andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/komodor/k8s-watcher/README.md

197 lines
25 KiB
Markdown
Raw Normal View History

Make charts
2022-07-17 12:15:02 +00:00
# Komodor.io
## TL;DR;
```bash
helm repo add komodorio https://helm-charts.komodor.io
helm repo update
helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey=YOUR_API_KEY_HERE --set watcher.clusterName=CLUSTER_NAME --set watcher.allowReadingPodLogs=true --set watcher.enableAgentTaskExecution=true --wait --timeout=90s
```
In case of error try contact us for assistance via intercom at: https://app.komodor.com
Or run:
1. Logs of k8s-watcher
```bash
kubectl logs --tail=10 deployment/k8s-watcher -n komodor
```
2. Helm status
```bash
helm status k8s-watcher
```
3. Reinstall
```bash
helm uninstall helm-k8s-watcher
```
## Introduction
This chart bootstraps a Kubernetes Resources/Event Watcher deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
### Supported architectures
- [x] linux/amd64
- [x] linux/arm64
## Prerequisites
- Kubernetes 1.16+ (older versions not tested)
- Helm 2/3
## Installing the Chart
To install the chart with the release name `k8s-watcher`:
```bash
helm upgrade --install k8s-watcher komodorio/k8s-watcher --create-namespace --set apiKey=YOUR_API_KEY_HERE --set watcher.clusterName=CLUSTER_NAME
```
The command deploys the Komodor K8S-Watcher on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Api Key
The Komodor kubernetes api key can be provided in the helm upgrade command, in the `values.yaml` file or can be taken from an existing kubernetes secret resource.
When using an existing kubernetes secret resource, specify the secret name in `existingSecret` and store the api key under the name 'apiKey'.
## Uninstalling the Chart
To uninstall/delete the `k8s-watcher` deployment:
Helm 3:
```bash
helm uninstall k8s-watcher
```
Helm 2:
```bash
helm delete --purge k8s-watcher
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Alternative: Install without Helm
To install the chart directly with kubectl, use the manifests located in `./kube-install`.
1. Make sure to set the apiKey (as base 64) secret value in `./kube-install/k8s-watcher/templates/secret-credentials.yaml`
- `KOMOKW_APIKEY=YOUR_APIKEY sed -i "s/YOUR_APIKEY_AS_BASE_64/$(echo $KOMOKW_APIKEY | base64)/g" kube-install/k8s-watcher/templates/secret-credentials.yaml`
2. Then just apply everything in order:
- `kubectl apply -f ./kube-install/k8s-watcher/templates/namespace.yaml`
- `kubectl apply -f ./kube-install/k8s-watcher/templates`
## Configuration
The following table lists the configurable parameters of the chart and their default values.
| Parameter | Description | Default |
|----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------------------------------------ |
| `apiKey` | Komodor kubernetes api key (required if `existingSecret` not specified) | `` |
| `existingSecret` | Existing kubernetes secret resource containing Komodor kubernetes apiKey (required if `apiKey` not specified) | `` |
| `watcher.redact` | List of regular expressions. Config values for keys that matches one of these expressions will show up at Komodor as "REDACTED:\<SHA of config value\>" | `[]` |
| `watcher.clusterName` | Override auto-discovery of Cluster Name with one of your choosing | `` |
| `watcher.watchNamespace` | Watch a specific namespace, or all namespaces ("", "all") | `all` |
| `watcher.namespacesDenylist` | Exclude specific namespaces (list) | `[]` |
| `watcher.nameDenylist` | Exclude specific resource names that contains any of these strings (list) - example: `` watcher.nameDenylist=["dont-watch"] --> `pod/backend-dont-watch` wont be collected `` | `[]` |
| `watcher.collectHistory` | On startup collect existing cluster resources in addition to watching new resources (true / false) | `true` |
| `watcher.sinks.webhook.enabled` | Enables a Webhook output | `true` |
| `watcher.sinks.webhook.url` | URL to send webhooks to | `https://app.komodor.io/k8s-events/event/` |
| `watcher.sinks.webhook.headers` | Headers to attach to the webhooks | `{}` |
| `watcher.resources.event` | Enables watching Event | `true` |
| `watcher.resources.deployment` | Enables watching Deployments | `true` |
| `watcher.resources.replicationController` | Enables watching ReplicationControllers | `true` |
| `watcher.resources.replicaSet` | Enables watching ReplicaSets | `true` |
| `watcher.resources.daemonSet` | Enables watching DaemonSets | `true` |
| `watcher.resources.statefulSet` | Enables watching StatefulSets | `true` |
| `watcher.resources.service` | Enables watching Services | `true` |
| `watcher.resources.pod` | Enables watching Pods | `true` |
| `watcher.resources.job` | Enables watching Jobs | `true` |
| `watcher.resources.node` | Enables watching Nodes | `true` |
| `watcher.resources.clusterRole` | Enables watching ClusterRoles | `true` |
| `watcher.resources.serviceAccount` | Enables watching ServiceAccounts | `true` |
| `watcher.resources.persistentVolume` | Enables watching PersistentVolumes | `true` |
| `watcher.resources.persistentVolumeClaim` | Enables watching PersistentVolumeClaims | `true` |
| `watcher.resources.namespace` | Enables watching Namespaces | `true` |
| `watcher.resources.secret` | Enables watching Secrets | `false` |
| `watcher.resources.configMap` | Enables watching ConfigMaps | `true` |
| `watcher.resources.ingress` | Enables watching Ingresses | `true` |
| `watcher.resources.storageClass` | Enables watching StorageClasses | `true` |
| `watcher.resources.rollout` | Enables watching Argo Rollouts | `true` |
| `watcher.resources.metrics` | Enables watching Metrics | `true` |
| `watcher.resources.limitRange` | Enables watching LimitRange | `true` |
| `watcher.resources.podTemplate` | Enables watching PodTemplate | `true` |
| `watcher.resources.resourceQuota` | Enables watching ResourceQuota | `true` |
| `watcher.resources.admissionRegistrationResources` | Enables watching MutatingWebhookConfigurations and ValidatingWebhookConfigurations | `true` |
| `watcher.resources.controllerRevision` | Enables watching ControllerRevision | `true` |
| `watcher.resources.authorizationResources` | Enables watching Authorization Resources | `true` |
| `watcher.resources.horizontalPodAutoscaler` | Enables watching HorizontalPodAutoscaler | `true` |
| `watcher.resources.certificateSigningRequest` | Enables watching CertificateSigningRequest | `true` |
| `watcher.resources.lease` | Enables watching Lease | `true` |
| `watcher.resources.endpointSlice` | Enables watching EndpointSlice | `true` |
| `watcher.resources.flowControlResources` | Enables watching FlowControl Resources | `true` |
| `watcher.resources.ingressClass` | Enables watching IngressClass | `true` |
| `watcher.resources.networkPolicy` | Enables watching NetworkPolicy | `true` |
| `watcher.resources.runtimeClass` | Enables watching RuntimeClass | `true` |
| `watcher.resources.policyResources` | Enables watching Policy Resources | `true` |
| `watcher.resources.clusterRoleBinding` | Enables watching ClusterRoleBinding | `true` |
| `watcher.resources.roleBinding` | Enables watching RoleBinding | `true` |
| `watcher.resources.role` | Enables watching Role | `true` |
| `watcher.resources.PriorityClass` | Enables watching PriorityClass | `true` |
| `watcher.resources.csiDriver` | Enables watching CSIDriver | `true` |
| `watcher.resources.csiNode` | Enables watching CSINode | `true` |
| `watcher.resources.csiStorageCapacity ` | Enables watching CSIStorageCapacity | `true` |
| `watcher.resources.volumeAttachment` | Enables watching VolumeAttachment | `true` |
| `watcher.servers.healthCheck.port` | Port of the health check
server | `8090` |
| `resources.requests.cpu` | CPU resource requests | `0.25` |
| `resources.limits.cpu` | CPU resource limits | `1` |
| `resources.requests.memory` | Memory resource requests | `256Mi` |
| `resources.limits.memory` | Memory resource limits | `4096Mi` |
| `image.repository` | Image registry/name | `docker.io/komodorio/k8s-watcher` |
| `image.tag` | Image tag | `0.1.10` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `serviceAccount.create` | Creates a service account | `true` |
| `serviceAccount.name` | Optional name for the service account | `{RELEASE_FULLNAME}` |
| `proxy.enabled` | Configure proxy for watcher | `true` |
| `proxy.http` | Configure Proxy setting (HTTP_PROXY) | `` |
| `proxy.https` | Configure Proxy setting (HTTPS_PROXY) | `` |
| `proxy.no_proxy` | Configure Proxy setting (NO_PROXY) | `` |
| `watcher.controller.resync.period` | Resync period (in minutes, minimum 5) to resync the state of selected controllers (deployment, daemonset, statefulset) | `"0"` |
| `watcher.enableAgentTaskExecution` | Enable to the agent to execute tasks in the cluster such as log streaming | `true` |
| `watcher.allowReadingPodLogs`. | Enable the agent to read pod logs from the cluster | `true` |
| `createNamespace` | Creates the namespace | `true` |
| `podAnnotations` | Adds custom annotations on the agent pod - Example: `--set podAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` |
| `deploymentAnnotations` | Adds custom annotations on the agent deployment - Example: `--set deploymentAnnotations."app\.komodor\.com/app"="komodor-agent"` | `{}` |
The above parameters map to a yaml configuration file used by the watcher.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
helm upgrade --install k8s-watcher komodorio/k8s-watcher --set apiKey="YOUR_API_KEY_HERE" --set watcher.enableAgentTaskExecution=true --set watcher.allowReadingPodLogs=true
```
Alternativly, you can pass the configuration as environment variables using the `KOMOKW_` prefix and by replacing all the `.` to `_`, for the root items the camelcase transforms into underscores as well. For example,
```bash
# apiKey
KOMOKW_API_KEY=1a2b3c4d5e6f7g7h
# watcher.resources.replicaSet
KOMOKW_RESOURCES_REPLICASET=false
# watcher.watchNamespace
KOMOKW_WATCH_NAMESPACE=my-namespace
# watcher.collectHistory
KOMOKW_COLLECT_HISTORY=true
```
> **Tip**: You can use the default [values.yaml](values.yaml)