diff --git a/charts/k8s-reporter/MINTLIFY.md.gotmpl b/charts/k8s-reporter/MINTLIFY.md.gotmpl deleted file mode 100644 index 27d2cae92..000000000 --- a/charts/k8s-reporter/MINTLIFY.md.gotmpl +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Kubernetes Reporter Helm Chart -description: A Helm chart for installing the Kosli K8S reporter as a cronjob. ---- - -{{ template "chart.header" . }} - -{{ template "mintlify.versionInfo" . }} - -{{ template "chart.description" . }} -{{ template "extra.longdescription" . }} - -{{ template "extra.prerequisites" . }} - -{{ template "mintlify.install" . }} - -{{ template "extra.upgrade" . }} - -{{ template "extra.uninstall" . }} - -{{ template "mintlify.customCA" . }} - -{{ template "mintlify.karpenter" . }} - -{{ template "mintlify.configurations" . }} - ---- - -{{ template "helm-docs.versionFooter" . }} diff --git a/charts/k8s-reporter/README.md b/charts/k8s-reporter/README.md index 49961692d..43fc22e9d 100644 --- a/charts/k8s-reporter/README.md +++ b/charts/k8s-reporter/README.md @@ -17,10 +17,10 @@ Version 2.0.0 removes the previous single-environment mode (`kosliEnvironmentNam ## Prerequisites -- A Kubernetes cluster (minimum supported version is `v1.21`) -- Helm v3.0+ -- If you want to report artifacts from just one namespace, you need to have permissions to `get` and `list` pods in that namespace. -- If you want to report artifacts from multiple namespaces or entire cluster, you need to have cluster-wide permissions to `get` and `list` pods. +* A Kubernetes cluster (minimum supported version is `v1.21`) +* Helm v3.0+ +* If you want to report artifacts from just one namespace, you need to have permissions to `get` and `list` pods in that namespace. +* If you want to report artifacts from multiple namespaces or entire cluster, you need to have cluster-wide permissions to `get` and `list` pods. ## Installing the chart @@ -204,7 +204,7 @@ cronSchedule: "*/15 * * * *" | affinity | object | `{}` | affinity rules for scheduling the reporter pod. Supports nodeAffinity, podAffinity and podAntiAffinity. | | concurrencyPolicy | string | `"Replace"` | specifies how to treat concurrent executions of a Job that is created by this CronJob | | cronSchedule | string | `"*/5 * * * *"` | the cron schedule at which the reporter is triggered to report to Kosli | -| customCA | object | `{"enabled":false,"key":"ca.crt","secretName":""}` | convenience wrapper for mounting a corporate / custom CA bundle. See the "Running behind a TLS-inspecting proxy" section of the README for usage. | +| customCA | object | `{"enabled":false,"key":"ca.crt","secretName":""}` | convenience wrapper for mounting a corporate / custom CA bundle. See [Running behind a TLS-inspecting proxy](https://docs.kosli.com/helm/k8s_reporter/tls-proxy) for usage. | | customCA.enabled | bool | `false` | enable mounting a corporate/custom CA bundle into the trust store | | customCA.key | string | `"ca.crt"` | key within the Secret that holds the PEM-formatted CA certificate (single cert or multi-cert PEM bundle) | | customCA.secretName | string | `""` | name of an existing Secret in the same namespace containing the CA bundle | @@ -220,7 +220,7 @@ cronSchedule: "*/15 * * * *" | kosliApiToken.secretKey | string | `"key"` | the name of the key in the secret data which contains the Kosli API token | | kosliApiToken.secretName | string | `"kosli-api-token"` | the name of the secret containing the kosli API token | | nameOverride | string | `""` | overrides the name used for the created k8s resources. If `fullnameOverride` is provided, it has higher precedence than this one | -| nodeSelector | object | `{}` | node labels for scheduling the reporter pod. On EKS with Karpenter, use this to pin the reporter to a stable managed node group (e.g. `eks.amazonaws.com/nodegroup: `) so it does not interfere with node consolidation. See the "Running on EKS with Karpenter" section of the README. | +| nodeSelector | object | `{}` | node labels for scheduling the reporter pod. On EKS with Karpenter, use this to pin the reporter to a stable managed node group (e.g. `eks.amazonaws.com/nodegroup: `) so it does not interfere with node consolidation. See [Running on EKS with Karpenter](https://docs.kosli.com/helm/k8s_reporter/karpenter). | | podAnnotations | object | `{}` | annotations to add to the CronJob object itself. For pod-level annotations (added to each reporter pod), use `podTemplateAnnotations` instead. | | podLabels | object | `{}` | custom labels to add to pods | | podTemplateAnnotations | object | `{}` | annotations to add to the reporter pod template (applied to each Job pod that the CronJob creates) | @@ -238,7 +238,7 @@ cronSchedule: "*/15 * * * *" | serviceAccount.annotations | object | `{}` | annotations to add to the service account | | serviceAccount.create | bool | `true` | specifies whether a service account should be created | | serviceAccount.name | string | `""` | the name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| serviceAccount.permissionScope | string | `"cluster"` | specifies whether to create a cluster-wide permissions for the service account or namespace-scoped permissions. allowed values are: [cluster, namespace] | +| serviceAccount.permissionScope | string | `"cluster"` | specifies whether to create a cluster-wide permissions for the service account or namespace-scoped permissions. allowed values are: `cluster` or `namespace` | | successfulJobsHistoryLimit | int | `3` | specifies the number of successful finished jobs to keep | | tolerations | list | `[]` | tolerations for scheduling the reporter pod, e.g. to run on a dedicated or tainted node group. | diff --git a/charts/k8s-reporter/_mintlify_templates.gotmpl b/charts/k8s-reporter/_mintlify_templates.gotmpl index 150d07665..4a9f1e14d 100644 --- a/charts/k8s-reporter/_mintlify_templates.gotmpl +++ b/charts/k8s-reporter/_mintlify_templates.gotmpl @@ -1,92 +1,146 @@ -{{ define "mintlify.install" -}} -## Installing the chart +{{/* + Partials for the Mintlify docs pages published at docs.kosli.com/helm/k8s_reporter/. + Each "mintlify.*" define below is the body of one page; the page entry points + (frontmatter + template calls) live in the mintlify/ directory. + Prose shared with the GitHub README lives in the body.* partials in + _templates.gotmpl. The installing / tls-proxy / karpenter partials are an + intentional fork of their extra.* counterparts: they use Mintlify components + (, , ) and different heading levels, so they cannot be + shared verbatim -- keep them in sync with _templates.gotmpl when editing. + Rendered by .github/workflows/update-cli-docs.yml in the kosli-dev/docs repo. +*/}} +{{ define "mintlify.versionInfo" -}} + + This reference applies to **chart version {{ .Version }}**, which defaults to CLI **{{ .AppVersion }}** via `appVersion`. Override with `image.tag`. + +{{- end }} + +{{ define "mintlify.overviewBody" -}} +{{ template "body.description" . }} + +Chart source can be found at [GitHub](https://github.com/kosli-dev/cli/tree/main/charts/k8s-reporter). + +## In this section + + + + + + + + + + +{{- end }} + +{{ define "mintlify.prerequisites" -}} +{{ template "body.prerequisites" . }} +{{- end }} + +{{ define "mintlify.installing" -}} To install this chart via the Helm chart repository: - ```shell - helm repo add kosli https://charts.kosli.com/ && helm repo update - ``` + ```shell + helm repo add kosli https://charts.kosli.com/ && helm repo update + ``` + - ```shell - kubectl create secret generic kosli-api-token --from-literal=key= - ``` + ```shell + kubectl create secret generic kosli-api-token --from-literal=key= + ``` + - Configure **reporterConfig.environments** (required). Each entry has required `name` and optional `namespaces`, `namespacesRegex`, `excludeNamespaces`, `excludeNamespacesRegex`. Omit namespace fields for an entry to report the entire cluster to that environment. - - **One environment, entire cluster:** - - ```yaml - # values.yaml - reporterConfig: - kosliOrg: - environments: - - name: - ``` - - **One environment, specific namespaces:** - - ```yaml - reporterConfig: - kosliOrg: - environments: - - name: - namespaces: [namespace1, namespace2] - ``` - - **Multiple environments with different selectors:** - - ```yaml - reporterConfig: - kosliOrg: - environments: - - name: prod-env - namespaces: [prod-ns1, prod-ns2] - - name: staging-env - namespacesRegex: ["^staging-.*"] - - name: infra-env - excludeNamespaces: [prod-ns1, prod-ns2, default] - ``` - - ```shell - helm install kosli-reporter kosli/k8s-reporter -f values.yaml - ``` + Configure **reporterConfig.environments** (required). Each entry has required `name` and optional `namespaces`, `namespacesRegex`, `excludeNamespaces`, `excludeNamespacesRegex`. Omit namespace fields for an entry to report the entire cluster to that environment. + + **One environment, entire cluster:** + + ```yaml + # values.yaml + reporterConfig: + kosliOrg: + environments: + - name: + ``` + + **One environment, specific namespaces:** + + ```yaml + reporterConfig: + kosliOrg: + environments: + - name: + namespaces: [namespace1, namespace2] + ``` + + **Multiple environments with different selectors:** + + ```yaml + reporterConfig: + kosliOrg: + environments: + - name: prod-env + namespaces: [prod-ns1, prod-ns2] + - name: staging-env + namespacesRegex: ["^staging-.*"] + - name: infra-env + excludeNamespaces: [prod-ns1, prod-ns2, default] + ``` + + ```shell + helm install kosli-reporter kosli/k8s-reporter -f values.yaml + ``` -Chart source can be found at [GitHub](https://github.com/kosli-dev/cli/tree/main/charts/k8s-reporter). +See all available options in the [configuration reference](/helm/k8s_reporter/configuration). +{{- end }} + +{{ define "mintlify.upgrading" -}} +## Breaking change in v2.0.0 -See all available [configuration options](#configurations) below. +{{ template "body.breakingChangeV2" . }} +If upgrading from v1.x to v2.0.0, migrate your values to the **environments** list format (see [Installing the chart](/helm/k8s_reporter/installing)). + +## Upgrade command + +{{ template "body.upgradeCmd" . }} {{- end }} -{{ define "mintlify.customCA" -}} -## Running behind a TLS-inspecting proxy (corporate / custom CA bundle) +{{ define "mintlify.uninstalling" -}} +To remove the k8s-reporter release and its resources from your cluster: + +{{ template "body.uninstallCmd" . }} +{{- end }} +{{ define "mintlify.tlsProxy" -}} If your network sits behind a TLS-inspecting appliance (Zscaler, Netskope, Palo Alto, etc.) that re-signs HTTPS traffic with a corporate CA certificate, the reporter will fail with `x509: certificate signed by unknown authority`. To fix this, make the appliance's CA bundle available to the reporter. The chart offers two ways to do this. Use whichever fits your deployment flow. -### Option 1 — customCA convenience wrapper (recommended for the common case) +## Option 1 — customCA convenience wrapper (recommended for the common case) - PEM format, single cert or bundle: + PEM format, single cert or bundle: - ```shell - kubectl create secret generic corporate-ca-bundle --from-file=ca.crt=/path/to/corporate-ca.crt - ``` + ```shell + kubectl create secret generic corporate-ca-bundle --from-file=ca.crt=/path/to/corporate-ca.crt + ``` + - ```yaml - customCA: - enabled: true - secretName: corporate-ca-bundle - key: ca.crt - ``` + ```yaml + customCA: + enabled: true + secretName: corporate-ca-bundle + key: ca.crt + ``` @@ -94,7 +148,7 @@ The chart mounts the certificate as a single file at `/etc/ssl/certs/kosli-custo The wrapper deliberately does **not** set `SSL_CERT_FILE`. Setting it would replace the system bundle entirely with the customer's file, breaking trust for any public CAs the bundle does not include. -### Option 2 — generic extraVolumes / extraVolumeMounts / extraEnvVars +## Option 2 — generic extraVolumes / extraVolumeMounts / extraEnvVars Use these when you need a non-default mount path, a ConfigMap instead of a Secret, multiple volumes, or any other shape the wrapper does not cover: @@ -111,28 +165,26 @@ extraVolumeMounts: ``` -If you mount the CA outside `/etc/ssl/certs/` and set `SSL_CERT_FILE` via `extraEnvVars`, your bundle must include the public CAs you also need to trust — Go uses only that file when `SSL_CERT_FILE` is set. + If you mount the CA outside `/etc/ssl/certs/` and set `SSL_CERT_FILE` via `extraEnvVars`, your bundle must include the public CAs you also need to trust — Go uses only that file when `SSL_CERT_FILE` is set. -### Pod Security Standards +## Pod Security Standards Both options use `secret`-backed volumes, which are permitted under the Pod Security Standards `restricted` profile. `hostPath` mounts are not permitted under that profile and should not be used here. -### Cluster-wide alternative +## Cluster-wide alternative If you already run [cert-manager's trust-manager](https://cert-manager.io/docs/trust/trust-manager/) to distribute a corporate CA bundle into a well-known ConfigMap in every namespace, point `extraVolumes` / `extraVolumeMounts` at that ConfigMap instead of creating a per-namespace Secret. {{- end }} {{ define "mintlify.karpenter" -}} -## Running on EKS with Karpenter (or another node autoscaler) - By default the reporter runs as a CronJob every 5 minutes. On clusters that use [Karpenter](https://karpenter.sh) for node autoscaling, this frequent scheduling can prevent nodes from being **consolidated** (scaled down). The cause is Karpenter's `consolidateAfter` timer: Karpenter only consolidates a node once it has seen no pod scheduling activity on it for the configured window. A reporter pod arriving every 5 minutes keeps resetting that timer, so any node whose `consolidateAfter` is longer than the reporter interval never becomes eligible for consolidation (see [karpenter#1921](https://github.com/kubernetes-sigs/karpenter/issues/1921)). This is Karpenter working as designed, not a reporter bug. Frequent snapshots are what let Kosli surface drift or an unauthorized change quickly, so the best fix keeps the 5-minute cadence and moves the reporter out of Karpenter's way. Widening the interval trades away that detection speed and should be a last resort. -### 1. Pin the reporter to a stable node group (recommended) +## 1. Pin the reporter to a stable node group (recommended) If you run a stable managed node group that Karpenter does not manage, schedule the reporter there so it never disturbs Karpenter-managed nodes. Use `nodeSelector`, and `tolerations` if that node group is tainted: @@ -159,11 +211,11 @@ affinity: operator: DoesNotExist ``` -### 2. Run the reporter out of the cluster +## 2. Run the reporter out of the cluster For zero footprint on cluster nodes, run `kosli snapshot k8s` on a schedule outside the cluster (for example a CI cron job) with kubeconfig access, keeping your reporting cadence without placing a pod on the cluster's nodes. See the [Kubernetes environment reporting tutorial](/tutorials/report_k8s_envs). -### 3. Widen the report interval (last resort) +## 3. Widen the report interval (last resort) Only if you cannot pin the reporter or move it out of cluster: set `cronSchedule` longer than your NodePool's `consolidateAfter` so nodes get quiet windows long enough to consolidate. This works, but a longer interval widens the window in which a change can go unreported, so prefer the options above. @@ -172,20 +224,12 @@ cronSchedule: "*/15 * * * *" ``` -`karpenter.sh/do-not-disrupt: "true"` is **not** a fix here. It prevents Karpenter from disrupting the pod, which protects a mid-run report from interruption but makes consolidation of that node *less* likely, not more. Likewise `cluster-autoscaler.kubernetes.io/safe-to-evict` only affects the Kubernetes Cluster Autoscaler and is ignored by Karpenter. + `karpenter.sh/do-not-disrupt: "true"` is **not** a fix here. It prevents Karpenter from disrupting the pod, which protects a mid-run report from interruption but makes consolidation of that node *less* likely, not more. Likewise `cluster-autoscaler.kubernetes.io/safe-to-evict` only affects the Kubernetes Cluster Autoscaler and is ignored by Karpenter. {{- end }} -{{ define "mintlify.versionInfo" -}} - -This reference applies to **chart version {{ .Version }}**, which defaults to CLI **{{ .AppVersion }}** via `appVersion`. Override with `image.tag`. - -{{- end }} - {{ define "mintlify.configurations" -}} -## Configurations - -### General +## General {{ range .Values -}} {{ if not (or (hasPrefix "image." .Key) (hasPrefix "reporterConfig." .Key) (hasPrefix "kosliApiToken." .Key) (hasPrefix "customCA" .Key) (hasPrefix "resources." .Key) (hasPrefix "serviceAccount." .Key) (eq "env" .Key) (eq "extraEnvVars" .Key) (eq "extraVolumes" .Key) (eq "extraVolumeMounts" .Key)) -}} @@ -194,7 +238,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Image +## Image {{ range .Values -}} {{ if hasPrefix "image." .Key -}} @@ -203,7 +247,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Reporter configuration +## Reporter configuration {{ range .Values -}} {{ if hasPrefix "reporterConfig." .Key -}} @@ -212,7 +256,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Kosli API token +## Kosli API token {{ range .Values -}} {{ if hasPrefix "kosliApiToken." .Key -}} @@ -221,7 +265,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Environment variables +## Environment variables {{ range .Values -}} {{ if or (eq "env" .Key) (eq "extraEnvVars" .Key) -}} @@ -230,7 +274,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Volumes +## Volumes {{ range .Values -}} {{ if or (eq "extraVolumes" .Key) (eq "extraVolumeMounts" .Key) -}} @@ -239,7 +283,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Custom CA +## Custom CA {{ range .Values -}} {{ if hasPrefix "customCA" .Key -}} @@ -248,7 +292,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Resources +## Resources {{ range .Values -}} {{ if hasPrefix "resources." .Key -}} @@ -257,7 +301,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ end -}} {{ end -}} -### Service account +## Service account {{ range .Values -}} {{ if hasPrefix "serviceAccount." .Key -}} @@ -269,7 +313,7 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{ define "mintlify.paramField" -}} {{- $d := .Default | trimPrefix "`" | trimSuffix "`" -}} -{{- $desc := or .Description .AutoDescription -}} +{{- $desc := or .Description .AutoDescription | replace "https://docs.kosli.com/" "/" -}} {{- if $desc -}} {{- $desc = printf "%s%s" (substr 0 1 $desc | upper) (substr 1 -1 $desc) -}} {{- if not (hasSuffix "." $desc) -}}{{- $desc = printf "%s." $desc -}}{{- end -}} @@ -284,3 +328,9 @@ This reference applies to **chart version {{ .Version }}**, which defaults to CL {{- end }} {{- end }} + +{{ define "mintlify.versionFooter" -}} +*** + +Autogenerated from chart metadata using [helm-docs v{{ .HelmDocsVersion }}](https://github.com/norwoodj/helm-docs/releases/v{{ .HelmDocsVersion }}). +{{- end }} diff --git a/charts/k8s-reporter/_templates.gotmpl b/charts/k8s-reporter/_templates.gotmpl index 6f4cf8ab1..e20b8563a 100644 --- a/charts/k8s-reporter/_templates.gotmpl +++ b/charts/k8s-reporter/_templates.gotmpl @@ -1,20 +1,50 @@ -{{ define "extra.longdescription" -}} -The chart allows you to create a Kubernetes cronjob and all its necessary RBAC to report running images to Kosli at a given cron schedule. +{{/* + body.* partials contain prose shared verbatim between the GitHub README + (extra.* partials below) and the Mintlify docs pages (mintlify.* partials + in _mintlify_templates.gotmpl). Edit here to update both outputs. +*/}} + +{{ define "body.description" -}} +The chart allows you to create a Kubernetes CronJob and all its necessary RBAC to report running images to Kosli at a given cron schedule. Configuration is done via **reporterConfig.environments**: a list of Kosli environments to report to. Each entry has a required `name` and optional namespace selectors. Use one entry for a single environment, or multiple entries to report to different environments with different selectors. +{{- end }} + +{{ define "body.breakingChangeV2" -}} +Version 2.0.0 removes the previous single-environment mode (`kosliEnvironmentName` and the `namespaces` / `namespacesRegex` / `excludeNamespaces` / `excludeNamespacesRegex` flags). You now configure one or more environments only via **reporterConfig.environments**. To report a single environment, use a list with one entry. +{{- end }} + +{{ define "body.prerequisites" -}} +* A Kubernetes cluster (minimum supported version is `v1.21`) +* Helm v3.0+ +* If you want to report artifacts from just one namespace, you need to have permissions to `get` and `list` pods in that namespace. +* If you want to report artifacts from multiple namespaces or entire cluster, you need to have cluster-wide permissions to `get` and `list` pods. +{{- end }} + +{{ define "body.upgradeCmd" -}} +```shell +helm upgrade kosli-reporter kosli/k8s-reporter -f values.yaml +``` +{{- end }} + +{{ define "body.uninstallCmd" -}} +```shell +helm uninstall kosli-reporter +``` +{{- end }} + +{{ define "extra.longdescription" -}} +{{ template "body.description" . }} ## Breaking change in v2.0.0 -Version 2.0.0 removes the previous single-environment mode (`kosliEnvironmentName` and the `namespaces` / `namespacesRegex` / `excludeNamespaces` / `excludeNamespacesRegex` flags). You now configure one or more environments only via **reporterConfig.environments**. To report a single environment, use a list with one entry. +{{ template "body.breakingChangeV2" . }} {{- end }} {{ define "extra.prerequisites" -}} ## Prerequisites -- A Kubernetes cluster (minimum supported version is `v1.21`) -- Helm v3.0+ -- If you want to report artifacts from just one namespace, you need to have permissions to `get` and `list` pods in that namespace. -- If you want to report artifacts from multiple namespaces or entire cluster, you need to have cluster-wide permissions to `get` and `list` pods. +{{ template "body.prerequisites" . }} {{- end }} {{ define "extra.install" -}} @@ -85,17 +115,13 @@ helm install kosli-reporter kosli/k8s-reporter -f values.yaml If upgrading from v1.x to v2.0.0, migrate your values to the **environments** list format (see above). Then: -```shell -helm upgrade kosli-reporter kosli/k8s-reporter -f values.yaml -``` +{{ template "body.upgradeCmd" . }} {{- end }} {{ define "extra.uninstall" -}} ## Uninstalling chart -```shell -helm uninstall kosli-reporter -``` +{{ template "body.uninstallCmd" . }} {{- end }} {{ define "extra.customCA" -}} diff --git a/charts/k8s-reporter/mintlify/configuration.md.gotmpl b/charts/k8s-reporter/mintlify/configuration.md.gotmpl new file mode 100644 index 000000000..92f0ac730 --- /dev/null +++ b/charts/k8s-reporter/mintlify/configuration.md.gotmpl @@ -0,0 +1,8 @@ +--- +title: Configuration reference +description: All values.yaml options for the Kosli k8s-reporter Helm chart. +--- + +{{ template "mintlify.configurations" . }} + +{{ template "mintlify.versionFooter" . }} diff --git a/charts/k8s-reporter/mintlify/installing.md.gotmpl b/charts/k8s-reporter/mintlify/installing.md.gotmpl new file mode 100644 index 000000000..c27ebc828 --- /dev/null +++ b/charts/k8s-reporter/mintlify/installing.md.gotmpl @@ -0,0 +1,6 @@ +--- +title: Installing the chart +description: Install the Kosli k8s-reporter Helm chart via the Kosli Helm repository. +--- + +{{ template "mintlify.installing" . }} diff --git a/charts/k8s-reporter/mintlify/karpenter.md.gotmpl b/charts/k8s-reporter/mintlify/karpenter.md.gotmpl new file mode 100644 index 000000000..22f4efd9f --- /dev/null +++ b/charts/k8s-reporter/mintlify/karpenter.md.gotmpl @@ -0,0 +1,6 @@ +--- +title: Running on EKS with Karpenter +description: Keep the k8s-reporter out of Karpenter's way so nodes can still consolidate. +--- + +{{ template "mintlify.karpenter" . }} diff --git a/charts/k8s-reporter/mintlify/overview.md.gotmpl b/charts/k8s-reporter/mintlify/overview.md.gotmpl new file mode 100644 index 000000000..06c60e932 --- /dev/null +++ b/charts/k8s-reporter/mintlify/overview.md.gotmpl @@ -0,0 +1,9 @@ +--- +title: Kubernetes Reporter Helm Chart +description: A Helm chart for installing the Kosli K8s reporter as a CronJob. +--- + +{{ template "mintlify.versionInfo" . }} + +{{ template "chart.description" . }} +{{ template "mintlify.overviewBody" . }} diff --git a/charts/k8s-reporter/mintlify/prerequisites.md.gotmpl b/charts/k8s-reporter/mintlify/prerequisites.md.gotmpl new file mode 100644 index 000000000..23f96a1e6 --- /dev/null +++ b/charts/k8s-reporter/mintlify/prerequisites.md.gotmpl @@ -0,0 +1,6 @@ +--- +title: Prerequisites +description: Requirements for installing the Kosli k8s-reporter Helm chart. +--- + +{{ template "mintlify.prerequisites" . }} diff --git a/charts/k8s-reporter/mintlify/tls-proxy.md.gotmpl b/charts/k8s-reporter/mintlify/tls-proxy.md.gotmpl new file mode 100644 index 000000000..28e98fb09 --- /dev/null +++ b/charts/k8s-reporter/mintlify/tls-proxy.md.gotmpl @@ -0,0 +1,6 @@ +--- +title: Running behind a TLS-inspecting proxy +description: Trust a corporate / custom CA bundle when running the k8s-reporter behind a TLS-inspecting proxy. +--- + +{{ template "mintlify.tlsProxy" . }} diff --git a/charts/k8s-reporter/mintlify/uninstalling.md.gotmpl b/charts/k8s-reporter/mintlify/uninstalling.md.gotmpl new file mode 100644 index 000000000..5ea60c8d5 --- /dev/null +++ b/charts/k8s-reporter/mintlify/uninstalling.md.gotmpl @@ -0,0 +1,6 @@ +--- +title: Uninstalling the chart +description: Remove the Kosli k8s-reporter release from your cluster. +--- + +{{ template "mintlify.uninstalling" . }} diff --git a/charts/k8s-reporter/mintlify/upgrading.md.gotmpl b/charts/k8s-reporter/mintlify/upgrading.md.gotmpl new file mode 100644 index 000000000..91b6f8605 --- /dev/null +++ b/charts/k8s-reporter/mintlify/upgrading.md.gotmpl @@ -0,0 +1,6 @@ +--- +title: Upgrading the chart +description: Upgrade an existing Kosli k8s-reporter release, including migration notes for v2.0.0. +--- + +{{ template "mintlify.upgrading" . }} diff --git a/charts/k8s-reporter/values.yaml b/charts/k8s-reporter/values.yaml index e6e0029fd..bbb05403e 100644 --- a/charts/k8s-reporter/values.yaml +++ b/charts/k8s-reporter/values.yaml @@ -18,7 +18,7 @@ fullnameOverride: "" serviceAccount: # -- specifies whether a service account should be created create: true - # -- specifies whether to create a cluster-wide permissions for the service account or namespace-scoped permissions. allowed values are: [cluster, namespace] + # -- specifies whether to create a cluster-wide permissions for the service account or namespace-scoped permissions. allowed values are: `cluster` or `namespace` permissionScope: cluster # -- annotations to add to the service account annotations: {} @@ -123,8 +123,8 @@ extraVolumeMounts: [] # mountPath: /etc/ssl/certs/corporate # readOnly: true -# -- convenience wrapper for mounting a corporate / custom CA bundle. See the -# "Running behind a TLS-inspecting proxy" section of the README for usage. +# -- convenience wrapper for mounting a corporate / custom CA bundle. See +# [Running behind a TLS-inspecting proxy](https://docs.kosli.com/helm/k8s_reporter/tls-proxy) for usage. customCA: # -- enable mounting a corporate/custom CA bundle into the trust store enabled: false @@ -139,7 +139,7 @@ podAnnotations: {} # -- annotations to add to the reporter pod template (applied to each Job pod that the CronJob creates) podTemplateAnnotations: {} -# -- node labels for scheduling the reporter pod. On EKS with Karpenter, use this to pin the reporter to a stable managed node group (e.g. `eks.amazonaws.com/nodegroup: `) so it does not interfere with node consolidation. See the "Running on EKS with Karpenter" section of the README. +# -- node labels for scheduling the reporter pod. On EKS with Karpenter, use this to pin the reporter to a stable managed node group (e.g. `eks.amazonaws.com/nodegroup: `) so it does not interfere with node consolidation. See [Running on EKS with Karpenter](https://docs.kosli.com/helm/k8s_reporter/karpenter). nodeSelector: {} # -- tolerations for scheduling the reporter pod, e.g. to run on a dedicated or tainted node group.