# Helm Chart 参考 Kubetail Helm Chart 会将完整的 Kubetail 栈部署到 Kubernetes 集群中。它发布在我们的 Helm chart 仓库 [https://kubetail-org.github.io/helm-charts/](https://kubetail-org.github.io/helm-charts/) 中,源代码位于 [kubetail-org/helm-charts](https://github.com/kubetail-org/helm-charts) 仓库下的 `charts/kubetail`。 该 chart 会部署 3 个组件: | Component | Kind | Description | |-----------|------|-------------| | Dashboard | Deployment | Web UI 和后端 API | | Cluster API | Deployment | 用于集群操作的 GraphQL API | | Cluster Agent | DaemonSet | 读取容器日志文件的逐节点 agent | ## 安装 添加 `kubetail` Helm 仓库: ```sh helm repo add kubetail https://kubetail-org.github.io/helm-charts/ ``` 将 chart 安装到专用 namespace 中: ```sh helm install kubetail kubetail/kubetail --namespace kubetail-system --create-namespace ``` 默认情况下,chart 会自动生成所需的 secret(`KUBETAIL_DASHBOARD_SESSION_SECRET`),并将其存储在 Kubernetes Secret 中,以便在升级后保留。 ## 升级 拉取最新的 chart index,然后升级该 release: ```sh helm repo update kubetail helm upgrade kubetail kubetail/kubetail --namespace kubetail-system ``` ## 卸载 ```sh helm uninstall kubetail --namespace kubetail-system ``` ## Values ### Chart | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `fullnameOverride` | string | `null` | 覆盖 chart 计算出的 fullname | | `nameOverride` | string | `null` | 覆盖 chart 名称 | | `namespaceOverride` | string | `null` | 覆盖 release 的 namespace | ### General | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `kubetail.allowedNamespaces` | array | `[]` | 将所有组件限制在这些 namespace 内 | | `kubetail.secrets.KUBETAIL_DASHBOARD_SESSION_SECRET` | string | `null` | Base64 编码的 dashboard session secret(为 `null` 时自动生成) | | `kubetail.global.annotations` | map | `{}` | 添加到所有资源的额外 annotation | | `kubetail.global.labels` | map | `{}` | 添加到所有资源的额外 label | ### Dashboard | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `kubetail.dashboard.enabled` | bool | `true` | 启用或禁用 Dashboard 组件 | | `kubetail.dashboard.authMode` | string | `"auto"` | 认证模式 (`auto`, `token`) | | `kubetail.dashboard.runtimeConfig` | map | *see values.yaml* | Dashboard 运行时配置(参见 [Dashboard 参考](/zh-cn/reference/dashboard)) | | `kubetail.dashboard.image.registry` | string | `"ghcr.io"` | 镜像仓库域名 | | `kubetail.dashboard.image.repository` | string | `"kubetail-org/kubetail-dashboard"` | 镜像仓库 | | `kubetail.dashboard.image.tag` | string | *see values.yaml* | 镜像标签 | | `kubetail.dashboard.image.digest` | string | `null` | 用 digest 覆盖镜像标签 | | `kubetail.dashboard.image.pullPolicy` | string | `"IfNotPresent"` | 镜像拉取策略 | | `kubetail.dashboard.container.name` | string | `"kubetail-dashboard"` | 容器名称 | | `kubetail.dashboard.container.extraEnv` | array | `[]` | 额外环境变量 | | `kubetail.dashboard.container.extraEnvFrom` | array | `[]` | 额外的 `envFrom` 来源 | | `kubetail.dashboard.container.securityContext` | map | *see values.yaml* | 容器 security context | | `kubetail.dashboard.container.resources` | map | `{}` | CPU/内存 requests 与 limits | | `kubetail.dashboard.podTemplate.annotations` | map | `{}` | 额外 Pod annotation | | `kubetail.dashboard.podTemplate.labels` | map | `{}` | 额外 Pod label | | `kubetail.dashboard.podTemplate.extraContainers` | array | `[]` | 额外 sidecar 容器 | | `kubetail.dashboard.podTemplate.securityContext` | map | `{}` | Pod security context | | `kubetail.dashboard.podTemplate.affinity` | map | `{}` | Pod affinity 规则 | | `kubetail.dashboard.podTemplate.nodeSelector` | map | `{}` | Node selector | | `kubetail.dashboard.podTemplate.tolerations` | array | `[]` | Pod toleration | | `kubetail.dashboard.configMap.name` | string | `null` | 覆盖 ConfigMap 名称 | | `kubetail.dashboard.configMap.annotations` | map | `{}` | 额外 ConfigMap annotation | | `kubetail.dashboard.configMap.labels` | map | `{}` | 额外 ConfigMap label | | `kubetail.dashboard.deployment.name` | string | `null` | 覆盖 Deployment 名称 | | `kubetail.dashboard.deployment.annotations` | map | `{}` | 额外 Deployment annotation | | `kubetail.dashboard.deployment.labels` | map | `{}` | 额外 Deployment label | | `kubetail.dashboard.deployment.replicas` | int | `1` | 副本数量 | | `kubetail.dashboard.deployment.revisionHistoryLimit` | int | `5` | 修订历史上限 | | `kubetail.dashboard.deployment.strategy` | map | `{type: RollingUpdate}` | Deployment 更新策略 | | `kubetail.dashboard.ingress.enabled` | bool | `false` | 创建 Ingress 资源 | | `kubetail.dashboard.ingress.name` | string | `null` | 覆盖 Ingress 名称 | | `kubetail.dashboard.ingress.annotations` | map | `{}` | 额外 Ingress annotation | | `kubetail.dashboard.ingress.labels` | map | `{}` | 额外 Ingress label | | `kubetail.dashboard.ingress.rules` | array | `[]` | Ingress 规则 | | `kubetail.dashboard.ingress.tls` | array | `[]` | Ingress TLS 配置 | | `kubetail.dashboard.ingress.className` | string | `null` | Ingress class 名称 | | `kubetail.dashboard.rbac.name` | string | `null` | 覆盖 RBAC 资源名称 | | `kubetail.dashboard.rbac.annotations` | map | `{}` | 额外 RBAC annotation | | `kubetail.dashboard.rbac.labels` | map | `{}` | 额外 RBAC label | | `kubetail.dashboard.secret.enabled` | bool | `true` | 创建 Secret 资源 | | `kubetail.dashboard.secret.name` | string | `null` | 覆盖 Secret 名称 | | `kubetail.dashboard.secret.annotations` | map | `{}` | 额外 Secret annotation | | `kubetail.dashboard.secret.labels` | map | `{}` | 额外 Secret label | | `kubetail.dashboard.service.name` | string | `null` | 覆盖 Service 名称 | | `kubetail.dashboard.service.annotations` | map | `{}` | 额外 Service annotation | | `kubetail.dashboard.service.labels` | map | `{}` | 额外 Service label | | `kubetail.dashboard.service.ports.http` | int | `8080` | Service HTTP 端口 | | `kubetail.dashboard.serviceAccount.name` | string | `null` | 覆盖 ServiceAccount 名称 | | `kubetail.dashboard.serviceAccount.annotations` | map | `{}` | 额外 ServiceAccount annotation | | `kubetail.dashboard.serviceAccount.labels` | map | `{}` | 额外 ServiceAccount label | ### Cluster API | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `kubetail.clusterAPI.enabled` | bool | `true` | 启用或禁用 Cluster API 组件 | | `kubetail.clusterAPI.runtimeConfig` | map | *see values.yaml* | Cluster API 运行时配置(参见 [Cluster API 参考](/zh-cn/reference/cluster-api)) | | `kubetail.clusterAPI.image.registry` | string | `"ghcr.io"` | 镜像仓库域名 | | `kubetail.clusterAPI.image.repository` | string | `"kubetail-org/kubetail-cluster-api"` | 镜像仓库 | | `kubetail.clusterAPI.image.tag` | string | *see values.yaml* | 镜像标签 | | `kubetail.clusterAPI.image.digest` | string | `null` | 用 digest 覆盖镜像标签 | | `kubetail.clusterAPI.image.pullPolicy` | string | `"IfNotPresent"` | 镜像拉取策略 | | `kubetail.clusterAPI.container.name` | string | `"kubetail-cluster-api"` | 容器名称 | | `kubetail.clusterAPI.container.extraEnv` | array | `[]` | 额外环境变量 | | `kubetail.clusterAPI.container.extraEnvFrom` | array | `[]` | 额外的 `envFrom` 来源 | | `kubetail.clusterAPI.container.securityContext` | map | *see values.yaml* | 容器 security context | | `kubetail.clusterAPI.container.resources` | map | `{}` | CPU/内存 requests 与 limits | | `kubetail.clusterAPI.podTemplate.annotations` | map | `{}` | 额外 Pod annotation | | `kubetail.clusterAPI.podTemplate.labels` | map | `{}` | 额外 Pod label | | `kubetail.clusterAPI.podTemplate.extraContainers` | array | `[]` | 额外 sidecar 容器 | | `kubetail.clusterAPI.podTemplate.securityContext` | map | `{}` | Pod security context | | `kubetail.clusterAPI.podTemplate.affinity` | map | `{}` | Pod affinity 规则 | | `kubetail.clusterAPI.podTemplate.nodeSelector` | map | `{}` | Node selector | | `kubetail.clusterAPI.podTemplate.tolerations` | array | `[]` | Pod toleration | | `kubetail.clusterAPI.configMap.name` | string | `null` | 覆盖 ConfigMap 名称 | | `kubetail.clusterAPI.configMap.annotations` | map | `{}` | 额外 ConfigMap annotation | | `kubetail.clusterAPI.configMap.labels` | map | `{}` | 额外 ConfigMap label | | `kubetail.clusterAPI.deployment.name` | string | `null` | 覆盖 Deployment 名称 | | `kubetail.clusterAPI.deployment.annotations` | map | `{}` | 额外 Deployment annotation | | `kubetail.clusterAPI.deployment.labels` | map | `{}` | 额外 Deployment label | | `kubetail.clusterAPI.deployment.replicas` | int | `1` | 副本数量 | | `kubetail.clusterAPI.deployment.revisionHistoryLimit` | int | `5` | 修订历史上限 | | `kubetail.clusterAPI.deployment.strategy` | map | `{type: RollingUpdate}` | Deployment 更新策略 | | `kubetail.clusterAPI.rbac.name` | string | `null` | 覆盖 RBAC 资源名称 | | `kubetail.clusterAPI.rbac.annotations` | map | `{}` | 额外 RBAC annotation | | `kubetail.clusterAPI.rbac.labels` | map | `{}` | 额外 RBAC label | | `kubetail.clusterAPI.secret.enabled` | bool | `true` | 创建 Secret 资源 | | `kubetail.clusterAPI.secret.name` | string | `null` | 覆盖 Secret 名称 | | `kubetail.clusterAPI.secret.annotations` | map | `{}` | 额外 Secret annotation | | `kubetail.clusterAPI.secret.labels` | map | `{}` | 额外 Secret label | | `kubetail.clusterAPI.service.name` | string | `null` | 覆盖 Service 名称 | | `kubetail.clusterAPI.service.annotations` | map | `{}` | 额外 Service annotation | | `kubetail.clusterAPI.service.labels` | map | `{}` | 额外 Service label | | `kubetail.clusterAPI.service.ports.http` | int | `8080` | Service HTTP 端口 | | `kubetail.clusterAPI.serviceAccount.name` | string | `null` | 覆盖 ServiceAccount 名称 | | `kubetail.clusterAPI.serviceAccount.annotations` | map | `{}` | 额外 ServiceAccount annotation | | `kubetail.clusterAPI.serviceAccount.labels` | map | `{}` | 额外 ServiceAccount label | ### Cluster Agent | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `kubetail.clusterAgent.enabled` | bool | `true` | 启用或禁用 Cluster Agent 组件 | | `kubetail.clusterAgent.runtimeConfig` | map | *see values.yaml* | Cluster Agent 运行时配置(参见 [Cluster Agent 参考](/zh-cn/reference/cluster-agent)) | | `kubetail.clusterAgent.image.registry` | string | `"ghcr.io"` | 镜像仓库域名 | | `kubetail.clusterAgent.image.repository` | string | `"kubetail-org/kubetail-cluster-agent"` | 镜像仓库 | | `kubetail.clusterAgent.image.tag` | string | *see values.yaml* | 镜像标签 | | `kubetail.clusterAgent.image.digest` | string | `null` | 用 digest 覆盖镜像标签 | | `kubetail.clusterAgent.image.pullPolicy` | string | `"IfNotPresent"` | 镜像拉取策略 | | `kubetail.clusterAgent.container.name` | string | `"kubetail-cluster-agent"` | 容器名称 | | `kubetail.clusterAgent.container.extraEnv` | array | `[]` | 额外环境变量 | | `kubetail.clusterAgent.container.extraEnvFrom` | array | `[]` | 额外的 `envFrom` 来源 | | `kubetail.clusterAgent.container.securityContext` | map | *see values.yaml* | 容器 security context | | `kubetail.clusterAgent.container.resources` | map | `{}` | CPU/内存 requests 与 limits | | `kubetail.clusterAgent.podTemplate.annotations` | map | `{}` | 额外 Pod annotation | | `kubetail.clusterAgent.podTemplate.labels` | map | `{}` | 额外 Pod label | | `kubetail.clusterAgent.podTemplate.extraContainers` | array | `[]` | 额外 sidecar 容器 | | `kubetail.clusterAgent.podTemplate.securityContext` | map | `{fsGroup: 0}` | Pod security context | | `kubetail.clusterAgent.podTemplate.affinity` | map | `{}` | Pod affinity 规则 | | `kubetail.clusterAgent.podTemplate.nodeSelector` | map | `{}` | Node selector | | `kubetail.clusterAgent.podTemplate.tolerations` | array | *see values.yaml* | Pod toleration(默认容忍 master/control-plane 节点) | | `kubetail.clusterAgent.configMap.name` | string | `null` | 覆盖 ConfigMap 名称 | | `kubetail.clusterAgent.configMap.annotations` | map | `{}` | 额外 ConfigMap annotation | | `kubetail.clusterAgent.configMap.labels` | map | `{}` | 额外 ConfigMap label | | `kubetail.clusterAgent.daemonSet.name` | string | `null` | 覆盖 DaemonSet 名称 | | `kubetail.clusterAgent.daemonSet.annotations` | map | `{}` | 额外 DaemonSet annotation | | `kubetail.clusterAgent.daemonSet.labels` | map | `{}` | 额外 DaemonSet label | | `kubetail.clusterAgent.networkPolicy.enabled` | bool | `true` | 创建 NetworkPolicy 资源 | | `kubetail.clusterAgent.networkPolicy.name` | string | `null` | 覆盖 NetworkPolicy 名称 | | `kubetail.clusterAgent.networkPolicy.annotations` | map | `{}` | 额外 NetworkPolicy annotation | | `kubetail.clusterAgent.networkPolicy.labels` | map | `{}` | 额外 NetworkPolicy label | | `kubetail.clusterAgent.service.name` | string | `null` | 覆盖 Service 名称 | | `kubetail.clusterAgent.service.annotations` | map | `{}` | 额外 Service annotation | | `kubetail.clusterAgent.service.labels` | map | `{}` | 额外 Service label | | `kubetail.clusterAgent.service.ports.grpc` | int | `50051` | Service gRPC 端口 | | `kubetail.clusterAgent.serviceAccount.name` | string | `null` | 覆盖 ServiceAccount 名称 | | `kubetail.clusterAgent.serviceAccount.annotations` | map | `{}` | 额外 ServiceAccount annotation | | `kubetail.clusterAgent.serviceAccount.labels` | map | `{}` | 额外 ServiceAccount label |