From 85eff6fca0a20ce5dd6c27416b8a540b2468ae0c Mon Sep 17 00:00:00 2001
From: Sam <sam@braingu.com>
Date: Mon, 13 Feb 2023 23:13:50 +0000
Subject: [PATCH] chore: update appliance-mode values and docs
---
.../assets/configs/appliance-mode/values.yaml | 184 ++++++++++++++----
.../deployment-scenarios/appliance-mode.md | 8 +-
2 files changed, 150 insertions(+), 42 deletions(-)
diff --git a/docs/assets/configs/appliance-mode/values.yaml b/docs/assets/configs/appliance-mode/values.yaml
index 21502ba20c..410fd5eb53 100644
--- a/docs/assets/configs/appliance-mode/values.yaml
+++ b/docs/assets/configs/appliance-mode/values.yaml
@@ -1,52 +1,140 @@
-# Enables and configures packages for [Appliance Mode](../README.md):
+---
+# Enables and configures packages for [Appliance Mode](../../../guides/deployment-scenarios/appliance-mode.md):
+istio:
+ values:
+ istiod:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ values:
+ global:
+ proxy:
+ resources:
+ requests:
+ cpu: 50m
+ memory: 128Mi
+ proxy_init:
+ resources:
+ requests:
+ cpu: 50m
+ memory: 128Mi
+
+istiooperator:
+ values:
+ operator:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+
+jaeger:
+ enabled: false
+
+kiali:
+ enabled: false
clusterAuditor:
- enabled: true
+ enabled: false
values:
resources:
requests:
cpu: 100m
memory: 256Mi
- limits:
- cpu: 100m
- memory: 256Mi
gatekeeper:
- enabled: true
+ enabled: false
values:
replicas: 1
controllerManager:
resources:
- limits:
+ requests:
cpu: 100m
memory: 256Mi
+ audit:
+ resources:
requests:
cpu: 100m
memory: 256Mi
+ limits:
+ cpu: 600m
+ memory: 512Mi
-kiali:
+kyverno:
+ enabled: true
+ values:
+ replicaCount: 1
+ resources:
+ limits:
+ cpu: 350m
+ memory: 512Mi
+ requests:
+ cpu: 350m
+ memory: 512Mi
+
+kyvernoreporter:
+ enabled: true
+ values:
+ resources:
+ limits:
+ cpu: 50m
+ memory: 100Mi
+ requests:
+ cpu: 50m
+ memory: 100Mi
+
+kyvernopolicies:
+ enabled: true
+
+logging:
enabled: false
-kyverno:
+eckoperator:
enabled: false
+
+fluentbit:
+ enabled: false
+
+promtail:
+ enabled: true
values:
- replicaCount: 1
+ resources:
+ requests:
+ cpu: 50m
+ memory: 32Mi
loki:
- values:
+ enabled: true
+ values:
singleBinary:
replicas: 1
resources:
- limits:
- cpu: 100m
- memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
-
+
+neuvector:
+ enabled: false
+ values:
+ controller:
+ replicas: 1
+ resources:
+ limits:
+ cpu: 200m
+ memory: 768Mi
+ requests:
+ cpu: 100m
+ memory: 512Mi
+ cve:
+ scanner:
+ replicas: 1
+ k3s:
+ enabled: true
+
tempo:
+ enabled: true
values:
- tempo:
+ tempo:
resources:
limits:
cpu: 200m
@@ -54,48 +142,68 @@ tempo:
requests:
cpu: 200m
memory: 256Mi
+ tempoQuery:
+ resources:
+ limits:
+ cpu: 100m
+ memory: 256Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
-fluentbit:
- enabled: false
-promtail:
- enabled: true
-
-monitoring:
+monitoring:
values:
prometheus:
prometheusSpec:
resources:
requests:
- cpu: 200m
- memory: 256Mi
+ cpu: 100m
+ memory: 128Mi
limits:
- cpu: 200m
- memory: 256Mi
+ cpu: 300m
+ memory: 2Gi
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 128Mi
- limits:
- cpu: 10m
- memory: 128Mi
prometheus-node-exporter:
+ hostRootFsMount:
+ enabled: false
resources:
requests:
cpu: 100m
memory: 128Mi
- limits:
- cpu: 100m
- memory: 128Mi
grafana:
testFramework:
enabled: false
- downloadDashboards:
+ prometheusOperator:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ prometheusConfigReloader:
resources:
- limits:
- cpu: 20m
- memory: 20Mi
requests:
- cpu: 20m
- memory: 20Mi
+ cpu: 50m
+ memory: 50Mi
+ limits:
+ cpu: 100m
+ memory: 50Mi
+
+twistlock:
+ enabled: true
+ values:
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 50m
+ init:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 100m
+ memory: 128Mi
diff --git a/docs/guides/deployment-scenarios/appliance-mode.md b/docs/guides/deployment-scenarios/appliance-mode.md
index 0489b4737a..36bea51cbf 100644
--- a/docs/guides/deployment-scenarios/appliance-mode.md
+++ b/docs/guides/deployment-scenarios/appliance-mode.md
@@ -11,13 +11,13 @@ There is a values.yaml file in this same directory which provides an example of
| Flux | source, helm, kustomize & notification controllers |
| Istio | Possibly too heavy for reduced compute but still able to run on above machine |
| Jaeger | Not enough value to justify value and footprint above Tempo |
-| Tempo | integrated with grafana to provide tracing capability |
+| Tempo | tracing capability integrated with grafana |
| Kiali | Not enough value to justify running in smaller footprint |
| Monitoring | Prometheus/Alertmanager/Grafana for monitoring/alerting |
| ECK | Too heavy for reduced compute |
| Loki/Promtail | need logging |
| Gatekeeper/Kyverno | Static environment on edge, compliance will be validated in development/cloud |
-| Cluster Auditor | Static environment on edge, compliance will be validated in development/cloud |
-| Twistlock | Runtime security at least |
+| Cluster Auditor/Kyerno Reporter | Static environment on edge, compliance will be validated in development/cloud |
+| Twistlock/Neuvector | Runtime security at least |
-Review and reference [the values file in the configs folder to deploy BigBang in Appliance Mode](../../assets/configs/appliance-mode/values.yaml).
\ No newline at end of file
+Review and reference [the values file in the configs folder to deploy BigBang in Appliance Mode](../../assets/configs/appliance-mode/values.yaml).
--
GitLab