upgrade de versoes dos subcharts

CHANGELOG.md

@@ -0,0 +1,18 @@
+# Release Notes
+
+## Version 0.8.0 - 2020-10-15
+
+Upgrades:
+
+- cert-manager: 1.0.3
+- external-dns: 3.4.6
+- nginx-ingress: REMOVED
+- ingress-nginx: 3.7.1
+- prometheus-operator: REMOVED
+- kube-prometheus-stack: 10.1.0
+- loki-stack: 0.41.2
+- vault: 0.7.0
+
+## Version 0.7.2 and before
+
+Crazy times, no record. Sorry fot that.

DEVELOP.md

@@ -0,0 +1,56 @@
+# Development
+
+Este documento explica como montar um ambiente para desenvolvimento do chart do vtg-ipaas.
+
+## Pré-requisitos
+
+### Arquivo /etc/hosts
+
+Insira a linha abaixo no arquivo /etc/hosts da estação de desenvolvimento:
+
+```
+127.0.0.1 	whoami.localdomain
+```
+
+### Ferramentas
+
+Instale localmente as seguintes ferramentas:
+
+- k3d
+- helm
+- kubectl
+
+### Cluster k3d local
+
+Crie um cluster k3d local para uso durante o desenvolvimento:
+
+```sh
+k3d create -n vkpr-local \
+  --publish 8080:32080 \
+  --server-arg "--no-deploy=traefik"
+```
+
+Os parâmetros acima desligam o Trefik (default do k3d), pois o Kong será o Ingress Controller.
+Após a criação do cluster ajuste o KUBECONFIG:
+
+```sh
+export KUBECONFIG="$(k3d get-kubeconfig --name='vkpr-local')"
+kubectl cluster-info 
+```
+
+## Local VKPR deployment
+
+### Get chart dependencies
+
+```sh
+cd charts/vkpr
+helm dependency update
+cd ../..
+```
+
+### Helm upgrade/install
+
+```sh
+helm upgrade -i vkpr -f ./examples/values-local.yaml ./charts/vkpr
+```
+

README.md

@@ -80,15 +80,15 @@ The **Backup Stack** is dedicated to backup and restore tools in order to migrat
 
 ## Charts version
 
-|                                                 Charts                                         | VKPR 0.7.2 |
+|                                                 Charts                                         | VKPR 0.8.0 |
 |------------------------------------------------------------------------------------------------|------------|
-| [cert-manager](https://charts.vertigo.com.br/docs/stacks#cert-manager)                         |  `1.0.1`   |
-| [ExternalDNS](https://charts.vertigo.com.br/docs/stacks#externaldns)                           |  `3.2.2`   |
-| [Loki](https://charts.vertigo.com.br/docs/stacks#loki)                                         |  `0.37.0`  |
+| [cert-manager](https://charts.vertigo.com.br/docs/stacks#cert-manager)                         |  `1.0.3`   |
+| [ExternalDNS](https://charts.vertigo.com.br/docs/stacks#externaldns)                           |  `3.4.6`   |
+| [Loki](https://charts.vertigo.com.br/docs/stacks#loki)                                         |  `0.41.2`  |
 | [Keycloak](https://charts.vertigo.com.br/docs/stacks#keycloak)                                 |  `8.2.2`   |
-| [NGINX Ingress Controller](https://charts.vertigo.com.br/docs/stacks#nginx-ingress-controller) |  `1.34.3`  |
-| [Prometheus Operator](https://charts.vertigo.com.br/docs/stacks#prometheus-operator)           |  `8.12.3`  |
-| [Vault](https://charts.vertigo.com.br/docs/stacks#vault)                                       |  `0.5.0`   |
+| [NGINX Ingress Controller](https://charts.vertigo.com.br/docs/stacks#nginx-ingress-controller) |  `3.7.1`  |
+| [Kube Prometheus Stack](https://charts.vertigo.com.br/docs/stacks#prometheus-operator)         |  `10.1.0`  |
+| [Vault](https://charts.vertigo.com.br/docs/stacks#vault)                                       |  `0.7.0`   |
 | [Velero](https://charts.vertigo.com.br/docs/stacks#velero)                                     |  `2.7.4`   |
 
 ## Requisites

charts/vkpr/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vkpr
-version: 0.7.2
+version: 0.8.0
 appVersion: v1.4.0
 home: https://github.com/vertigobr/vkpr
 icon: https://vertigo.com.br/wp-content/uploads/favicon.png
@@ -17,18 +17,18 @@ dependencies:
   ### INGRESS STACK ###
   - name: external-dns
     repository: https://charts.bitnami.com/bitnami
-    version: 3.2.2
+    version: 3.4.6
     condition: external-dns.enabled
 
-  - name: nginx-ingress
-    repository: https://kubernetes-charts.storage.googleapis.com
-    version: 1.34.3
-    condition: nginx-ingress.enabled
+  - name: ingress-nginx
+    repository: https://kubernetes.github.io/ingress-nginx
+    version: 3.7.1
+    condition: ingress-nginx.enabled
 
   ### LOGGING STACK ###
   - name: loki-stack
     repository: https://grafana.github.io/loki/charts
-    version: 0.37.0
+    version: 0.41.2
     condition: loki-stack.enabled
 #
 # LOGGING STACK
@@ -68,10 +68,10 @@ dependencies:
 #   condition: fluent-bit.enabled
 
   ### MONITORING STACK ###
-  - name: prometheus-operator
-    repository: https://kubernetes-charts.storage.googleapis.com
-    version: 8.12.3
-    condition: prometheus-operator.enabled
+  - name: kube-prometheus-stack
+    repository: https://prometheus-community.github.io/helm-charts
+    version: 10.1.0
+    condition: kube-prometheus-stack.enabled
 
 # - name: metrics-server
 #   repository: https://kubernetes-charts.storage.googleapis.com
@@ -91,7 +91,7 @@ dependencies:
   ### SECURITY STACK ###
   - name: cert-manager
     repository: https://charts.jetstack.io
-    version: v1.0.1
+    version: v1.0.3
     condition: cert-manager.enabled
 
   - name: keycloak
@@ -101,7 +101,7 @@ dependencies:
 
   - name: vault
     repository: https://helm.releases.hashicorp.com
-    version: 0.5.0
+    version: 0.7.0
     condition: vault.enabled
 
   ### BACKUP STACK ###

charts/vkpr/values.yaml

@@ -14,7 +14,7 @@ external-dns:
 
 cert-manager:
   enabled: false
-  installCRDs: true
+  installCRDs: false
 
 graylog:
   enabled: false

examples/values-local.yaml

@@ -1,20 +1,21 @@
 #
-# Valores para testes com o k3d.
-# Note que o stack ingress foi desabilitado, pois o k3d já embute um Traefik.
+# Valores para testes locais com o k3d.
 #
-# helm upgrade -i -f values-k3d.yaml vkpr ./vkpr
+# helm upgrade -i vkpr -f examples/values-local.yaml ./charts/vkpr
 #
 # Coloque as seguintes entradas no /etc/hosts :
 # 127.0.0.1    whoami.localdomain grafana.localdomain graylog.localdomain
 #
 # Alguns charts são antigos e falham no k8s >= 1.16. Corrija com:
 # helm plugin install https://github.com/ContainerSolutions/helm-convert 
 #
+# IMPORTANTE: em testes locais, onde o cluster é descartável, recomendamos deixar
+# o Helm criar os CRDs quando o chart permitir.
 
 #
 # INGRESS STACK
 #
-nginx-ingress:
+ingress-nginx:
   enabled: true
   controller:
     service:
@@ -26,6 +27,7 @@ external-dns:
   enabled: false
 cert-manager:
   enabled: false
+  installCRDs: true
 
 # chart values
 ingress:
@@ -86,11 +88,35 @@ loki-stack:
 #
 # MONITORING STACK
 #
-prometheus-operator:
+kube-prometheus-stack:
   enabled: true
+  alertmanager:
+    enabled: false
   prometheusOperator:
-    createCustomResource: false
+    enabled: true
+    manageCrds: true   # ok para ambiente local
+  kubeApiServer:
+    enabled: true
+  kubelet:
+    enabled: true
+  kubeControllerManager:
+    enabled: true
+  coreDns:
+    enabled: true
+  kubeDns:
+    enabled: false
+  kubeEtcd:
+    enabled: true
+  kubeScheduler:
+    enabled: true
+  kubeProxy:
+    enabled: true
+  kubeStateMetrics:
+    enabled: true
+  nodeExporter:
+    enabled: true
   grafana:
+    enabled: false
     image:
       repository: vertigo/grafana
       tag: 7.0.0
@@ -115,11 +141,39 @@ prometheus-operator:
         api_url: http://keycloak.localdomain:32080/auth/realms/vkpr/protocol/openid-connect/userinfo
         allowed_domains: grafana.localdomain keycloak.localdomain
         allow_sign_up: true
+  # deploy prometheus instance
+  prometheus:
+    enabled: true
 
+#
 # SECURITY STACK
 #
-keycloak:
+
+#
+# Vault:
+# É preciso inicializar e fazer unseal
+# https://learn.hashicorp.com/tutorials/vault/kubernetes-raft-deployment-guide#initialize-and-unseal-vault
+# Resumo:
+# kubectl get pods -l app.kubernetes.io/name=vault
+# kubectl exec -ti vkpr-vault-0 -- vault operator init
+# kubectl exec -ti vkpr-vault-0 -- vault operator unseal KEY # repetir 3 vezes
+# 
+vault:
   enabled: true
+  server:
+    ha:
+      enabled: true
+      raft:
+        enabled: true
+      replicas: 1
+    ingress:
+      enabled: true
+      hosts:
+        - host: vault.localdomain
+          path: ["/"]
+
+keycloak:
+  enabled: false
   prometheus:
     operator:
       enabled: true