openstack/magnum-capi-helm-charts

History

azimuth-ci-bot[bot] 872065536b Update prometheus-blackbox-exporter addon to 8.17.0 (#335 ) Co-authored-by: mkjpryor <642657+mkjpryor@users.noreply.github.com>		2024-06-04 17:58:58 +02:00
..
grafana-dashboards	Add blackbox exporter addon (#241 )	2024-02-03 16:41:14 +00:00
templates	Use kube-proxy replacement by default with Cilium (#343 )	2024-06-04 17:57:31 +02:00
.helmignore	Refactor addons back into their own chart	2022-10-12 22:04:59 +01:00
Chart.yaml	Refactor addons back into their own chart	2022-10-12 22:04:59 +01:00
README.md	Authentication/Authorization webhook integration (#91 )	2023-11-28 22:14:20 +00:00
values.yaml	Update prometheus-blackbox-exporter addon to 8.17.0 (#335 )	2024-06-04 17:58:58 +02:00

README.md

cluster-addons chart

This Helm chart manages the deployment of addons for a Kubernetes cluster deployed using Cluster API. It is a dependency of the cluster management charts from this repository, e.g. openstack-cluster.

Addons are managed using custom resources provided by the Cluster API Addon Provider, which must be installed. Please also read the documentation for the addon provider to see how addons are defined.

Container Network Interface (CNI) plugins
OpenStack integrations
Ingress controllers
Metrics server
Monitoring and logging

Container Network Interface (CNI) plugins

This chart can install either Calico or Cilium as a CNI plugin to provide the pod networking in a Kubernetes cluster. By default, the Calico CNI will be installed.

To switch the CNI to Cilium, use the following in your Helm values:

cni:
  type: cilium

And to disable the installation of a CNI completely:

cni:
  enabled: false

Additional configuration options are available for each - see values.yaml.

OpenStack integrations

Kubernetes allows cloud providers to provide various plugins to integrate with the underlying infrastructure, for example Cloud Controller Managers (CCMs), Container Storage Interface (CSI) implementations and authenticating webhooks.

This chart is able to deploy the CCM and the Cinder CSI plugin from the Kubernetes OpenStack cloud provider, which allows your Kubernetes cluster to integrate with the OpenStack cloud on which it is deployed. This enables features like automatic labelling of nodes with OpenStack information (e.g. server ID and flavor), automatic configuration of hostnames and IP addresses, managed load balancers for services and dynamic provisioning of RWO volumes.

By default, the OpenStack integrations are not enabled. To enable OpenStack integrations on the target cluster, use the following in your Helm values:

openstack:
  enabled: true

To configure options for the [Networking], [LoadBalancer], [BlockStorage] and [Metadata] sections of the cloud-config file, you can use Helm values, e.g.:

openstack:
  cloudConfig:
    Networking:
      public-network-name: public-internet
    LoadBalancer:
      lb-method: LEAST_CONNECTIONS
      create-monitor: true
    BlockStorage:
      ignore-volume-az: true
    Metadata:
      search-order: metadataService

The [Globals] section is populated such that the credential used by the OpenStackCluster object is also used by OpenStack integration on the cluster.

For the available options, consult the documentation for the CCM and the Cinder CSI plugin.

Additional configuration options are available for the OpenStack integrations - see values.yaml for more details.

Ingress controllers

Running an Ingress Controller on your Kubernetes cluster enables the use of Ingress resource to manage HTTP(S) traffic flowing in and out of the cluster. This allows your web applications to take advantage of load-balancing, name-based virtual hosting, path-based routing and TLS termination using the same declarative approach as other Kubernetes resources. When combined with a cert-manager issuer (see above) this provides an almost frictionless way to secure your web services.

It is possible to install multiple Ingress Controllers and select the preferred one for a particular Ingress resource using Ingress Classes.

This chart can install the Nginx Ingress Controller onto the target cluster.

The Nginx Ingress Controller is disabled by default. To enable it, use the following Helm values:

ingress:
  enabled: true

Metrics server

In order to use features like kubectl top to observe resource usage, and also to use Horizontal Pod Autoscalers, the metrics server must be installed.

This chart is able to install the metrics server, and it is enabled by default. To disable it, use the following Helm values:

metricsServer:
  enabled: false

Monitoring and logging

This chart is able to deploy a monitoring and logging stack using Prometheus, Grafana and Loki.

The monitoring stack is installed using the kube-prometheus-stack chart, which makes sure many useful exporters are installed and dashboards available for them. It also configures alerts for the cluster, but does not configure any alert sinks by default.

Loki is installed using the loki-stack chart, that also installs and configures promtail to ship logs to Loki. A simple dashboard is installed into the Grafana provided by kube-prometheus-stack to make the logs available for browsing.

The monitoring stack is not enabled by default. To enable it, use the following Helm values:

monitoring:
  enabled: true

By default, Grafana is only available from within the cluster and must be accessed using port forwarding:

kubectl -n monitoring-system port-forward svc/kube-prometheus-stack-grafana 3000:80

Keystone Authentication Webhook

The k8s-keystone-auth webhook can be installed by enabling the k8sKeystoneAuth subchart. Note that you will need to provide the auth url and project id for the Openstack tenant where you are deploying your cluster.

  k8sKeystoneAuth:
    enabled: true
    values:
      openstackAuthUrl: $OS_AUTH_URL
      projectId: $OS_PROJECT_ID