cloudposse / charts Goto Github PK
View Code? Open in Web Editor NEWThe "Cloud Posse" Distribution of Kubernetes Applications
Home Page: https://cloudposse.com/accelerate
License: Apache License 2.0
The "Cloud Posse" Distribution of Kubernetes Applications
Home Page: https://cloudposse.com/accelerate
License: Apache License 2.0
/login
)proxy.enabled
flagnginx-ingress
so that we could route traffic across namespaces. This was accomplished using traefik
I've received a mail from Let's Encrypt warning than previous versions of cert-manager are causing trouble to its servers, and that they will stop accepting requests from versions inferior to 0.8.0.
We've been working with Jetstack, the authors of cert-manager, on a
series of fixes to the client. Cert-manager sometimes falls into a
traffic pattern where it sends really excessive traffic to Let's
Encrypt's servers, continuously. To mitigate this, we plan to start
blocking all traffic from cert-manager versions less than 0.8.0 (the
current semver minor release), as of November 1, 2019. Please upgrade
all of your cert-manager instances before then.
We're sending this email because this is the contact address of your
cert-manager instance at:
XXX.XXX.XXX.XX .
Version 0.8.0 is much better but we still observe excessive traffic in
some cases. We're working with Jetstack to improve these cases. As new
versions of cert-manager are released, we will add the non-current
versions to our block list after 3 months. We strongly encourage
cert-manager users to stay up-to-date with new versions.
Also, there is an opportunity to help both Jetstack and Let's Encrypt.
Once you've upgraded, please check the logs for your cert-manager
instances from time to time. Are they making excessive requests to Let's
Encrypt (more than, say, 10 per day over multiple days)? If so, please
share details at https://github.com/jetstack/cert-manager/issues/1948 .
Thanks,
Let's Encrypt Team
We should upgrade the chart
When running the following values.yaml
:
serviceMonitors:
- name: frontend-chart
selector:
matchLabels:
tier: frontend-chart
endpoints:
- port: prometheus
interval: 5s
serviceMonitorsSelector:
matchLabels:
tier: frontend-chart
I'm getting an error:
$ helm install --dry-run --debug -f values.yaml cloudposse-incubator/prometheus
...
Error: render error in "prometheus/templates/servicemonitors.yaml": template: prometheus/templates/servicemonitors.yaml:19:17: executing "prometheus/templates/servicemonitors.yaml" at <.Values.serviceMonit...>: can't evaluate field serviceMonitorSelector in type interface {}
What is proper use of serviceMonitors
and serviceMonitorsSelector
parameters?
There are some suspicious lines in servicemonitors.yaml
template:
serviceMonitorSelector
chart paramater applies the same for each monitor in the list of service monitorsname: {{ .name }}
line.Values.serviceMonitorsSelector
in prometheus.yaml
and .Values.serviceMonitorSelector
in servicemonitors.yaml
, note the monitor word plurality, is it intended to have two almost identical parameters?In the FluentD chart the default values for in config map are not mapped to the ConfigMap resource that is created, when deployed, no values are placed in the config map.
Values from the default values file to be in ConfigMap
I noticed in the values.yaml
file that the value is configMap
, but the range function in the configmap template is looking for configMaps
seen here.
I used the bastion incubator helm chart from here and deployed on K8s and tried to connect to it using below commands but getting permission denied always.
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app=bastion-bastion" -o jsonpath="{.items[0].metadata.name}")
echo "Run 'ssh -p 2222 127.0.0.1' to use your application"
kubectl port-forward $POD_NAME 2222:22
Trying to connect like below:
โ ssh -p 2211 [email protected]
The authenticity of host '[127.0.0.1]:2211 ([127.0.0.1]:2211)' can't be established.
RSA key fingerprint is SHA256:S44NDDfev4x8NCJHMVJgYXrhx4OS/SoYGer5TMGUgqg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[127.0.0.1]:2211' (RSA) to the list of known hosts.
[email protected]: Permission denied (publickey).
Is there anything missing from my end? can you point me somewhere to fix the issue?
Logs:
Connection closed by authenticating user azizzoaib786 127.0.0.1 port 59712 [preauth]
Connection closed by authenticating user azizzoaib786 127.0.0.1 port 59730 [preauth]
labels
in configMap
section (see: #155 (comment))containerPort
(see: #155 (comment))The README at https://github.com/cloudposse/charts/blob/0.6.0/incubator/README.md refers to the opsgoodness chart repo at http://charts.opsgoodness.com but that repo does not seem to be working. In fact, it's not clear that this README is actually meant for that directory. It should be fixed if not deleted.
i tried the thumbor chart. While the it works good for resizing, i get an error when using /smart
in the route. The thumbor pod then logs:
focal_points = yield gen.maybe_future(self.context.modules.storage.get_detector_data(self.smart_storage_key))
File "/usr/local/lib/python2.7/site-packages/tornado/gen.py", line 1055, in run
value = future.result()
File "/usr/local/lib/python2.7/site-packages/tornado/concurrent.py", line 238, in result
raise_exc_info(self._exc_info)
File "/usr/local/lib/python2.7/site-packages/tornado/gen.py", line 307, in wrapper
yielded = next(result)
File "/usr/local/lib/python2.7/site-packages/thumbor/storages/mixed_storage.py", line 74, in get_detector_data
result = yield gen.maybe_future(self.detector_storage.get_detector_data(path))
File "/usr/local/lib/python2.7/site-packages/tornado/concurrent.py", line 483, in wrapper
future.result()
File "/usr/local/lib/python2.7/site-packages/tornado/concurrent.py", line 238, in result
raise_exc_info(self._exc_info)
File "/usr/local/lib/python2.7/site-packages/tornado/concurrent.py", line 471, in wrapper
result = f(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/tc_redis/storages/redis_storage.py", line 129, in get_detector_data
callback(self._get_detector_data(path))
File "/usr/local/lib/python2.7/site-packages/tc_redis/utils.py", line 23, in wrapper
exc_value
File "/usr/local/lib/python2.7/site-packages/tc_redis/storages/redis_storage.py", line 69, in on_redis_error
if self.context.config.REDIS_STORAGE_IGNORE_ERRORS is True:
File "/usr/local/lib/python2.7/site-packages/derpconf/config.py", line 211, in __getattr__
raise AttributeError(name)
AttributeError: REDIS_STORAGE_IGNORE_ERRORS
it seems like REDIS_STORAGE_IGNORE_ERRORS is not defined (?)
Hi,
I've managed to install the chart and make it work with the latest letsencrypt (had to create RBAC stuff and set the letsencrypt_ca to https://acme-v02.api.letsencrypt.org/directory
to avoid an "ACME V1" error), but I can't seem to log in in my VPN client.
The certificate is created as simon
even though my github username is fredsted
, not sure if that has anything to do with it.
Here's some output from the openvpn pod:
Fri Jan 24 13:50:30 2020 172.21.48.88:7254 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Fri Jan 24 13:50:30 2020 172.21.48.88:7254 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
Fri Jan 24 13:50:30 2020 172.21.48.88:7254 TLS Auth Error: Auth Username/Password verification failed for peer
Fri Jan 24 13:50:30 2020 172.21.48.88:7254 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Fri Jan 24 13:50:30 2020 172.21.48.88:7254 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Jan 24 13:50:30 2020 172.21.48.88:7254 [simon] Peer Connection Initiated with [AF_INET]172.21.48.88:7254
I'm using Google Authenticator for Github, so I've tried several combinations of simon/fredsted and with/without my Google Authenticator code.
I can also see that the link to "Github PAM" does not work, so I can't investigate that part further. https://github.com/cloudposse/github-pam
Is it possible to just delete the password authentication from the VPN? I can make do with the oauth sign-in-to-download-vpn-config part.
Chart: incubator/monochart v0.25.0
If I use the following in values.yaml
dockercfg:
enabled: true
image:
pullSecret:
registry: foo
username: bar
password: baz
...
A secret is created and referenced correctly in a Deployment's pullSecrets
If, for example, my release name is foo
, the secret is named foo-dockercfg
but the imagePullSecrets section in the deployment says
imagePullSecrets:
- name: foo-monochart
Since they don't match, the image pull fails.
{{ requiredEnv "RELEASE_NAME" }}
used in the file values.example.yam in monochartl, but I think this is typically a Helmfile-thing and can't be used in a Helm values file.
[...]
affinity:
# use of simple rule
affinityRule: "ShouldBeOnDifferentNode"
# use custom affinity rule. Here app MUST be on different host then postgres instance for it
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- postgresql
- key: release
operator: In
values:
- "{{ requiredEnv "RELEASE_NAME" }}-postgresql"
topologyKey: "kubernetes.io/hostname"
monochart
from appearing in release namemonochart
release namemonochart
in release name does not convey useful informationWould be nice to support initContainers in monochart
Thanks
I found the chart route53-kubernetes
here and try to use to manage the dns names.
But the document insists that this DaemonSet has to be deployed to master nodes. But in latest AWS EKS, we have no control to master nodes.
What should I do?
In the readme for the fluentd-kubernetes chart there are two sections for setting up forwarding to Elastic Search. The first one is correct, the second one is a copy of the datadog walkthrough above.
It's a duplicate of the wrong setup.
When I try to install or template monochart I get the following errors
coalesce.go:165: warning: skipped value for configMaps: Not a table.
coalesce.go:165: warning: skipped value for secrets: Not a table.
coalesce.go:165: warning: skipped value for env: Not a table.
coalesce.go:165: warning: skipped value for env: Not a table.
coalesce.go:165: warning: skipped value for secrets: Not a table.
coalesce.go:165: warning: skipped value for configMaps: Not a table.
The command that I use is:
helm template ./monochart --values ./monochart/values.example.yaml
This is the result:
---
# Source: monochart/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: release-name-monochart-env-default
annotations:
test.secret.annotation: value
labels:
app: monochart
chart: monochart-0.19.1
heritage: "Helm"
raar: env
test_label: value
type: Opaque
data:
SECRET_ENV_NAME: RU5WX1ZBTFVF
---
# Source: monochart/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: release-name-monochart-env-default
annotations:
test.annotation: value
labels:
app: monochart
chart: monochart-0.19.1
heritage: "Helm"
component: env
test_label: value
data:
CONFIG_ENV_NAME: ENV_VALUE
---
# Source: monochart/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: release-name-monochart-files-default
annotations:
test.annotation: value
labels:
app: monochart
chart: monochart-0.19.1
heritage: "Helm"
component: files
test_label: value
data:
config.test.txt: |
some text
---
# Source: monochart/templates/deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: release-name-monochart
annotations:
nginx.version: 1.15.3
labels:
app: monochart
chart: monochart-0.19.1
heritage: "Helm"
component: nginx
spec:
replicas: 1
selector:
matchLabels:
app: monochart
release: RELEASE-NAME
revisionHistoryLimit: 10
template:
metadata:
name: release-name-monochart
annotations:
checksum/config: 165a67949dac02dddcf221cc922cb694be98da09218747ed7c729408cd1c4422
checksum/secret: b5fe613c0d2ad6de7de9f011f86295346d5e7c78e2bd212b83303113f9f39749
labels:
app: monochart
release: "RELEASE-NAME"
serve: "true"
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- monochart
- key: release
operator: In
values:
- "RELEASE-NAME"
topologyKey: "kubernetes.io/hostname"
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- postgresql
- key: bla
operator: In
values:
- bla-postgresql
topologyKey: kubernetes.io/hostname
containers:
- name: RELEASE-NAME
image: nginx:1.15.3
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: release-name-monochart-env-default
- secretRef:
name: release-name-monochart-env-default
env:
- name: INLINE_ENV_NAME
value: "ENV_VALUE"
envFrom:
- configMapRef:
name: config-1
- configMapRef:
name: config-2
ports:
- name: default
containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: "/data"
name: storage
- mountPath: /config-default
name: config-default-files
- mountPath: /secret-default
name: secret-default-files
readOnly: true
imagePullSecrets:
- name: docker-secret-1
- name: docker-secret-2
volumes:
- name: storage
emptyDir: {}
- name: config-default-files
configMap:
name: release-name-monochart-files-default
- name: secret-default-files
secret:
secretName: release-name-monochart-files-default
It seems that the configMaps are generated, but not all the secrets.
Chart version:
0.19.1
Helm version:
version.BuildInfo{Version:"v3.1.0", GitCommit:"b29d20baf09943e134c2fa5e1e1cab3bf93315fa", GitTreeState:"clean", GoVersion:"go1.13.7"}
I think following lines in README.md:
$ helm repo add cloudposse-incubator http://charts.cloudposse.com/incubator/packages/
$ helm install incubator/route53-kubernetes
Should be:
$ helm repo add cloudposse-incubator http://charts.cloudposse.com/incubator/
$ helm install cloudposse-incubator/route53-kubernetes
https://github.com/cloudposse/charts/blob/master/incubator/portal/templates/proxy.ingress.yaml#L47 sets backend hosts like dashboard.portal.us-west-2.staging.example.com
, but I want the option for it to be dashboard-portal.us-west-2.staging.example.com
. The reason is so we can just use a SAN cert for *.us-west-2.staging.example.com
.
/
-> -
)When attempting to use postfix as a subchart, its deployment.yaml appears to refer to the wrong path of the postfix secrets.yaml:
[debug] CHART PATH: /Users/.../myapp
Error: render error in "myapp/charts/postfix/templates/deployment.yaml": template: myapp/charts/postfix/templates/deployment.yaml:14:28: executing "myapp/charts/postfix/templates/deployment.yaml" at <include (print $.Cha...>: error calling include: template: no template "postfix/templates/secrets.yaml" associated with template "gotpl"
I guess the problem is that in postfix's deploy.yaml:
annotations:
checksum/secret: {{ include (print $.Chart.Name "/templates/secrets.yaml") . | sha256sum }}
this evaluates to postfix/templates/secrets.yaml
instead of myapp/charts/postfix/templates/secrets.yaml
? However I tried unpacking the postfix .tgz archive and patching its contents instead of referring to it from requirements.yaml, but didn't get that working yet either.
StatefulSet
Ingress
resource typeCurrent Job is fine, but CronJob still uses batch/v1beta1 which is not available since Kubernetes v1.25
Applying a cronJob on Kubernetes >= 1.25 get rejected by Kubernetes API server
Generated cronJob resources should be accepted.
Steps to reproduce the behavior:
cronJobs.default.enabled
to true
helm template monochart . | kubectl apply --dry-run=server -f -
error: resource mapping not found for name: "monochart-monochart-default" namespace: "" from "STDIN": no matches for kind "CronJob" in version "batch/v1beta1"
ensure CRDs are installed first
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.