From f4686d9fdc46522c7e76e5432b8af73483559001 Mon Sep 17 00:00:00 2001 From: Markus Napp Date: Wed, 20 May 2020 14:38:05 +0200 Subject: [PATCH 1/4] Bump release version to 5.0 --- adoc/attributes.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/adoc/attributes.adoc b/adoc/attributes.adoc index c8ba3795d..9316d8c5c 100644 --- a/adoc/attributes.adoc +++ b/adoc/attributes.adoc @@ -5,9 +5,9 @@ // Product Versions //Counting upwards from 4, tied to SLE15 releases -:productmajor: 4 +:productmajor: 5 //Counting upwards from 0, tied to kubernetes releases -:productminor: 2 +:productminor: 0 //Counting upwards from 0, tied to maintenance release :productpatch: 0 :prerelease: @@ -21,11 +21,11 @@ :kube_version: 1.17.4 :kubedoc: https://v1-17.docs.kubernetes.io/docs/ :cap_version: 1.5.2 -:cilium_release: 1.5 -:cilium_patch_version: 3 +:cilium_release: 1.6 +:cilium_patch_version: 6 :cilium_version: {cilium_release}.{cilium_patch_version} :cilium_docs_version: v{cilium_release} -:envoy_version: +:envoy_version: 1.12.2 :etcd_version: 3.4.3 :skuba_version: 1.3.3 :dex_version: 2.16.0 From fb71c85c48d264752dcb86e585752427639922f2 Mon Sep 17 00:00:00 2001 From: Stefan Knorr Date: Fri, 22 May 2020 13:14:30 +0200 Subject: [PATCH 2/4] Make LICENSE symlink valid again --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 201ac2d20..e3f3a0d6d 120000 --- a/LICENSE +++ b/LICENSE @@ -1 +1 @@ -xml/common_gfdl1.2_i.xml \ No newline at end of file +adoc/common_copyright_gfdl.adoc \ No newline at end of file From 48398659b92273afd1b50449154991540eaa53e4 Mon Sep 17 00:00:00 2001 From: Stefan Knorr Date: Fri, 22 May 2020 20:29:23 +0200 Subject: [PATCH 3/4] Typo fixes --- README.adoc | 2 +- adoc/admin-centralized-logging.adoc | 2 +- adoc/admin-monitoring-stack.adoc | 4 ++-- adoc/admin-security-psp.adoc | 2 +- adoc/admin-software-installation.adoc | 4 ++-- adoc/admin-updates.adoc | 2 +- adoc/admin-velero-prereqs.adoc | 2 +- adoc/common_glossary.adoc | 2 +- adoc/deployment-sysreqs.adoc | 6 +++--- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.adoc b/README.adoc index 4ef4acfd5..927509fa8 100644 --- a/README.adoc +++ b/README.adoc @@ -28,7 +28,7 @@ Changes to already released versions of the documentation must be merged to a `m * `DC-caasp-*`: Configuration files for the exported guides. * `adoc/`: Contains all the pages that make up the content. * `adoc/book_*`: Meta files collating pages into a guide document. -* `adoc/attributes.adoc` - Contains all version numbers of the product and it's components. +* `adoc/attributes.adoc` - Contains all version numbers of the product and its components. Also contains the `release_type` flag that determines if the branch contains an `public` or (SUSE) `internal` release. * `adoc/entities.adoc` - Contains text substitutions for often used component names and strings. * `adoc/common_*`: Include files with common information like legal disclaimers and licenses. diff --git a/adoc/admin-centralized-logging.adoc b/adoc/admin-centralized-logging.adoc index 684ead747..884d8f094 100644 --- a/adoc/admin-centralized-logging.adoc +++ b/adoc/admin-centralized-logging.adoc @@ -73,7 +73,7 @@ are: * `*server.port*`, default value = 514 * `*server.protocol*`, default value = TCP -See <> for the facultative parameters and their default values. +See <> for the optional parameters and their default values. - Running the following will create the minimal working setup: diff --git a/adoc/admin-monitoring-stack.adoc b/adoc/admin-monitoring-stack.adoc index 7d974dd87..d333e467f 100644 --- a/adoc/admin-monitoring-stack.adoc +++ b/adoc/admin-monitoring-stack.adoc @@ -37,7 +37,7 @@ Grafana is an open-source system for querying, analysing and visualizing metrics . NGINX Ingress Controller + -Please refer to <> on how to congifure ingress in your cluster. Deploying NGINX Ingress Controller also allows us to provide TLS termination to our services and to provide basic authentication to the Prometheus Expression browser/API. +Please refer to <> on how to configure ingress in your cluster. Deploying NGINX Ingress Controller also allows us to provide TLS termination to our services and to provide basic authentication to the Prometheus Expression browser/API. . Create DNS entries @@ -160,7 +160,7 @@ In this example, trusted certificates are `monitoring.key` and `monitoring.crt`. + .. Self-signed Certificates (optional) + -Please refer to <> on how to signed the self-sigend certificate. +Please refer to <> on how to sign the self-signed certificate. The `server.conf` for DNS.1 is `+prometheus.example.com+`, DNS.2 is `+prometheus-alertmanager.example.com+` and DNS.3 `+grafana.example.com+`. + Then, import your self-signed certificate into the {kube} cluster. diff --git a/adoc/admin-security-psp.adoc b/adoc/admin-security-psp.adoc index 398de833b..66d8f7f22 100644 --- a/adoc/admin-security-psp.adoc +++ b/adoc/admin-security-psp.adoc @@ -66,7 +66,7 @@ and This is the unprivileged policy as a configuration file. You can use this as a basis to develop your own {psp} which should be saved as `custom-psp.yaml` -`addons/psp/patches` drectory. +`addons/psp/patches` directory. ---- apiVersion: policy/v1beta1 diff --git a/adoc/admin-software-installation.adoc b/adoc/admin-software-installation.adoc index d52c17957..3360663ca 100644 --- a/adoc/admin-software-installation.adoc +++ b/adoc/admin-software-installation.adoc @@ -134,14 +134,14 @@ This installs tiller with TLS certificate security. ===== Trusted Certificates -Please refererence to <> and <> on how to signed the trusted tiller and helm certificate. +Please reference to <> and <> on how to sign the trusted tiller and helm certificate. The server.conf for IP.1 is `127.0.0.1`. Then, import trusted certificate to {kube} cluster. In this example, trusted certificate are `ca.crt`, `tiller.crt`, `tiller.key`, `helm.crt` and `helm.key`. ===== Self-signed Certificates (optional) -Please refererence to <> and <> on how to signed the self-sigend tiller and helm certificate. +Please reference to <> and <> on how to sign the self-signed tiller and helm certificate. The server.conf for IP.1 is `127.0.0.1`. Then, import trusted certificate to {kube} cluster. In this example, trusted certificate are `ca.crt`, `tiller.crt`, `tiller.key`, `helm.crt` and `helm.key`. diff --git a/adoc/admin-updates.adoc b/adoc/admin-updates.adoc index 28234a085..709ef6ce5 100644 --- a/adoc/admin-updates.adoc +++ b/adoc/admin-updates.adoc @@ -15,7 +15,7 @@ Run `sudo zypper update` on the management workstation before any attempt to upd == Updating Kubernetes Components -Updating of {kube} and it's components from one minor version to the next (for example from 1.16 to 1.17) is handled by `skuba`. +Updating of {kube} and its components from one minor version to the next (for example from 1.16 to 1.17) is handled by `skuba`. The reason for this is that *minor updates* require special plan and apply procedures. These procedures differ for *patch updates* (for example 1.16.1 to 1.16.2), which are handled by `skuba-update` as described in <<_base_os_updates>>. diff --git a/adoc/admin-velero-prereqs.adoc b/adoc/admin-velero-prereqs.adoc index 7a2597b32..44bb30751 100644 --- a/adoc/admin-velero-prereqs.adoc +++ b/adoc/admin-velero-prereqs.adoc @@ -255,7 +255,7 @@ aws_secret_access_key= ==== Volume Snapshotter [NOTE] -A volume snapshotter is able to snapshot it's persistent volumes if its volume driver supports do volume snapshot. +A volume snapshotter is able to snapshot its persistent volumes if its volume driver supports do volume snapshot. If a volume provider does not support snapshot or does not have supported Velero storage plugin, Velero will leverage `restic` to do persistent volume backup and restore. [options="header"] diff --git a/adoc/common_glossary.adoc b/adoc/common_glossary.adoc index 88db1c2ab..356306d16 100644 --- a/adoc/common_glossary.adoc +++ b/adoc/common_glossary.adoc @@ -4,7 +4,7 @@ AWS:: Amazon Web Services. A broadly adopted cloud platform run by Amazon. BPF:: - Berkley Packet Filter. Technology used by Cilium to filter network traffic at the level of packet processing in the kernel. + Berkeley Packet Filter. Technology used by Cilium to filter network traffic at the level of packet processing in the kernel. CA:: Certificate or Certification Authority. An entity that issues digital certificates. CIDR:: diff --git a/adoc/deployment-sysreqs.adoc b/adoc/deployment-sysreqs.adoc index eb98b5f64..3eb1e7e97 100644 --- a/adoc/deployment-sysreqs.adoc +++ b/adoc/deployment-sysreqs.adoc @@ -162,7 +162,7 @@ link:https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/hardware This is extremely important to ensure a proper functioning of the critical component `etcd`. -It is possible to preliminary validate these requirements by using `fio`. This tool allows us to simulate `etcd` I/O (input/output) and to find out from the output statistics wether or not the storage is suitable. +It is possible to preliminary validate these requirements by using `fio`. This tool allows us to simulate `etcd` I/O (input/output) and to find out from the output statistics whether or not the storage is suitable. . Install the tool: + @@ -180,7 +180,7 @@ fio --rw=write --ioengine=sync --fdatasync=1 --directory=test-etcd-dir --size=22 From the outputs, the interesting part is `fsync/fdatasync/sync_file_range` where the values are expressed in microseconds (usec). A disk is considered sufficient when the value of the `99.00th` percentile is below 10000usec (10ms). -Becareful though, this benchmark is for etcd only and does not take into consideration external disk usage. This means that a value slightly under 10ms should be taken with precaution as other workloads will have an impact on the disks. +Be careful though, this benchmark is for etcd only and does not take into consideration external disk usage. This means that a value slightly under 10ms should be taken with precaution as other workloads will have an impact on the disks. [WARNING] ==== @@ -381,7 +381,7 @@ If you wish to use Upstream / Third-Party resources, please also allow the follo |k8s.gcr.io|Google Container Registry|Provide container images |kubernetes-charts.storage.googleapis.com|Google Helm charts repository|Provide helm charts |docker.io|Docker Container Registry|Provide container images -|quay.io|RedHat Container Registry|Provide container images +|quay.io|Red Hat Container Registry|Provide container images |=== Please note that not all installation scenarios will need all of these resources. From 198baa84260777baf95f7c05a3dcaeaddbf82d12 Mon Sep 17 00:00:00 2001 From: JenTing Hsiao Date: Thu, 28 May 2020 09:51:57 +0800 Subject: [PATCH 4/4] Add extraScrapeConfigs in prometheus-config-values.yaml Signed-off-by: JenTing Hsiao --- adoc/admin-monitoring-stack.adoc | 51 ++++++++++++++------------------ 1 file changed, 22 insertions(+), 29 deletions(-) diff --git a/adoc/admin-monitoring-stack.adoc b/adoc/admin-monitoring-stack.adoc index d333e467f..8cd640e08 100644 --- a/adoc/admin-monitoring-stack.adoc +++ b/adoc/admin-monitoring-stack.adoc @@ -1080,7 +1080,17 @@ cd /etc/kubernetes kubectl --kubeconfig=admin.conf -n monitoring create secret generic etcd-certs --from-file=/etc/kubernetes/pki/etcd/ca.crt --from-file=/etc/kubernetes/pki/etcd/healthcheck-client.crt --from-file=/etc/kubernetes/pki/etcd/healthcheck-client.key ---- -. Edit the configuration file `prometheus-config-values.yaml`, add `extraSecretMounts` part +. Get all etcd cluster private IP address ++ +[source,bash] +---- +kubectl get pods -n kube-system -l component=etcd -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +etcd-master0 1/1 Running 2 21h 192.168.0.6 master0 +etcd-master1 1/1 Running 2 21h 192.168.0.20 master1 +---- + +. Edit the configuration file `prometheus-config-values.yaml`, add `extraSecretMounts` and `extraScrapeConfigs` parts, change the extraScrapeConfigs targets IP address(es) as your environment and change the target numbers if you have different etcd cluster members + ---- # Alertmanager configuration @@ -1171,6 +1181,16 @@ server: secretName: etcd-certs readOnly: true +extraScrapeConfigs: | + - job_name: etcd + static_configs: + - targets: ['192.168.0.32:2379','192.168.0.17:2379','192.168.0.5:2379' + scheme: https + tls_config: + ca_file: /etc/secrets/ca.crt + cert_file: /etc/secrets/healthcheck-client.crt + key_file: /etc/secrets/healthcheck-client.key + ## Prometheus is configured through prometheus.yml. This file and any others ## listed in serverFiles will be mounted into the server pod. ## See configuration options @@ -1178,6 +1198,7 @@ server: #serverFiles: # prometheus.yml: ---- + . Upgrade prometheus helm deployment + [source,bash] @@ -1186,31 +1207,3 @@ helm upgrade prometheus suse/prometheus \ --namespace monitoring \ --values prometheus-config-values.yaml ---- -. First get all etcd cluster private IP address. -+ -[source,bash] ----- -kubectl get pods -n kube-system -l component=etcd -o wide -NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES -etcd-master0 1/1 Running 2 21h 192.168.0.6 master0 -etcd-master1 1/1 Running 2 21h 192.168.0.20 master1 ----- -. Add new job for etcd, change the target ip address as your environment and change the target numbers if you have different etcd cluster members. -[source,bash] -+ ----- -kubectl edit -n monitoring configmap prometheus-server ----- -+ ----- -scrape_configs: - - job_name: etcd - static_configs: - - targets: ['192.168.0.6:2379','192.168.0.20:2379'] - scheme: https - tls_config: - ca_file: /etc/secrets/ca.crt - cert_file: /etc/secrets/healthcheck-client.crt - key_file: /etc/secrets/healthcheck-client.key ----- -. Save the new configmap, the prometheus server will auto reload new configmap.