9.7 KiB
9.7 KiB
A Helm chart for the Kuma Control Plane
Homepage: https://github.com/kumahq/kuma
Values
| Key | Type | Default | Description |
|---|---|---|---|
| global.image.registry | string | "docker.io/kumahq" |
Default registry for all Kuma Images |
| global.image.tag | string | nil |
The default tag for all Kuma images, which itself defaults to .Chart.AppVersion |
| patchSystemNamespace | bool | true |
Whether or not to patch the target namespace with the system label |
| installCrdsOnUpgrade | object | {"enabled":true,"imagePullSecrets":[]} |
Whether ot not install new CRDs before upgrade (if any were introduced with the new version of Kuma) |
| controlPlane.logLevel | string | "info" |
Kuma CP log level: one of off,info,debug |
| controlPlane.mode | string | "standalone" |
Kuma CP modes: one of standalone,zone,global |
| controlPlane.zone | string | nil |
Kuma CP zone, if running multizone |
| controlPlane.kdsGlobalAddress | string | "" |
Only used in zone mode |
| controlPlane.replicas | int | 1 |
Number of replicas of the Kuma CP. Ignored when autoscaling is enabled |
| controlPlane.autoscaling.enabled | bool | false |
Whether to enable Horizontal Pod Autoscaling, which requires the Metrics Server in the cluster |
| controlPlane.autoscaling.minReplicas | int | 2 |
The minimum CP pods to allow |
| controlPlane.autoscaling.maxReplicas | int | 5 |
The max CP pods to scale to |
| controlPlane.autoscaling.targetCPUUtilizationPercentage | int | 80 |
For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used |
| controlPlane.autoscaling.metrics | list | [{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}] |
For clusters that do support autoscaling/v2beta, use metrics |
| controlPlane.nodeSelector | object | {"kubernetes.io/arch":"amd64","kubernetes.io/os":"linux"} |
Node selector for the Kuma Control Plane pods |
| controlPlane.affinity | object | {} |
Affinity placement rule for the Kuma Control Plane pods |
| controlPlane.injectorFailurePolicy | string | "Fail" |
Failure policy of the mutating webhook implemented by the Kuma Injector component |
| controlPlane.service.name | string | nil |
Optionally override of the Kuma Control Plane Service's name |
| controlPlane.service.type | string | "ClusterIP" |
Service type of the Kuma Control Plane |
| controlPlane.service.annotations | object | {} |
Additional annotations to put on the Kuma Control Plane |
| controlPlane.globalZoneSyncService | object | {"annotations":{},"loadBalancerIP":null,"port":5685,"type":"LoadBalancer"} |
URL of Global Kuma CP |
| controlPlane.globalZoneSyncService.type | string | "LoadBalancer" |
Service type of the Global-zone sync |
| controlPlane.globalZoneSyncService.loadBalancerIP | string | nil |
Optionally specify IP to be used by cloud provider when configuring load balancer |
| controlPlane.globalZoneSyncService.annotations | object | {} |
Additional annotations to put on the Global Zone Sync Service |
| controlPlane.globalZoneSyncService.port | int | 5685 |
Port on which Global Zone Sync Service is exposed |
| controlPlane.defaults.skipMeshCreation | bool | false |
Whether or not to skip creating the default Mesh |
| controlPlane.resources | string | nil |
Optionally override the resource spec |
| controlPlane.tls.general.secretName | string | "" |
Secret that contains tls.crt, key.crt and ca.crt for protecting Kuma in-cluster communication |
| controlPlane.tls.general.caBundle | string | "" |
Base64 encoded CA certificate (the same as in controlPlane.tls.general.secret#ca.crt) |
| controlPlane.tls.apiServer.secretName | string | "" |
Secret that contains tls.crt, key.crt for protecting Kuma API on HTTPS |
| controlPlane.tls.apiServer.clientCertsSecretName | string | "" |
Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS |
| controlPlane.tls.kdsGlobalServer.secretName | string | "" |
Secret that contains tls.crt, key.crt for protecting cross cluster communication |
| controlPlane.tls.kdsZoneClient.secretName | string | "" |
Secret that contains ca.crt which was used to sign KDS Global server. Used for CP verification |
| controlPlane.image.pullPolicy | string | "IfNotPresent" |
Kuma CP ImagePullPolicy |
| controlPlane.image.repository | string | "kuma-cp" |
Kuma CP image repository |
| controlPlane.secrets | list of { Env: string, Secret: string, Key: string } | nil |
Secrets to add as environment variables, where Env is the name of the env variable, Secret is the name of the Secret, and Key is the key of the Secret value to use |
| controlPlane.envVars | object | {} |
Additional environment variables that will be passed to the control plane |
| controlPlane.webhooks.validator.additionalRules | string | "" |
Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. |
| controlPlane.webhooks.ownerReference.additionalRules | string | "" |
Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. |
| cni.enabled | bool | false |
Install Kuma with CNI instead of proxy init container |
| cni.chained | bool | false |
Install CNI in chained mode |
| cni.netDir | string | "/etc/cni/multus/net.d" |
Set the CNI install directory |
| cni.binDir | string | "/var/lib/cni/bin" |
Set the CNI bin directory |
| cni.confName | string | "kuma-cni.conf" |
Set the CNI configuration name |
| cni.logLevel | string | "info" |
CNI log level: one of off,info,debug |
| cni.nodeSelector | object | {"kubernetes.io/arch":"amd64","kubernetes.io/os":"linux"} |
Node Selector for the CNI pods |
| cni.image.registry | string | "docker.io" |
CNI image registry |
| cni.image.repository | string | "lobkovilya/install-cni" |
CNI image repository |
| cni.image.tag | string | "0.0.9" |
CNI image tag |
| dataPlane.image.repository | string | "kuma-dp" |
The Kuma DP image repository |
| dataPlane.image.pullPolicy | string | "IfNotPresent" |
Kuma DP ImagePullPolicy |
| dataPlane.initImage.repository | string | "kuma-init" |
The Kuma DP init image repository |
| ingress.enabled | bool | false |
If true, it deploys Ingress for cross cluster communication |
| ingress.drainTime | string | "30s" |
Time for which old listener will still be active as draining |
| ingress.replicas | int | 1 |
Number of replicas of the Ingress |
| ingress.service.type | string | "LoadBalancer" |
Service type of the Ingress |
| ingress.service.loadBalancerIP | string | nil |
Optionally specify IP to be used by cloud provider when configuring load balancer |
| ingress.service.annotations | object | {} |
Additional annotations to put on the Ingress service |
| ingress.service.port | int | 10001 |
Port on which Ingress is exposed |
| ingress.annotations | object | {} |
Additional deployment annotation |
| ingress.nodeSelector | object | {"kubernetes.io/arch":"amd64","kubernetes.io/os":"linux"} |
Node Selector for the Ingress pods |
| ingress.affinity | object | {} |
Affinity placement rule for the Kuma Ingress pods |
| kumactl.image.repository | string | "kumactl" |
The kumactl image repository |
| kubectl.image.registry | string | "bitnami" |
The kubectl image registry |
| kubectl.image.repository | string | "kubectl" |
The kubectl image repository |
| kubectl.image.tag | string | "1.20" |
The kubectl image tag |
| hooks.nodeSelector | object | {"kubernetes.io/arch":"amd64","kubernetes.io/os":"linux"} |
Node selector for the HELM hooks |
Custom Resource Definitions
All Kuma CRDs are loaded via the crds directory. For more detailed information on CRDs and Helm,
please refer to the Helm documentation.
Deleting
As part of Helm's limitations, CRDs will not be deleted when the kuma chart is deleted and
must be deleted manually. When a CRD is deleted Kubernetes deletes all resources of that kind as well, so this should
be done carefully.
To do this with kubectl on *nix platforms, run:
kubectl get crds | grep kuma.io | tr -s " " | cut -d " " -f1 | xargs kubectl delete crd
# or with jq
kubectl get crds -o json | jq '.items[].metadata.name | select(.|test(".*kuma\\.io"))' | xargs kubectl delete crd
Autoscaling
In production, it is advisable to enable Control Plane autoscaling for High Availability. Autoscaling uses the
HorizontalPodAutoscaler resource to add redundancy and scale the CP pods based on CPU utilization, which requires
the k8s metrics-server to be running on the cluster.
Development
The charts are used internally in kumactl install, therefore the following rules apply when developing new chat features:
- all templates that start with
pre-andpost-are omitted when processing inkumactl install
Installing Metrics Server for Autoscaling
If running on kind, or on a cluster with a similarly self-signed cert, the metrics server must be configured to allow
insecure kubelet TLS. The make task kind/deploy/metrics-server installs this patched version of the server.