Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update curated package list to latest version in docs #8687

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update curated package list to latest version in docs #8687

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
128 changes: 128 additions & 0 deletions docs/content/en/docs/packages/adot/v0.40.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
---
title: "v0.40.0"
linkTitle: "v0.40.0"
weight: 20
aliases:
/docs/reference/packagespec/adot/v0.40.0/
description: >
---

### Configuring ADOT in EKS Anywhere package spec

#### Example

We included a sample configuration below for reference. For in-depth examples and use cases, please refer to [ADOT with AMP and AMG.]({{< relref "adot_amp_amg.md" >}})

```
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: my-adot
namespace: eksa-packages-<cluster-name>
spec:
packageName: adot
targetNamespace: observability
config: |
mode: daemonset
```

#### Configurable parameters and default values under `spec.config`

| Parameter | Description | Default |
|-----|---------|-------------|
|**General**|
| hostNetwork | Indicates if the pod should run in the host networking namespace. | `false` |
| image.pullPolicy | Specifies image pull policy: `IfNotPresent`, `Always`, `Never`. | `"IfNotPresent"` |
| mode | Specifies Collector deployment options: `daemonset`, `deployment`, or `statefulset`. | `"daemonset"` |
| ports.[\*].containerPort | Specifies containerPort used. | See footnote [^1] |
| ports.[\*].enabled | Indicates if a port is enabled. | See footnote [^1] |
| ports.[\*].hostPort | Specifies hostPort used. | See footnote [^1] |
| ports.[\*].protocol | Specifies protocol used. | See footnote [^1] |
| ports.[\*].servicePort | Specifies servicePort used. | See footnote [^1] |
| resources.limits.cpu | Specifies CPU resource limits for containers. | `1` |
| resources.limits.memory | Specifies memory resource limits for containers. | `"2Gi"` |
|**Config**|
| config.config | Specifies Collector receiver, processor, exporter, and extensions configurations. Refer to [aws-otel-collector](https://github.com/aws-observability/aws-otel-collector) for full details. **Note EKS Anywhere ADOT package version matches the exact aws-otel-collector version.** | See footnote [^2] |
| config.config.receiver | Specifies how data gets in the Collector. Receivers can be either push or pull based, and support one or more data source. | See footnote [^2] |
| config.config.processor | Specifies how processors are run on data between the stage of being received and being exported. Processors are optional though some are [recommended.](https://github.com/open-telemetry/opentelemetry-collector/tree/main/processor#recommended-processors) | See footnote [^2] |
| config.config.exporters | Specifies how data gets sent to backends/destinations. Exporters can be either push or pull based, and support one or more data source. | See footnote [^2] |
| config.config.extensions | Specifies tasks that do not involve processing telemetry data. Examples of extensions include health monitoring, service discovery, and data forwarding. Extensions are optional. | See footnote [^2] |
| config.config.service | Specifies what components are enabled in the Collector based on the configuration found in the receivers, processors, exporters, and extensions sections. **If a component is configured, but not defined within the service section, then it is not enabled.** | See footnote [^2] |
|**Deployment mode only**|
| replicaCount | Specifies replicaCount for pods. | `1` |
| service.type | Specifies service types: `ClusterIP`, `NodePort`, `LoadBalancer`, `ExternalName`. |`"ClusterIP"` |

[^1]:
The default `ports` enables `otlp` and `otlp-http`. See below specification for details.
```yaml
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
...
spec:
config: |
ports:
otlp:
enabled: true
containerPort: 4317
servicePort: 4317
hostPort: 4317
protocol: TCP
otlp-http:
enabled: true
containerPort: 4318
servicePort: 4318
hostPort: 4318
protocol: TCP
```

[^2]:
The default `config.config` deploys an ADOT Collector with the metrics pipeline, which includes otlp and prometheus receiver, and logging exporter. See below specification for details.
```yaml
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
...
spec:
config: |
config:
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
prometheus:
config:
scrape_configs:
- job_name: opentelemetry-collector
scrape_interval: 10s
static_configs:
- targets:
- ${MY_POD_IP}:8888
processors:
batch: {}
memory_limiter: null
exporters:
logging:
loglevel: info
extensions:
health_check: {}
memory_ballast: {}
service:
telemetry:
metrics:
address: 0.0.0.0:8888
extensions:
- health_check
- memory_ballast
pipelines:
metrics:
exporters:
- logging
processors:
- memory_limiter
- batch
receivers:
- otlp
- prometheus
```
97 changes: 97 additions & 0 deletions docs/content/en/docs/packages/credential-provider-package/v0.4.4.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
---
title: "v0.4.4"
linkTitle: "v0.4.4"
weight: 20
aliases:
/docs/reference/packagespec/credential-provider-package/v0.4.4/
description: >
---

### Configuring Credential Provider Package in EKS Anywhere package spec

#### Example

The following is the sample configuration for the credential provider package that is installed by default with the package controller.
Please refer to [Credential Provider Package with IAM Roles Anywhere.]({{< relref "iam_roles_anywhere" >}})

```
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: ecr-credential-provider-package
namespace: eksa-packages-<clusterName>
annotations:
"helm.sh/resource-policy": keep
"anywhere.eks.aws.com/internal": "true"
spec:
packageName: credential-provider-package
targetNamespace: eksa-packages
config: |-
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
sourceRegistry: public.ecr.aws/eks-anywhere
credential:
- matchImages:
- 783794618700.dkr.ecr.us-west-2.amazonaws.com
profile: "default"
secretName: aws-secret
defaultCacheDuration: "5h"
```

In this example, the credential provider will use the secret provided in aws-secret (created automatically on cluster creation) to authenticate to the repository from which curated package images are pulled. Tolerations were also added so that the control plane nodes would also be configured with authentication.

The secret can exist in two forms: either a base64 encoding of a credential config or individual keys for fields.

Example credential
```
[default]
aws_access_key_id=EXAMPLE_ACCESS_KEY
aws_secret_access_key=EXAMPLE_SECRET_KEY
region=us-west-2
```

##### Example secret with separate keys
```
apiVersion: v1
kind: Secret
metadata:
name: aws-secret
namespace: eksa-packages
data:
AWS_ACCESS_KEY_ID: "QUtJQUlPU0ZPRE5ON0VYQU1QTEUK"
AWS_SECRET_ACCESS_KEY: "d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo="
REGION: dXMtd2VzdC0yCg==
```

##### Example secret in config form
```
apiVersion: v1
kind: Secret
metadata:
name: aws-secret
namespace: eksa-packages
data:
config: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPUFLSUFJT1NGT0ROTjdFWEFNUExFCmF3c19zZWNyZXRfYWNjZXNzX2tleT13SmFsclhVdG5GRU1JL0s3TURFTkcvYlB4UmZpQ1lFWEFNUExFS0VZCnJlZ2lvbj11cy13ZXN0LTI=
type: Opaque
```

#### Configurable parameters and default values under `spec.config`

| Parameter | Description | Default |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
| **General** | | |
| image.pullPolicy | Specifies image pull policy: `IfNotPresent`, `Always`, `Never`. | `"IfNotPresent"` |
| tolerations | [Kubernetes tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for pod scheduling | `{}` |
| **Credential** | | |
| credential | List of credential providers for authenticating with ECR. Currently only one is supported | <pre>credential: <br/> - secretName: "aws-secret"<br/> matchImages: []<br/> defaultCacheDuration: "1h"<br/> profile: "default</pre> |
| secretName | Name of secret that contains the aws credentials | `"aws-secret"` |
| profile | AWS Profile for secretName | `"default"` |
| matchImages | List of strings used to match against images. See [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/#configure-image-matching) for more info <br/>Example to match against any account across multiple regions for ECR:<br/></pre>`"*.dkr.ecr.*.amazonaws.com"`</pre> | `"[]"` |
| defaultCacheDuration | Duration the kubelet will cache credentials in-memory. For ECR it is recommended to keep this value less then 12 hours. | `"5h"` |


85 changes: 85 additions & 0 deletions docs/content/en/docs/packages/metallb/v0.14.8.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
title: "v0.14.8"
linkTitle: "v0.14.8"
weight: 20
aliases:
/docs/reference/packagespec/metallb/v0.14.8/
description: >
---

{{% pageinfo %}}
[FRRouting](https://frrouting.org/) is currently not supported for MetalLB.
{{% /pageinfo %}}

### Configuring MetalLB in EKS Anywhere package spec

#### Example
```
apiVersion: packages.eks.amazonaws.com/v1alpha1
kind: Package
metadata:
name: mylb
namespace: eksa-packages-<cluster-name>
spec:
packageName: metallb
targetNamespace: metallb-system
config: |
IPAddressPools:
- name: default
addresses:
- 10.220.0.93/32
- 10.220.0.94/32
- 10.220.0.95/32
- name: bgp
addresses:
- 10.220.0.97-10.220.0.99
L2Advertisements:
- ipAddressPools:
- default
BGPAdvertisements:
- ipAddressPools:
- bgp
autoAssign: false
BGPPeers:
- myASN: 123
peerASN: 55001
peerAddress: 1.2.3.4
keepaliveTime: 30s
```

| Parameter | Description | Default | Required |
|---|---|---|---|
| IPAddressPools[] | A list of ip address pools. See **IPAddressPool**. | None | False |
| L2Advertisements[] | A list of Layer 2 advertisements. See **L2Advertisement**. | None | False |
| BGPAdvertisements[] | A list of BGP advertisements. See **BGPAdvertisement**. | None | False |
| BGPPeers[] | A list of BGP peers. See **BGPPeer**. | None | False |
|---|---|---|---|
|**IPAddressPool** | A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs.|||
| name | Name for the address pool. | None | True |
| addresses[] | A list of **string** representing CIRD or IP ranges. | None | True |
| autoAssign | AutoAssign flag used to prevent MetalLB from automatic allocation for a pool. | true | False |
|---|---|---|---|
|**L2Advertisement**|L2Advertisement allows MetalLB to advertise the LoadBalancer IPs provided by the selected pools via L2.|||
| ipAddressPools[] | The list of **IPAddressPool** names to advertise. | None | True |
| name | Name for the L2Advertisement. | None | False |
|---|---|---|---|
|**BGPAdvertisement**|BGPAdvertisement allows MetalLB to advertise the IPs coming from the selected ipAddressPools via BGP, setting the parameters of the BGP Advertisement.|||
| aggregationLength | The aggregation-length advertisement option lets you “roll up” the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses. | 32 | False |
| aggregationLengthV6 | The aggregation-length advertisement option lets you “roll up” the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses. | 128 | False |
| communities[] | The BGP communities to be associated with the announcement. Each item can be a community of the form 1234:1234 or the name of an alias defined in the Community CRD. | None | False |
| ipAddressPools[] | The list of **IPAddressPool** names to be advertised via BGP. | None | True |
| localPref | The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, Path with higher localpref is preferred over one with lower localpref. | None | False |
| peers[] | List of peer names. Limits the bgppeer to advertise the ips of the selected pools to. When empty, the loadbalancer IP is announced to all the BGPPeers configured. | None | False |
|---|---|---|---|
|**BGPPeer**|Peers for the BGP protocol.|||
| holdTime | Requested BGP hold time, per RFC4271. | None | False |
| keepaliveTime | Requested BGP keepalive time, per RFC4271. | None | False |
| myASN | AS number to use for the local end of the session. | None | True |
| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False |
| peerASN | AS number to expect from the remote end of the session. | None | True |
| peerAddress | Address to dial when establishing the session. | None | True |
| peerPort | Port to dial when establishing the session. | 179 | False |
| routerID | BGP router ID to advertise to the peer. | None | False |
| sourceAddress | Source address to use when establishing the session. | None | False |
| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False |
| passwordSecret | passwordSecret is a reference to the authentication secret for BGP Peer. The secret must be of type 'kubernetes.io/basic-auth' and the password stored under the "password" key. Example: <br/><pre>passwordSecret:<br/> name: mySecret<br/> namespace: metallb-system</pre> | None | False|
Loading