Merge pull request #21 from innerpeacez/modify

modify role to clusterrole

Merge pull request #21 from innerpeacez/modify
modify role to clusterrole
f0e0f138 · innerpeacez · GitHub · fafaa1cb · f112302a · f0e0f138
8 changed file
--- a/helm-chart/helm3/6.4.0/skywalking/Chart.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/Chart.yaml
-apiVersion: v1
+apiVersion: v2
 name: skywalking
 home: https://skywalking.apache.org
-version: 0.1.1
+version: 0.1.2
 appVersion: 6.4.0
 description: Apache SkyWalking APM System
 icon: https://raw.githubusercontent.com/apache/skywalking-kubernetes/master/logo/sw-logo-for-chart.jpg

--- a/helm-chart/helm3/6.4.0/skywalking/README.md
+++ b/helm-chart/helm3/6.4.0/skywalking/README.md
@@ -29,7 +29,7 @@ The command deploys Apache Skywalking on the Kubernetes cluster in the default c
 To uninstall/delete the `my-release` deployment:
 ```shell
-$ helm delete my-release -n <namespace>
+$ helm uninstall my-release -n <namespace>
 ```
 The command removes all the Kubernetes components associated with the chart and deletes the release.
@@ -56,6 +56,7 @@ The following table lists the configurable parameters of the Skywalking chart an
 | `oap.nodeSelector`                    | OAP labels for master pod assignment                               | `{}`                                |
 | `oap.tolerations`                     | OAP tolerations                                                    | `[]`                                |
 | `oap.resources`                       | OAP node resources requests & limits                               | `{} - cpu limit must be an integer` |
+| `oap.envoy.als.enabled`               | Open envoy als                                                     | `false`                             |
 | `oap.env`                             | OAP environment variables                                          | `[]`                                |
 | `ui.name`                             | Web UI deployment name                                             | `ui`                                |
 | `ui.replicas`                         | Web UI k8s deployment replicas                                     | `1`                                 |
@@ -111,7 +112,7 @@ The following table lists the configurable parameters of the Skywalking chart an
 | `elasticsearch.master.tolerations` | `[]` | Master tolerations |
 | `elasticsearch.master.heapSize` | `512m` | Master node heap size |
 | `elasticsearch.master.name` | `master` | Master component name |
-| `elasticsearch.master.persistence.enabled` | `true` | Master persistent enabled/disabled |
+| `elasticsearch.master.persistence.enabled` | `false` | Master persistent enabled/disabled |
 | `elasticsearch.master.persistence.name` | `data` | Master statefulset PVC template name |
 | `elasticsearch.master.persistence.size` | `4Gi` | Master persistent volume size |
 | `elasticsearch.master.persistence.storageClass` | `nil` | Master persistent volume Class |
@@ -129,7 +130,7 @@ The following table lists the configurable parameters of the Skywalking chart an
 | `elasticsearch.data.priorityClassName` | `nil` | Data priorityClass |
 | `elasticsearch.data.heapSize` | `1536m` | Data node heap size |
 | `elasticsearch.data.hooks.drain.enabled` | `true` | Data nodes: Enable drain pre-stop and post-start hook |
-| `elasticsearch.data.persistence.enabled` | `true` | Data persistent enabled/disabled |
+| `elasticsearch.data.persistence.enabled` | `false` | Data persistent enabled/disabled |
 | `elasticsearch.data.persistence.name` | `data` | Data statefulset PVC template name |
 | `elasticsearch.data.persistence.size` | `30Gi` | Data persistent volume size |
 | `elasticsearch.data.persistence.storageClass` | `nil` | Data persistent volume Class |
@@ -196,3 +197,18 @@ ui:
        hosts:
          - skywalking.domain.com
 ```
+### Envoy ALS
+Envoy ALS(access log service) provides fully logs about RPC routed, including HTTP and TCP.
+If you want to open envoy ALS, you can do this by modifying values.yaml. 
+```yaml
+oap:
+  envoy:
+    als:
+      enabled: true
+```
+When envoy als ,will give ServiceAccount clusterrole permission.
+More envoy als ,please refer to https://github.com/apache/skywalking/blob/master/docs/en/setup/envoy/als_setting.md#observe-service-mesh-through-als
\ No newline at end of file
--- a/helm-chart/helm3/6.4.0/skywalking/templates/oap-clusterrole.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/templates/oap-clusterrole.yaml
+{{- if .Values.oap.envoy.als.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "skywalking.fullname" . }}
+  labels:
+    app: {{ template "skywalking.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["extensions"]
+  resources: ["deployments", "replicasets"]
+  verbs: ["get", "watch", "list"]
+{{- end }}
\ No newline at end of file
--- a/helm-chart/helm3/6.4.0/skywalking/templates/oap-clusterrolebinding.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/templates/oap-clusterrolebinding.yaml
+{{- if .Values.oap.envoy.als.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "skywalking.fullname" . }}
+  labels:
+    app: {{ template "skywalking.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "skywalking.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "skywalking.serviceAccountName.oap" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
--- a/helm-chart/helm3/6.4.0/skywalking/templates/oap-deployment.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/templates/oap-deployment.yaml
@@ -91,6 +91,10 @@ spec:
              fieldPath: metadata.uid
        - name: SW_STORAGE
          value: elasticsearch
+        {{- if .Values.oap.envoy.als.enabled }}
+        - name: SW_ENVOY_ALS_ENABLED
+          value: {{ .Values.oap.envoy.als.enabled | quote}}
+        {{- end }}
        - name: SW_STORAGE_ES_CLUSTER_NODES
          value: "{{ include "call-nested" (list . "elasticsearch" "elasticsearch.client.fullname") }}:9200"
        {{- range $key, $value :=  .Values.oap.env }}

--- a/helm-chart/helm3/6.4.0/skywalking/templates/oap-role.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/templates/oap-role.yaml
+{{- if not .Values.oap.envoy.als.enabled }}
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -8,6 +9,7 @@ metadata:
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 rules:
- apiGroups: [""]
+  - apiGroups: [""]
-  resources: ["pods"]
+    resources: ["pods"]
-  verbs: ["get", "watch", "list"]
+    verbs: ["get", "watch", "list"]
+{{- end }}
\ No newline at end of file
--- a/helm-chart/helm3/6.4.0/skywalking/templates/oap-rolebinding.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/templates/oap-rolebinding.yaml
+{{- if not .Values.oap.envoy.als.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -12,6 +13,7 @@ roleRef:
  kind: Role
  name: {{ template "skywalking.fullname" . }}
 subjects:
- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: {{ template "skywalking.serviceAccountName.oap" . }}
+    name: {{ template "skywalking.serviceAccountName.oap" . }}
-  namespace: {{ .Release.Namespace }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
--- a/helm-chart/helm3/6.4.0/skywalking/values.yaml
+++ b/helm-chart/helm3/6.4.0/skywalking/values.yaml
@@ -31,9 +31,13 @@ oap:
    #   memory: 4Gi
  # podAnnotations:
  #   example: oap-foo
+  envoy:
+    als:
+      enabled: false
+      # more envoy ALS ,please refer to https://github.com/apache/skywalking/blob/master/docs/en/setup/envoy/als_setting.md#observe-service-mesh-through-als
  env:
    # more env, please refer to https://hub.docker.com/r/apache/skywalking-oap-server
+    # or https://github.com/apache/skywalking-docker/blob/master/6/6.4/oap/README.md#sw_telemetry
 ui:
  name: skywalking-ui
  replicas: 1
@@ -153,7 +157,7 @@ elasticsearch:
    heapSize: "512m"
    # additionalJavaOpts: "-XX:MaxRAM=512m"
    persistence:
-      enabled: true
+      enabled: false
      accessMode: ReadWriteOnce
      name: data
      size: "4Gi"
@@ -200,7 +204,7 @@ elasticsearch:
    heapSize: "1536m"
    # additionalJavaOpts: "-XX:MaxRAM=1536m"
    persistence:
-      enabled: true
+      enabled: false
      accessMode: ReadWriteOnce
      name: data
      size: "30Gi"