Apache SkyWalking is application performance monitor tool for distributed systems, especially designed for microservices, cloud native and container-based (Docker, K8s, Mesos) architectures.
This chart bootstraps a Apache SkyWalking deployment on a Kubernetes cluster using the Helm package manager.
- Kubernetes 1.9.6+
- PV dynamic provisioning support on the underlying infrastructure (StorageClass)
- Helm 3
To install the chart with the release name my-release:
$ helm install my-release skywalking -n <namespace>The command deploys Apache SkyWalking on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
To uninstall/delete the my-release deployment:
$ helm uninstall my-release -n <namespace>The command removes all the Kubernetes components associated with the chart and deletes the release.
The following table lists the configurable parameters of the Skywalking chart and their default values.
| Parameter | Description | Default |
|---|---|---|
nameOverride |
Override name | nil |
serviceAccounts.oap.create |
Create of the OAP service account | true |
serviceAccounts.oap.name |
Name of the OAP service account to use custom service account when serviceAccounts.oap.create is set to false |
`` |
imagePullSecrets |
Image pull secrets | [] |
oap.name |
OAP deployment name | oap |
oap.dynamicConfig.enabled |
Enable oap dynamic configuration through k8s configmap | false |
oap.dynamicConfig.period |
Sync period in seconds | 60 |
oap.dynamicConfig.config |
Oap dynamic configuration documentation | {} |
oap.image.repository |
OAP container image name | skywalking.docker.scarf.sh/apache/skywalking-oap-server |
oap.image.tag |
OAP container image tag | 6.1.0 |
oap.image.pullPolicy |
OAP container image pull policy | IfNotPresent |
oap.ports.grpc |
OAP grpc port for tracing or metric | 11800 |
oap.ports.rest |
OAP http port for Web UI | 12800 |
oap.ports.zipkinreceiver |
OAP http port for Zipkin receiver(not exposed by default) | 9411 |
oap.ports.zipkinquery |
OAP http port for querying Zipkin traces and UI(not exposed by default) | 9412 |
oap.replicas |
OAP k8s deployment replicas | 2 |
oap.service.type |
OAP svc type | ClusterIP |
oap.service.annotations |
OAP svc annotations | {} |
oap.javaOpts |
Parameters to be added to JAVA_OPTSenvironment variable for OAP |
-Xms2g -Xmx2g |
oap.antiAffinity |
OAP anti-affinity policy | soft |
oap.nodeAffinity |
OAP node affinity policy | {} |
oap.nodeSelector |
OAP labels for master pod assignment | {} |
oap.tolerations |
OAP tolerations | [] |
oap.resources |
OAP node resources requests & limits | {} - cpu limit must be an integer |
oap.startupProbe |
Configuration fields for the startupProbe | tcpSocket.port: 12800 failureThreshold: 9 periodSeconds: 10 |
oap.livenessProbe |
Configuration fields for the livenessProbe | tcpSocket.port: 12800 initialDelaySeconds: 5 periodSeconds: 10 |
oap.readinessProbe |
Configuration fields for the readinessProbe | tcpSocket.port: 12800 initialDelaySeconds: 5 periodSeconds: 10 |
oap.env |
OAP environment variables | [] |
oap.securityContext |
Allows you to set the securityContext for the pod | fsGroup: 1000runAsUser: 1000 |
ui.name |
Web UI deployment name | ui |
ui.replicas |
Web UI k8s deployment replicas | 1 |
ui.image.repository |
Web UI container image name | skywalking.docker.scarf.sh/apache/skywalking-ui |
ui.image.tag |
Web UI container image tag | 6.1.0 |
ui.image.pullPolicy |
Web UI container image pull policy | IfNotPresent |
ui.nodeAffinity |
Web UI node affinity policy | {} |
ui.nodeSelector |
Web UI labels for pod assignment | {} |
ui.tolerations |
Web UI tolerations | [] |
ui.ingress.enabled |
Create Ingress for Web UI | false |
ui.ingress.annotations |
Associate annotations to the Ingress | {} |
ui.ingress.path |
Associate path with the Ingress | / |
ui.ingress.hosts |
Associate hosts with the Ingress | [] |
ui.ingress.tls |
Associate TLS with the Ingress | [] |
ui.service.type |
Web UI svc type | ClusterIP |
ui.service.externalPort |
external port for the service | 80 |
ui.service.internalPort |
internal port for the service | 8080 |
ui.service.externalIPs |
external IP addresses | nil |
ui.service.loadBalancerIP |
Load Balancer IP address | nil |
ui.service.annotations |
Kubernetes service annotations | {} |
ui.service.loadBalancerSourceRanges |
Limit load balancer source IPs to list of CIDRs (where available)) | [] |
ui.securityContext |
Allows you to set the securityContext for the pod | fsGroup: 1000runAsUser: 1000 |
oapInit.nodeAffinity |
OAP init job node affinity policy | {} |
oapInit.nodeSelector |
OAP init job labels for master pod assignment | {} |
oapInit.tolerations |
OAP init job tolerations | [] |
oapInit.extraPodLabels |
OAP init job metadata labels | [] |
satellite.name |
Satellite deployment name | satellite |
satellite.replicas |
Satellite k8s deployment replicas | 1 |
satellite.enabled |
Is enable Satellite | false |
satellite.image.repository |
Satellite container image name | skywalking.docker.scarf.sh/apache/skywalking-satellite |
satellite.image.tag |
Satellite container image tag | v0.4.0 |
satellite.image.pullPolicy |
Satellite container image pull policy | IfNotPresent |
satellite.antiAffinity |
Satellite anti-affinity policy | soft |
satellite.nodeAffinity |
Satellite node affinity policy | {} |
satellite.nodeSelector |
Satellite labels for pod assignment | {} |
satellite.tolerations |
Satellite tolerations | [] |
satellite.service.type |
Satellite svc type | ClusterIP |
satellite.ports.grpc |
Satellite grpc port for tracing, metrics, logs, events | 11800 |
satellite.ports.prometheus |
Satellite http port for Prometheus monitoring | 1234 |
satellite.resources |
Satellite node resources requests & limits | {} - cpu limit must be an integer |
satellite.podAnnotations |
Configurable annotations applied to all Satellite pods | {} |
satellite.env |
Satellite environment variables | [] |
satellite.securityContext |
Allows you to set the securityContext for the pod | fsGroup: 1000runAsUser: 1000 |
Elasticsearch is deployed via ECK (Elastic Cloud on Kubernetes).
The chart includes the ECK operator and an eck-elasticsearch subchart, both controlled by elasticsearch.enabled.
Because Elasticsearch CRDs must exist before the ES custom resource can be created, the ECK operator CRDs need to be installed separately before deploying the chart. See the main README for installation steps.
| Parameter | Description | Default |
|---|---|---|
elasticsearch.enabled |
Deploy the ECK operator and an ECK-managed Elasticsearch cluster | true |
elasticsearch.version |
Elasticsearch version to deploy | 8.18.8 |
elasticsearch.fullnameOverride |
Override the Elasticsearch resource name. The ECK service will be {name}-es-http |
"" |
elasticsearch.labels |
Labels applied to the Elasticsearch resource | {} |
elasticsearch.annotations |
Annotations applied to the Elasticsearch resource | {} |
elasticsearch.http |
HTTP layer settings. TLS is disabled by default for OAP connectivity | tls.selfSignedCertificate.disabled: true |
elasticsearch.secureSettings |
Secure settings to inject from Kubernetes secrets | [] |
elasticsearch.updateStrategy |
Update strategy controlling simultaneous changes | {} |
elasticsearch.volumeClaimDeletePolicy |
Policy for PVC deletion on scale-down or cluster deletion | "" |
elasticsearch.ingress.enabled |
Enable ingress to expose Elasticsearch externally | false |
| Parameter | Description | Default |
|---|---|---|
elasticsearch.config.host |
Elasticsearch host | elasticsearch |
elasticsearch.config.port.http |
Elasticsearch HTTP port | 9200 |
elasticsearch.config.user |
Elasticsearch user (optional) | "" |
elasticsearch.config.password |
Elasticsearch password (optional) | "" |
ECK node sets define the topology of the Elasticsearch cluster. Each entry in the list creates a group of Elasticsearch nodes.
| Parameter | Description | Default |
|---|---|---|
nodeSets[].name |
Name of the node set | default |
nodeSets[].count |
Number of Elasticsearch nodes in this set | 3 |
nodeSets[].config |
Elasticsearch configuration (e.g. node.store.allow_mmap, node.roles) |
node.store.allow_mmap: false |
nodeSets[].volumeClaimTemplates |
Persistent storage for Elasticsearch data | [] (ECK default: EmptyDir) |
The pod template follows standard Kubernetes Pod spec nested under podTemplate.spec. This controls scheduling, resources, init containers, etc.
| Parameter | Description | Default |
|---|---|---|
podTemplate.metadata.annotations |
Pod annotations (e.g. iam.amazonaws.com/role) |
{} |
podTemplate.metadata.labels |
Extra pod labels | {} |
podTemplate.spec.affinity |
Pod affinity rules | not set |
podTemplate.spec.nodeSelector |
Node selector for pod assignment | not set |
podTemplate.spec.tolerations |
Pod tolerations | not set |
podTemplate.spec.imagePullSecrets |
Image pull secrets | not set |
podTemplate.spec.priorityClassName |
Priority class name | not set |
podTemplate.spec.terminationGracePeriodSeconds |
Grace period for pod termination | not set |
podTemplate.spec.initContainers |
Init containers (e.g. sysctl vm.max_map_count) |
not set |
podTemplate.spec.containers[].resources |
Container resource requests & limits | requests: 100m cpu, 2Gi mem limits: 2Gi mem |
podTemplate.spec.containers[].env |
Environment variables (e.g. ES_JAVA_OPTS) |
not set |
podTemplate.spec.containers[].securityContext |
Container-level security context | not set (ECK managed) |
Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,
$ helm install myrelease skywalking --set nameOverride=newSkywalkingAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
$ helm install my-release skywalking -f values.yamlTip: You can use the default values.yaml
Roles and RoleBindings resources will be created automatically for OAP .
Tip: You can refer to the default
oap-role.yamlfile in templates to customize your own.
If your cluster allows automatic create/retrieve of TLS certificates ( e.g. kube-lego), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(skywalking ui) you wish to protect. Then create a TLS secret in the namespace:
kubectl create secret tls skywalking-tls --cert=path/to/tls.cert --key=path/to/tls.keyInclude the secret's name, along with the desired hostnames, in the skywalking-ui Ingress TLS section of your
custom values.yaml file:
ui:
ingress:
## If true, Skywalking ui server Ingress will be created
##
enabled: true
## Skywalking ui server Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- skywalking
## Skywalking ui server Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: skywalking
hosts:
- skywalkingEnvoy ALS(access log service) provides fully logs about RPC routed, including HTTP and TCP.
If you want to open envoy ALS, you can do this by modifying values.yaml. default open.
serviceAccounts:
oap:
create: trueWhen envoy als ,will give ServiceAccount clusterrole permission. More envoy als ,please refer to https://github.com/apache/skywalking/blob/master/docs/en/setup/envoy/als_setting.md#observe-service-mesh-through-als