - seaweedfs + - key: component + operator: In + values: + - volume + - key: component + operator: In + values: + - master + topologyKey: topology.kubernetes.io/hostname + nodeSelector: "" + volume: + port: 8080 + grpcPort: 18080 + metricsPort: 9327 + replicas: 3 + resources: | + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + # Have an anti-affinity towards filer and masters. + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - seaweedfs + - key: component + operator: In + values: + - volume + - key: component + operator: In + values: + - filer + - key: component + operator: In + values: + - master + topologyKey: topology.kubernetes.io/hostname + nodeSelector: "" + index: "leveldbMedium" + data: + type: "persistentVolumeClaim" + size: "8Gi" + idx: + type: "persistentVolumeClaim" + size: "1Gi" + logs: + type: "persistentVolumeClaim" + size: "1Gi" + filer: + enabled: true + port: 8888 + grpcPort: 18888 + metricsPort: 9327 + resources: | + limits: + cpu: "250m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + # Have an affinity towards master is okay, but anti-affinity towards volumes and other filers. + affinity: | + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - seaweedfs + - key: component + operator: In + values: + - master + topologyKey: topology.kubernetes.io/hostname + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - seaweedfs + - key: component + operator: In + values: + - volume + - key: component + operator: In + values: + - filer + topologyKey: topology.kubernetes.io/hostname + nodeSelector: "" + enablePVC: true + storage: "1Gi" + extraVolumes: | + - name: seaweedfs-filer-config + configMap: + name: {{ include "chart.insightsSeaweedFSCMName" . }} + items: + - key: filer.toml + path: filer.toml + extraVolumeMounts: | + - name: seaweedfs-filer-config + mountPath: "/etc/seaweedfs/filer.toml" + subPath: "filer.toml" + # NOTE: These env-vars below are needed, even when mysql and leveldb2 + # are disabled in filer.toml above. + extraEnvironmentVars: + WEED_MYSQL_ENABLED: "false" + WEED_LEVELDB2_ENABLED: "false" + s3: + enabled: true + port: 8333 diff --git a/services/dkp-insights/0.2.1/defaults/kustomization.yaml b/services/dkp-insights/0.2.1/defaults/kustomization.yaml new file mode 100644 index 0000000..fc85753 --- /dev/null +++ b/services/dkp-insights/0.2.1/defaults/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cm.yaml diff --git a/services/dkp-insights/0.2.1/dkp-insights.yaml b/services/dkp-insights/0.2.1/dkp-insights.yaml new file mode 100644 index 0000000..280dd3f --- /dev/null +++ b/services/dkp-insights/0.2.1/dkp-insights.yaml @@ -0,0 +1,26 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: dkp-insights + namespace: ${releaseNamespace} +spec: + chart: + spec: + chart: dkp-insights + sourceRef: + kind: HelmRepository + name: mesosphere.github.io-dkp-insights-charts-attached + namespace: ${workspaceNamespace} + version: v0.2.1 + interval: 15s + install: + remediation: + retries: 30 + upgrade: + remediation: + retries: 30 + valuesFrom: + - kind: ConfigMap + name: dkp-insights-0.2.1-d2iq-defaults + releaseName: dkp-insights + targetNamespace: ${releaseNamespace} diff --git a/services/dkp-insights/0.2.1/kustomization.yaml b/services/dkp-insights/0.2.1/kustomization.yaml new file mode 100644 index 0000000..faeba4c --- /dev/null +++ b/services/dkp-insights/0.2.1/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - dkp-insights.yaml + - ../../../helm-repositories/dkp-insights + - ../../../helm-repositories/dkp-insights-banzaicloud