enix / helm-charts Goto Github PK
View Code? Open in Web Editor NEWA collection of Helm packages brought to you by Enix Monkeys :monkey_face:
Home Page: https://charts.enix.io
License: Apache License 2.0
A collection of Helm packages brought to you by Enix Monkeys :monkey_face:
Home Page: https://charts.enix.io
License: Apache License 2.0
What I tried:
helm install netbox-enix enix/netbox
BUG 1: postgresql image could not be pulled
Solution replace container location from docker.io/bitnami/postgresql:11.8.0-debian-10-r14
to bitnami/postgresql:11.8.0-debian-10-r14
BUG 2: redis image could not be pulled
Solution replace container location from docker.io/bitnami/redis:6.0.4-debian-10-r0
to bitnami/redis:6.0.4-debian-10-r0
BUG 3: netbox configuration error: REDIS_PORT enviroment variable was being set with: "tcp://x.x.x.x:6379"
Solution set REDIS_PORT= 6379 in netbox ConfigMap
BUG 4:
I am new to Helm, but I couldn't make Chart Values to work. I tried:
config.yaml
persistence:
storageClassName: stage-nas-nfs-noresize
helm install -f config.yaml netbox-enix enix/netbox
and the PVC's did not add storageClassName config ...
Suggestion
Maybe you should put configuration.py in a configMap parameter.
Questions
a) Is it safe to apply netbox version upgrades with this helm chart ?
b) How can I use plugins with this helm chart ? I want to try https://github.com/iDebugAll/nextbox-ui-plugin
On k8s cluster upgrade, when kubeadm rotate certificates, it keeps expired ones in /etc/kubernetes/pki/expired.
So the x509-exporter, having /etc/kubernetes/pki configured as watch-folder, will keep raising alarms on expired certificates in /etc/kubernetes/pki/expired.
Maybe we can add some way to exclude or ignore certains folders in the configured watchfolder.
A working LDAP configuration with Active Directory does not work anymore when upgrading to 1.2.9
Rollback to 1.2.8 and it works again.
See $subject :-)
Pretty sure one might find it useful.
I tried to install your Helm chart into my on-prem kubernetes cluster by
$ helm -n monitoring install x509-certificate-exporter enix/x509-certificate-exporter -f ./x509-exporter.values.yml
The values.yml is still the default from your git repo.
My enabled admission plugins are
I installed also a webhook:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: prometheus-operator-rulesvalidation
webhooks:
- clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjekNDQVJtZ0F3SUJBZ0lRZEtYaWh3Yk53UWpXWXdFVTJ6d3hvakFLQmdncWhrak9QUVFEQWpBT01Rd3cKQ2dZRFZRUUtFd051YVd3d0lCY05NakV3TXpJMU1ERXhOVEU0V2hnUE1qRXlNVEF6TURFd01URTFNVGhhTUE0eApEREFLQmdOV>
service:
name: prometheus-kube-prometheus-operator
namespace: monitoring
path: /admission-prometheusrules/mutate
failurePolicy: Fail
name: prometheusrulemutate.monitoring.coreos.com
namespaceSelector: {}
rules:
- apiGroups:
- monitoring.coreos.com
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
resources:
- prometheusrules
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
But I get all the time the follwoing error:
$ helm -n monitoring upgrade -i x509-certificate-exporter enix/x509-certificate-exporter -f ./x509-exporter.values.yml
Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook "prometheusrulemutate.monitoring.coreos.com": Post "https://prometheus-kube-prometheus-operator.monitoring.svc:443/admission-prometheusrules/mutate?timeout=10s": dial tcp 172.20.151.210:443: i/o timeout
The Service as well as the Pod for prometheus operator is installed, working and reachable inside monitoring namespace at 172.20.151.210:443.
while enable hairpinMode, a field must be added to the cni-conf.json :
cni-conf.json: |
{
"cniVersion":"0.3.0",
"name":"mynet",
"plugins":[
{
"name":"kubernetes",
"type":"bridge",
"bridge":"kube-bridge",
"isDefaultGateway":true,
"hairpinMode":true,
"ipam":{
"type":"host-local"
}
}
]
}
As it is not clear (#35)
Add some link of upstream documentation, like
https://github.com/netbox-community/netbox-docker/blob/release/initializers/
https://github.com/netbox-community/netbox-docker/blob/release/initializers/custom_fields.yml
Hi,
It could be cool to specify or not bgp peer passwords and port. We can put a default value if they are not provided.
If we don't specify theses values, kube-router refuse to start.
What I mean by this:
the values.yaml files in the charts are not something like:
---
x509-exporter:
imagePullSecrets: []
image:
repository: enix/x509-exporter
[...]
and
---
netbox:
kind: StatefulSet
statefulSet:
but they just simply contain the key:values without any scope.
Why is this a problem? For example we maintain a common values.yaml structure for all our Helm charts, so that the prometheus rules and the cert-manager configuration is in one common file; one can then use this single file with Helm and not dozens of values.yaml files for all the Helm charts.
Not limiting the chart's values to a scope means that it's not possible to have more than one chart's key:value pairs in one values.yaml file. We can't use something like repository: enix/x509-exporter
in this common values.yaml file since it would affect all similarly non-scoped charts' repository
key.
I hope I was able to describe the problem. I'd argue it's very common to use a scope for a chart, actually I know only one single chart which has the same issue (velero from vmware-tanzu) and every other chart I've ever seen has this main scope.
It'd be nice to adjust the charts like this if you're open for it.
Hi,
I have installed the helm with:
helm repo add enix https://charts.enix.io
helm repo update
NAMESPACE="x509-certificate-exporter"
helm upgrade x509-certificate-exporter enix/x509-certificate-exporter -f monitor-host-values.yaml \
--install \
--create-namespace \
--namespace ${NAMESPACE}
The monitor-host-values.yaml contains:
hostPathsExporter:
daemonSets:
cp:
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
watchFiles:
- /var/lib/kubelet/pki/kubelet-client-current.pem
- /etc/kubernetes/pki/apiserver.crt
- /etc/kubernetes/pki/apiserver-etcd-client.crt
- /etc/kubernetes/pki/apiserver-kubelet-client.crt
- /etc/kubernetes/pki/ca.crt
- /etc/kubernetes/pki/front-proxy-ca.crt
- /etc/kubernetes/pki/front-proxy-client.crt
- /etc/kubernetes/pki/etcd/ca.crt
- /etc/kubernetes/pki/etcd/healthcheck-client.crt
- /etc/kubernetes/pki/etcd/peer.crt
- /etc/kubernetes/pki/etcd/server.crt
watchKubeconfFiles:
- /etc/kubernetes/admin.conf
- /etc/kubernetes/controller-manager.conf
- /etc/kubernetes/scheduler.conf
nodes:
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/ingress
operator: Exists
watchFiles:
- /var/lib/kubelet/pki/kubelet-client-current.pem
- /etc/kubernetes/pki/ca.crt
But I am unable to find the Prometheus rules. there is nothing in Prometheus (rules or alerts) with x509. I am running Kube-Prometheus-Stack 20.0.1 (Helm) with K8s 1.22.2
Can you help me out with this? Thanks!
name: x509-certificate-exporter
version: 1.14.1
The value.yaml does include a resources definition for hostPathsExporter daemonsets but those values are not reflected in the resulting pods.
Am I missing something in the configuration?
It seems that there is a bug in the DaemonSet template :
{{- if .bgpGracefulRestartDeferralTime }}
- "--bgp-graceful-restart-deferral-time={{ .bgpGracefulRestartDeferralTime }}"
{{- end }}
{{- if .bgpGracefulRestartDeferralTime }}
- "--bgp-graceful-restart={{ .bgpGracefulRestart }}"
{{- end }}
the bgpGracefulRestart
is not used
I'd like to use the chart to deploy Netbox with some new custom fields using the initializers. Would you have an example the most efficient way to do this?
initializers: {}
How to upgrade netbox chart ?
I tried:
helm repo update
helm upgrade netbox-enix enix/netbox
got the following error:
$ helm upgrade netbox-enix enix/netbox
Error: UPGRADE FAILED: cannot patch "netbox-enix-postgresql" with kind StatefulSet: StatefulSet.apps "netbox-enix-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && cannot patch "netbox-enix" with kind StatefulSet: StatefulSet.apps "netbox-enix" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden.
Currently we can't release a chart if an other from the repository fails to build or wasn't pushed. Usually because files were altered and the version not bumped yet.
Perhaps we could use a matrix and run a job for each one. But also there's no need to trigger a workflow acting on all charts, so events would have to be filtered in some way. I don't like the idea of having multiple workflows but it would surely fix the situation for now.
Thank you for the chart, could you add support for LDAP image for netbox?
Per kubectl
warning:
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+;
The RBAC (ClusterRole
and ClusterRoleBinding
) in kube-router is using these deprecated APIs, should change to rbac.authorization.k8s.io/v1b
in order to support new cluster versions.
apiVersion: extensions/v1beta1
37d36
< pathType: ImplementationSpecific
39,42c38,39
< service:
< name: {{ $fullName }}
< port:
< name: http
serviceName: {{ $fullName }} servicePort: http
`
patch attached (thanks to stupid filter: ingress.txt instead of ingress.patch
ingress.txt
)
We are considering deprecating netbox chart in favor of https://github.com/bootc/netbox-chart
Due to the lack of testing with ldap and other feature, and that our user base is less important than the one of bootc, we will face difficulties to provide full fledged chart as originally intended.
If you are using the netbox chart and see problem using the one of bootc, let us know in this issue
cc #40
kubeRouter:
router:
routesSyncPeriod: 1m0s
metrics:
port: "9999"
does not change anything to the resulting resource
It is quite handy to have full path of certificates in the label.
Although I understand the motivation to manage complex scenarios, I think that we should have an option to keep full paths (maybe only in simple scenarios).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.