Title here
Summary here
Installation
Prerequisite
Cert Manager
Meshless depends on cert-manager ↗ to issue certificates.
You’ve probably been using cert-manager. If so, you can skip this section.
cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.
Trust Manager
Meshless depends on trust-manager ↗ for trusted CAs for validating certificates during TLS handshakes.
You’ve probably been using trust-manager. If so, you can skip this section.
trust-manager is designed to complement cert-manager and works well when consuming CA certificates from a cert-manager Issuer or ClusterIssuer.
Installation/Upgrade
Download a Release
In every release, there’re several docker images and one helm chart.
e.g.
Meshless v1.0.0:
meshless-1.0.0-amd64.tar # docker image of arch amd64
meshless-1.0.0-arm64.tar # docker image of arch arm64
meshless-1.0.0.tgz # helm chartUpload Docker Image
Choose a docker images which matches your arch, and upload the docker image to your image registry server.
If none image matches your arch, please contact us, we’ll build a docker image for that arch and add it to the release.
Install for the First Time
helm install meshless <path-to-helm-chart> --set namespace=<namespace>,image=<path-to-docker-image>,cert.issuer.name=<issuer>,cert.issuer.kind=<issuer-kind>,trustedCAs.name=<trusted-cas-name>,trustedCAs.key=<trusted-cas-key>,licenseSubject=<license-subject> --set-file license=<path-to-license>e.g.
helm install meshless meshless-1.0.0.tgz --set namespace=default,image=registry-address/meshless:1.0.0-amd64,cert.issuer.name=issuer,cert.issuer.kind=ClusterIssuer,trustedCAs.name=trusted-cas,trustedCAs.key=cas,licenseSubject=your-company --set-file license=your-company.meshless.licenseUpgrade
Meshless is backward compatible, so you can seamlessly upgrade to a new version.
# mostly the same as installation, except the subcommand install is replaced with upgrade
helm upgrade meshless <path-to-helm-chart> ...e.g.
helm upgrade meshless meshless-1.1.0.tgz ...Because helm upgrade doesn’t update CRDs, please execute the following to update CRDs.
tar -zxvf <path-to-helm-chart> -C /tmp meshless/crds
kubectl apply -f /tmp/meshless/crds
rm -rf /tmp/meshlessComplete List of Options
As follows is the complete list of options of installation and upgrade.
| Required | Option | Default Value | Meaning |
|---|---|---|---|
| namespace | default | The namespace where to install/upgrade Meshless | |
| ✓ | image | Path to docker image of Meshless | |
| tz | UTC | Local time zone in containers of Meshless | |
| lease | 15s | Lease duration, used in leader election | |
| agentPortHost | 1058 | Host port of Meshless Node Agent | |
| maxConn | Max number of concurrent connections to Meshless Node Agent. Default to no limit. | ||
| idleTimeout | 1m | Idle timeout. If no data is sent from a connection in the specified duration, close the connection. | |
| handshakeTimeout | 10s | Handshake timeout. If handshake does not finish in the specified duration, close the connection. | |
| dialTimeout | 3s | Connection timeout. See also Go DialTimeout ↗ . | |
| tlsHandshakeTimeout | 10s | TLS handshake timeout. If TLS handshake does not finish in the specified duration, close the connection. | |
| udsBaseDirHost | /var/tmp/meshless | Meshless UDS base directory on Host | |
| cert.duration | Duration (i.e. lifetime) of Certificate. Default to 90 days as per cert-manager doc. | ||
| cert.renewBefore | How long before expiry a certificate should be renewed. Default to 1⁄3 of cert.duration as per cert-manager doc. | ||
| ✓ | cert.issuer.kind | Kind of cert-manager issuer. Valid values are ClusterIssuer, Issuer. | |
| ✓ | cert.issuer.name | Name of cert-manager issuer. | |
| trustedCAs.kind | ConfigMap | Kind of trust-manager Bundle target. Valid values are ConfigMap, Secret. | |
| ✓ | trustedCAs.name | Name of trust-manager Bundle target | |
| ✓ | trustedCAs.key | Key of trust-manager Bundle target | |
| resource.mem.request | Memory request of a container of Meshless Node Agent | ||
| resource.mem.limit | Memory limit of a container of Meshless Node Agent | ||
| resource.cpu.request | CPU request of a container of Meshless Node Agent | ||
| resource.cpu.limit | CPU limit of a container of Meshless Node Agent | ||
| resourceMgt.mem.request | Memory request of a container of Meshless Mgt | ||
| resourceMgt.mem.limit | Memory limit of a container of Meshless Mgt | ||
| resourceMgt.cpu.request | CPU request of a container of Meshless Mgt | ||
| resourceMgt.cpu.limit | CPU limit of a container of Meshless Mgt | ||
| ✓ | licenseSubject | License subject, usually the name of your company | |
| ✓ | license | Path to license. License subject and license file will be sent to you once you purchase a commercial license. | |
| log.fileSize | 10 | Max size in MB of a log file. If a file exceeds this size, the file will be rotated. | |
| log.baks | 2 | Max number of old log files. Older files will be removed. |
- For all duration options, the format is defined by Go time.ParseDuration ↗ .
- For all cert-manager options (i.e. cert.*), see also cert-manager API doc ↗ .
- For all trust-manager options (i.e. trustedCAs.*), see also trust-manager doc ↗ .
Log Aggregation
You’ve probably been using a log aggregation system for gathering, querying and displaying logs.
If not, try Loki
↗
.
Prev
Release History