如果我们将越来越多的配置仪表板添加为单独的 yml 文件,如何超过 kube-prometheus-stack helm chart 中的秘密大小限制?
How to overrun the secret size limitation in kube-prometheus-stack helm chart if we add more and more provisioned dashboard as separate yml files?
对于 kube-prometheus-stack,我们在 /grafana/dashboards 文件夹中添加了越来越多的仪表板配置,以提供越来越多的仪表板。
然后在一天之内我们做到了这一点:
kube-prometheus-stack>helm -n monitoring upgrade prometheus ./ -f ./values-core.yaml
并得到:
Error: UPGRADE FAILED: create: failed to create: Secret "sh.helm.release.v1.prometheus.v16" is invalid: data: Too long: must have at most 1048576 bytes
超越这些限制的设计方法是什么?需要向图表添加越来越多的配置仪表板。
kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.5", GitCommit:"aea7bbadd2fc0cd689de94a54e5b7b758869d691", GitTreeState:"clean", BuildDate:"2021-09-15T21:04:16Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
Secret ... is invalid: data: Too long: must have at most 1048576 bytes
这是 Kubernetes 秘密(目前版本 1.23)的一个众所周知的限制。 official k8s documentation 表示:
Individual secrets are limited to 1MiB in size. This is to discourage creation of very large secrets which would exhaust the API server and kubelet memory. However, creation of many smaller secrets could also exhaust memory. More comprehensive limits on memory usage due to secrets is a planned feature.
因此,首先,检查您的图表目录中是否存储了一些 unnecessary files/dirs 和 remove 它们。我确定您已经删除了所有不需要的文件。
为了解决这些问题,Helm 引入了 SQL storage backend:
Using such a storage backend is particularly useful if your release information weighs more than 1MB (in which case, it can't be stored in Secrets because of internal limits in Kubernetes).
要启用 SQL 后端,您需要部署一个 SQL 数据库并将环境变量 HELM_DRIVER 设置为 sql。数据库详细信息使用环境变量 HELM_DRIVER_SQL_CONNECTION_STRING.
设置
您可以在shell中设置如下:
export HELM_DRIVER=sql
export HELM_DRIVER_SQL_CONNECTION_STRING=postgresql://helm-postgres:5432/helm?user=helm&password=changeme
注意:目前仅支持 PostgreSQL。
如果您想从默认后端切换到 SQL 后端,您必须自己进行迁移。您可以使用以下命令检索发布信息:
kubectl get secret --all-namespaces -l "owner=helm"
您可以查看 this Helm webpage 上的一些建议。
对于 kube-prometheus-stack,我们在 /grafana/dashboards 文件夹中添加了越来越多的仪表板配置,以提供越来越多的仪表板。
然后在一天之内我们做到了这一点:
kube-prometheus-stack>helm -n monitoring upgrade prometheus ./ -f ./values-core.yaml
并得到:
Error: UPGRADE FAILED: create: failed to create: Secret "sh.helm.release.v1.prometheus.v16" is invalid: data: Too long: must have at most 1048576 bytes
超越这些限制的设计方法是什么?需要向图表添加越来越多的配置仪表板。
kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.5", GitCommit:"aea7bbadd2fc0cd689de94a54e5b7b758869d691", GitTreeState:"clean", BuildDate:"2021-09-15T21:04:16Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
Secret ... is invalid: data: Too long: must have at most 1048576 bytes
这是 Kubernetes 秘密(目前版本 1.23)的一个众所周知的限制。 official k8s documentation 表示:
Individual secrets are limited to 1MiB in size. This is to discourage creation of very large secrets which would exhaust the API server and kubelet memory. However, creation of many smaller secrets could also exhaust memory. More comprehensive limits on memory usage due to secrets is a planned feature.
因此,首先,检查您的图表目录中是否存储了一些 unnecessary files/dirs 和 remove 它们。我确定您已经删除了所有不需要的文件。
为了解决这些问题,Helm 引入了 SQL storage backend:
Using such a storage backend is particularly useful if your release information weighs more than 1MB (in which case, it can't be stored in Secrets because of internal limits in Kubernetes).
要启用 SQL 后端,您需要部署一个 SQL 数据库并将环境变量 HELM_DRIVER 设置为 sql。数据库详细信息使用环境变量 HELM_DRIVER_SQL_CONNECTION_STRING.
您可以在shell中设置如下:
export HELM_DRIVER=sql
export HELM_DRIVER_SQL_CONNECTION_STRING=postgresql://helm-postgres:5432/helm?user=helm&password=changeme
注意:目前仅支持 PostgreSQL。
如果您想从默认后端切换到 SQL 后端,您必须自己进行迁移。您可以使用以下命令检索发布信息:
kubectl get secret --all-namespaces -l "owner=helm"
您可以查看 this Helm webpage 上的一些建议。