diff --git a/Makefile b/Makefile index 69eba463c..2eab65abd 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ SHELL := /bin/bash HELM := helm TASK := build -EXCLUDES := helm-toolkit doc tests tools logs tmp +EXCLUDES := helm-toolkit doc tests tools logs tmp roles playbooks CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) .PHONY: $(EXCLUDES) $(CHARTS) diff --git a/calico/templates/bin/_install-calicoctl.sh.tpl b/calico/templates/bin/_install-calicoctl.sh.tpl index be3df90a4..fb24f96c4 100644 --- a/calico/templates/bin/_install-calicoctl.sh.tpl +++ b/calico/templates/bin/_install-calicoctl.sh.tpl @@ -47,6 +47,3 @@ exec /opt/cni/bin/calicoctl.bin \$* EOF chmod +x /host/opt/cni/bin/calicoctl - -# sleep forever -while [ 1 ]; do sleep 86400; done; diff --git a/calico/templates/configmap-bin.yaml b/calico/templates/configmap-bin.yaml index 196db6740..9a6eff808 100644 --- a/calico/templates/configmap-bin.yaml +++ b/calico/templates/configmap-bin.yaml @@ -22,10 +22,10 @@ kind: ConfigMap metadata: name: calico-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - install-calicoctl.sh: |+ + install-calicoctl.sh: | {{ tuple "bin/_install-calicoctl.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - calico-settings.sh: |+ + calico-settings.sh: | {{ tuple "bin/_calico-settings.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/calico/templates/configmap-etc.yaml b/calico/templates/configmap-etc.yaml index b8aa4fffe..7549546dc 100644 --- a/calico/templates/configmap-etc.yaml +++ b/calico/templates/configmap-etc.yaml @@ -39,25 +39,25 @@ data: # we overlay templates found natively in the calico-node container so that we may override # bgp configuration - bird6.cfg.mesh.template: |+ + bird6.cfg.mesh.template: | {{ tuple "etc/bird/_bird6.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird6.cfg.no-mesh.template: |+ + bird6.cfg.no-mesh.template: | {{ tuple "etc/bird/_bird6.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird6_ipam.cfg.template: |+ + bird6_ipam.cfg.template: | {{ tuple "etc/bird/_bird6_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird_aggr.cfg.template: |+ + bird_aggr.cfg.template: | {{ tuple "etc/bird/_bird_aggr.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird.cfg.mesh.template: |+ + bird.cfg.mesh.template: | {{ tuple "etc/bird/_bird.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird.cfg.no-mesh.template: |+ + bird.cfg.no-mesh.template: | {{ tuple "etc/bird/_bird.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird_ipam.cfg.template: |+ + bird_ipam.cfg.template: | {{ tuple "etc/bird/_bird_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - custom_filters6.cfg.template: |+ + custom_filters6.cfg.template: | {{ tuple "etc/bird/_custom_filters6.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - custom_filters.cfg.template: |+ + custom_filters.cfg.template: | {{ tuple "etc/bird/_custom_filters.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - tunl-ip.template: |+ + tunl-ip.template: | {{ tuple "etc/bird/_tunl-ip.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} # The location of your etcd cluster. This uses the Service clusterIP diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index b7b314e69..8071f9d89 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset_calico_etcd }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.etcd .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.etcd -}} -{{- end -}} {{- $serviceAccountName := "calico-etcd"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "etcd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- # This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet # to force it to run on the master even when the master isn't schedulable, and uses @@ -60,7 +54,7 @@ spec: node-role.kubernetes.io/master: "" hostNetwork: true initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "etcd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: calico-etcd {{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 6d09d7407..b5a23de7a 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -33,17 +33,10 @@ limitations under the License. {{- end -}} {{- end -}} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.calico_node .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.calico_node -}} -{{- end -}} - {{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.calico_node }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-cni-plugin"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "calico_node" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -111,7 +104,67 @@ spec: serviceAccountName: {{ $serviceAccountName }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.node.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ if .Values.manifests.daemonset_calico_node_calicoctl }} + - name: install-calicoctl +{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/install-calicoctl.sh + env: + - name: ETCD_ENDPOINTS + valueFrom: + configMapKeyRef: + name: calico-etc + key: etcd_endpoints +{{ if .Values.endpoints.etcd.auth.client.tls.ca}} + - name: ETCD_CA_CERT_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.ca }} + - name: ETCD_CA_CERT + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.ca +{{ end }} +{{ if .Values.endpoints.etcd.auth.client.tls.key}} + - name: ETCD_KEY_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.key }} + - name: ETCD_KEY + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.key +{{ end }} +{{ if .Values.endpoints.etcd.auth.client.tls.crt}} + - name: ETCD_CERT_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.crt }} + - name: ETCD_CERT + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.crt +{{ end }} + volumeMounts: + - mountPath: /host/etc/calico + name: calico-cert-dir + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /tmp/install-calicoctl.sh + name: calico-bin + subPath: install-calicoctl.sh + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} + subPath: tls.ca + readOnly: true + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} + subPath: tls.crt + readOnly: true + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} + subPath: tls.key + readOnly: true +{{ end }} containers: # Runs calico/node container on each Kubernetes node. This # container programs network policy and routes on each @@ -219,66 +272,6 @@ spec: mountPath: /host/opt/cni/bin - name: cni-net-dir mountPath: /host/etc/cni/net.d -{{ if .Values.manifests.daemonset_calico_node_calicoctl }} - - name: install-calicoctl -{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/install-calicoctl.sh - env: - - name: ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: calico-etc - key: etcd_endpoints -{{ if .Values.endpoints.etcd.auth.client.tls.ca}} - - name: ETCD_CA_CERT_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.ca }} - - name: ETCD_CA_CERT - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.ca -{{ end }} -{{ if .Values.endpoints.etcd.auth.client.tls.key}} - - name: ETCD_KEY_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.key }} - - name: ETCD_KEY - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.key -{{ end }} -{{ if .Values.endpoints.etcd.auth.client.tls.crt}} - - name: ETCD_CERT_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.crt }} - - name: ETCD_CERT - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.crt -{{ end }} - volumeMounts: - - mountPath: /host/etc/calico - name: calico-cert-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /tmp/install-calicoctl.sh - name: calico-bin - subPath: install-calicoctl.sh - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} - subPath: tls.ca - readOnly: true - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} - subPath: tls.crt - readOnly: true - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} - subPath: tls.key - readOnly: true -{{ end }} volumes: # Used by calico/node. - name: lib-modules diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index 9c5b65ff9..7b8cb41cc 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment_calico_kube_policy_controllers }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.calico_kube_policy_controllers .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.calico_kube_policy_controllers -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-kube-controllers"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "calico_kube_policy_controllers" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -102,7 +96,7 @@ spec: operator: Exists serviceAccountName: {{ $serviceAccountName }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "calico_kube_policy_controllers" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.policy_controller.timeout | default "30" }} containers: - name: calico-policy-controller diff --git a/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl b/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl index 860a3aa8b..a43ea155f 100644 --- a/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl +++ b/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl @@ -5,9 +5,6 @@ include "bird6_ipam.cfg"; {{`{{$node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}`}}{{`{{$node_ip := getv $node_ip_key}}`}} {{`{{$node_ip6_key := printf "/host/%s/ip_addr_v6" (getenv "NODENAME")}}`}}{{`{{$node_ip6 := getv $node_ip6_key}}`}} -# ensure we only listen to a specific ip and address -listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.mesh.port.listen}}; - router id {{`{{$node_ip}}`}}; # Use IPv4 address since router id is 4 octets, even in MP-BGP {{`{{define "LOGGING"}}`}} @@ -46,6 +43,10 @@ protocol direct { {{`{{if eq "" ($node_ip6)}}`}}# IPv6 disabled on this node. {{`{{else}}`}}{{`{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}`}} + +# ensure we only listen to a specific ip and address +listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.mesh.port.listen}}; + # Template for all BGP clients template bgp bgp_template { {{`{{template "LOGGING"}}`}} diff --git a/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl b/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl index 3493ac210..44c8731af 100644 --- a/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl +++ b/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl @@ -5,9 +5,6 @@ include "bird6_ipam.cfg"; {{`{{$node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}`}}{{`{{$node_ip := getv $node_ip_key}}`}} {{`{{$node_ip6_key := printf "/host/%s/ip_addr_v6" (getenv "NODENAME")}}`}}{{`{{$node_ip6 := getv $node_ip6_key}}`}} -# ensure we only listen to a specific ip and address -listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.no_mesh.port.listen}}; - router id {{`{{$node_ip}}`}}; # Use IPv4 address since router id is 4 octets, even in MP-BGP {{`{{define "LOGGING"}}`}} @@ -46,6 +43,10 @@ protocol direct { {{`{{if eq "" ($node_ip6)}}`}}# IPv6 disabled on this node. {{`{{else}}`}}{{`{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}`}} + +# ensure we only listen to a specific ip and address +listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.no_mesh.port.listen}}; + # Template for all BGP clients template bgp bgp_template { {{`{{template "LOGGING"}}`}} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index 1096557aa..49a937803 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_calico_settings }} {{- $envAll := . }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.calico_settings -}} {{- $serviceAccountName := "calico-settings"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "calico_settings" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -47,7 +46,7 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "calico_settings" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: calico-settings {{ tuple $envAll "calico_settings" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/calico/templates/job-image-repo-sync.yaml b/calico/templates/job-image-repo-sync.yaml index edfc09012..07e758adf 100644 --- a/calico/templates/job-image-repo-sync.yaml +++ b/calico/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "calico-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/calico/values.yaml b/calico/values.yaml index db961aa27..05585f2dd 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -21,19 +21,19 @@ # calico/kube-policy-controller:v0.7.0 labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: calico_etcd: quay.io/coreos/etcd:v3.1.10 calico_node: quay.io/calico/node:v2.6.5 calico_cni: quay.io/calico/cni:v1.11.2 - calico_cni: quay.io/calico/cni:v1.10.0 calico_ctl: quay.io/calico/ctl:v1.6.2 calico_settings: quay.io/calico/ctl:v1.6.2 calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -140,6 +140,10 @@ dependencies: service: etcd etcd: services: null + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry endpoints: cluster_domain_suffix: cluster.local diff --git a/elasticsearch/templates/configmap-bin.yaml b/elasticsearch/templates/configmap-bin.yaml index d7db9a24e..585227498 100644 --- a/elasticsearch/templates/configmap-bin.yaml +++ b/elasticsearch/templates/configmap-bin.yaml @@ -32,6 +32,6 @@ data: {{ tuple "bin/_register-repository.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} curator.sh: | {{ tuple "bin/_curator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/elasticsearch/templates/configmap-etc.yaml b/elasticsearch/templates/configmap-etc.yaml index 8bfcefc61..f0c41a433 100644 --- a/elasticsearch/templates/configmap-etc.yaml +++ b/elasticsearch/templates/configmap-etc.yaml @@ -26,16 +26,16 @@ kind: ConfigMap metadata: name: elasticsearch-etc data: - httpd.conf: |+ + httpd.conf: | {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - elasticsearch-host.conf: |+ + elasticsearch-host.conf: | {{- tuple .Values.conf.apache.host "etc/_elasticsearch-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - elasticsearch.yml: |+ + elasticsearch.yml: | {{ toYaml .Values.conf.elasticsearch.config | indent 4 }} - log4j2.properties: |+ + log4j2.properties: | {{- tuple .Values.conf.elasticsearch "etc/_log4j2.properties.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - action_file.yml: |+ + action_file.yml: | {{ toYaml .Values.conf.curator.action_file | indent 4 }} - config.yml: |+ + config.yml: | {{ toYaml .Values.conf.curator.config | indent 4 }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index a6da2dae0..da79e5f5c 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -15,14 +15,12 @@ limitations under the License. */}} {{- if .Values.manifests.cron_curator }} -{{- if .Capabilities.APIVersions.Has "batch/v2alpha1" }} {{- $envAll := . }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.curator -}} {{- $serviceAccountName := "elastic-curator"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "curator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: batch/v2alpha1 +apiVersion: batch/v1beta1 kind: CronJob metadata: name: elastic-curator @@ -38,7 +36,7 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} +{{ tuple $envAll "curator" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} containers: - name: curator {{ tuple $envAll "curator" | include "helm-toolkit.snippets.image" | indent 14 }} @@ -72,4 +70,3 @@ spec: name: elasticsearch-etc defaultMode: 0444 {{- end }} -{{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 15f3a3d18..af6d62785 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -16,18 +16,13 @@ limitations under the License. {{- if .Values.manifests.deployment_client }} {{- $envAll := . }} + {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.elasticsearch_client .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.elasticsearch_client -}} -{{- end -}} {{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-client"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "elasticsearch_client" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -83,10 +78,10 @@ spec: affinity: {{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.client.timeout | default "600" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_client" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: memory-map-increase securityContext: privileged: true @@ -169,18 +164,18 @@ spec: - stop ports: - name: http - containerPort: {{ .Values.network.client.port }} + containerPort: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: transport - containerPort: {{ .Values.network.discovery.port }} + containerPort: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} livenessProbe: tcpSocket: - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 20 periodSeconds: 10 readinessProbe: httpGet: path: /_cluster/health - port: {{ .Values.network.client.port }} + port: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: NAMESPACE valueFrom: @@ -225,6 +220,8 @@ spec: volumes: - name: pod-etc-apache emptyDir: {} + - name: elasticsearch-config + emptyDir: {} - name: elasticsearch-logs emptyDir: {} - name: elasticsearch-bin diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml index 41d5e581b..1c2909d0f 100644 --- a/elasticsearch/templates/deployment-master.yaml +++ b/elasticsearch/templates/deployment-master.yaml @@ -16,17 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment_master }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.elasticsearch_master .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.elasticsearch_master -}} -{{- end -}} {{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }} {{- $serviceAccountName := "elasticsearch-master"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "elasticsearch_master" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -83,9 +77,9 @@ spec: {{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.master.timeout | default "600" }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_master" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: memory-map-increase securityContext: privileged: true @@ -131,10 +125,10 @@ spec: - stop ports: - name: transport - containerPort: {{ .Values.network.discovery.port }} + containerPort: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} livenessProbe: tcpSocket: - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 20 periodSeconds: 10 env: @@ -181,6 +175,8 @@ spec: volumes: - name: elasticsearch-logs emptyDir: {} + - name: elasticsearch-config + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/templates/job-image-repo-sync.yaml b/elasticsearch/templates/job-image-repo-sync.yaml index d07425b85..e98175595 100644 --- a/elasticsearch/templates/job-image-repo-sync.yaml +++ b/elasticsearch/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "elasticsearch-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index e86a92deb..2752a3dea 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -17,11 +17,11 @@ limitations under the License. {{- if .Values.manifests.job_snapshot_repository }} {{- if .Values.conf.elasticsearch.repository.enabled }} {{- $envAll := . }} + {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.snapshot_repository -}} {{- $serviceAccountName := "elasticsearch-register-snapshot-repository" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "snapshot_repository" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -36,9 +36,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "snapshot_repository" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: register-snapshot-repository {{ tuple $envAll "snapshot_repository" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml index d9b10d1a7..347729e66 100644 --- a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml @@ -16,16 +16,11 @@ limitations under the License. {{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.static.prometheus_elasticsearch_exporter .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.prometheus_elasticsearch_exporter -}} -{{- end -}} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} {{- $serviceAccountName := "prometheus-elasticsearch-exporter" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus_elasticsearch_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -41,10 +36,10 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_elasticsearch_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus_elasticsearch_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: elasticsearch-exporter {{ tuple $envAll "prometheus_elasticsearch_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -66,7 +61,7 @@ spec: key: ELASTICSEARCH_URI ports: - name: metrics - containerPort: {{ .Values.network.prometheus_elasticsearch_exporter.port }} + containerPort: {{ tuple "prometheus_elasticsearch_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: - name: elasticsearch-exporter-bin mountPath: /tmp/elasticsearch-exporter.sh diff --git a/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml b/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml index 2b9db7333..1d04b4aa5 100644 --- a/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml +++ b/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml @@ -31,7 +31,7 @@ metadata: spec: ports: - name: metrics - port: {{ .Values.network.prometheus_elasticsearch_exporter.port }} + port: {{ tuple "prometheus_elasticsearch_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "elasticsearch" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/elasticsearch/templates/service-data.yaml b/elasticsearch/templates/service-data.yaml index e488ba63e..0dc7e544b 100644 --- a/elasticsearch/templates/service-data.yaml +++ b/elasticsearch/templates/service-data.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: transport - port: {{ .Values.network.data.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- if .Values.network.data.node_port.enabled }} nodePort: {{ .Values.network.data.node_port.port }} {{- end }} diff --git a/elasticsearch/templates/service-discovery.yaml b/elasticsearch/templates/service-discovery.yaml index 172c06ae2..efe2f0c2b 100644 --- a/elasticsearch/templates/service-discovery.yaml +++ b/elasticsearch/templates/service-discovery.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: transport - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- if .Values.network.discovery.node_port.enabled }} nodePort: {{ .Values.network.discovery.node_port.port }} {{- end }} diff --git a/elasticsearch/templates/service-logging.yaml b/elasticsearch/templates/service-logging.yaml index 7b937e247..a096617c8 100644 --- a/elasticsearch/templates/service-logging.yaml +++ b/elasticsearch/templates/service-logging.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: http - port: 80 + port: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- if .Values.network.client.node_port.enabled }} nodePort: {{ .Values.network.client.node_port.port }} {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 353f6da40..b790cb919 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -16,17 +16,11 @@ limitations under the License. {{- if .Values.manifests.statefulset_data }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.elasticsearch_data .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.elasticsearch_data -}} -{{- end -}} {{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-data"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "elasticsearch_data" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -79,10 +73,10 @@ spec: affinity: {{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.data.timeout | default "600" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_data" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: memory-map-increase securityContext: privileged: true @@ -128,10 +122,10 @@ spec: - stop ports: - name: transport - containerPort: {{ .Values.network.data.port }} + containerPort: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} livenessProbe: tcpSocket: - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 20 periodSeconds: 10 env: @@ -178,6 +172,8 @@ spec: volumes: - name: elasticsearch-logs emptyDir: {} + - name: elasticsearch-config + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index cae448f7c..e7f5a5310 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -24,7 +24,7 @@ images: elasticsearch: docker.elastic.co/elasticsearch/elasticsearch:6.2.2 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 snapshot_repository: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" @@ -35,8 +35,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + elasticsearch: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled dependencies: dynamic: @@ -337,22 +341,17 @@ monitoring: network: client: - port: 9200 node_port: enabled: false port: 30920 discovery: - port: 9300 node_port: enabled: false port: 30930 data: - port: 9300 node_port: enabled: false port: 30931 - prometheus_elasticsearch_exporter: - port: 9108 storage: elasticsearch: diff --git a/flannel/templates/configmap-bin.yaml b/flannel/templates/configmap-bin.yaml index 02e2442af..450125dea 100644 --- a/flannel/templates/configmap-bin.yaml +++ b/flannel/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: flannel-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml index 7895a49bf..8de4ea0b5 100644 --- a/flannel/templates/daemonset-kube-flannel-ds.yaml +++ b/flannel/templates/daemonset-kube-flannel-ds.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset_kube_flannel_ds }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.flannel .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.flannel -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "flannel"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "flannel" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -89,7 +83,7 @@ spec: effect: NoSchedule serviceAccountName: {{ $serviceAccountName }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "flannel" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: kube-flannel {{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/flannel/templates/job-image-repo-sync.yaml b/flannel/templates/job-image-repo-sync.yaml index bd86aca01..304978fe5 100644 --- a/flannel/templates/job-image-repo-sync.yaml +++ b/flannel/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "flannel-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/flannel/values.yaml b/flannel/values.yaml index a920a0f99..2b8a8eec4 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -15,13 +15,14 @@ # https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: flannel: quay.io/coreos/flannel:v0.8.0-amd64 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: diff --git a/fluent-logging/templates/_helpers.tpl b/fluent-logging/templates/_helpers.tpl index c3dafbfd2..672209051 100644 --- a/fluent-logging/templates/_helpers.tpl +++ b/fluent-logging/templates/_helpers.tpl @@ -135,7 +135,11 @@ section): {{- include "fluent_logging.recursive_tuple" $value | indent 2 }} } {{- else }} +{{- if eq $key "index_patterns"}} +{{ $key | quote -}}: [{{ $value | quote }}] +{{- else }} {{ $key | quote -}}:{{ $value | quote }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/fluent-logging/templates/configmap-bin.yaml b/fluent-logging/templates/configmap-bin.yaml index be40c2ccc..e331e36e1 100644 --- a/fluent-logging/templates/configmap-bin.yaml +++ b/fluent-logging/templates/configmap-bin.yaml @@ -30,6 +30,6 @@ data: {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} create_template.sh: | {{ tuple "bin/_create_template.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/fluent-logging/templates/configmap-etc.yaml b/fluent-logging/templates/configmap-etc.yaml index 029e1bd9e..a81a8371a 100644 --- a/fluent-logging/templates/configmap-etc.yaml +++ b/fluent-logging/templates/configmap-etc.yaml @@ -22,12 +22,12 @@ kind: ConfigMap metadata: name: fluent-logging-etc data: - fluent-bit.conf: |+ + fluent-bit.conf: | {{ include "fluent_logging.to_fluentbit_conf" .Values.conf.fluentbit | indent 4 }} - parsers.conf: |+ + parsers.conf: | {{ include "fluent_logging.to_fluentbit_conf" .Values.conf.parsers | indent 4 }} - td-agent.conf: |+ + td-agent.conf: | {{ include "fluent_logging.to_fluentd_conf" .Values.conf.td_agent | indent 4 }} - template.xml.raw: |+ + template.xml.raw: | {{ include "fluent_logging.to_elasticsearch_template" .Values.conf.template | indent 4 }} {{- end }} diff --git a/fluent-logging/templates/daemonset-fluent-bit.yaml b/fluent-logging/templates/daemonset-fluent-bit.yaml index e8c9057eb..439044de6 100644 --- a/fluent-logging/templates/daemonset-fluent-bit.yaml +++ b/fluent-logging/templates/daemonset-fluent-bit.yaml @@ -16,18 +16,11 @@ limitations under the License. {{- if .Values.manifests.daemonset_fluentbit }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.fluentbit }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.fluentbit .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.fluentbit -}} -{{- end -}} {{- $mounts_fluentbit := .Values.pod.mounts.fluentbit.fluentbit }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "fluentbit" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "fluentbit" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -99,10 +92,9 @@ spec: hostPID: true dnsPolicy: ClusterFirstWithHostNet initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "fluentbit" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: fluentbit - env: image: {{ .Values.images.tags.fluentbit }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.fluentbit | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} diff --git a/fluent-logging/templates/deployment-fluentd.yaml b/fluent-logging/templates/deployment-fluentd.yaml index 2d601e692..c0b705908 100644 --- a/fluent-logging/templates/deployment-fluentd.yaml +++ b/fluent-logging/templates/deployment-fluentd.yaml @@ -17,17 +17,11 @@ limitations under the License. {{- if .Values.manifests.deployment_fluentd }} {{- $envAll := . }} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.fluentd .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.fluentd -}} -{{- end -}} {{- $mounts_fluentd := .Values.pod.mounts.fluentd.fluentd }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "fluentd" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "fluentd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -100,7 +94,7 @@ spec: {{ .Values.labels.fluentd.node_selector_key }}: {{ .Values.labels.fluentd.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.fluentd.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "fluentd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: fluentd image: {{ .Values.images.tags.fluentd }} @@ -120,7 +114,7 @@ spec: - name: ELASTICSEARCH_HOST value: {{ tuple "elasticsearch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} - name: ELASTICSEARCH_PORT - value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: ELASTICSEARCH_USERNAME valueFrom: secretKeyRef: diff --git a/fluent-logging/templates/job-elasticsearch-template.yaml b/fluent-logging/templates/job-elasticsearch-template.yaml index ad90cc1c0..1dbf86a7e 100644 --- a/fluent-logging/templates/job-elasticsearch-template.yaml +++ b/fluent-logging/templates/job-elasticsearch-template.yaml @@ -16,9 +16,12 @@ limitations under the License. {{- if .Values.manifests.job_elasticsearch_template }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.elasticsearch_template }} +{{- $esUserSecret := .Values.secrets.elasticsearch.user }} {{- $mounts_elasticsearch_template := .Values.pod.mounts.elasticsearch_template.elasticsearch_template }} {{- $mounts_elasticsearch_template_init := .Values.pod.mounts.elasticsearch_template.init_container }} + +{{- $serviceAccountName := "fluent-logging-elasticsearch-template"}} +{{ tuple $envAll "elasticsearch_template" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -30,11 +33,12 @@ spec: labels: {{ tuple $envAll "fluent" "elasticsearch-template" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.elasticsearch_template.node_selector_key }}: {{ .Values.labels.elasticsearch_template.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies $mounts_elasticsearch_template_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_template" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: elasticsearch-template image: {{ .Values.images.tags.elasticsearch_template }} @@ -44,11 +48,17 @@ spec: - name: ELASTICSEARCH_HOST value: {{ tuple "elasticsearch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} - name: ELASTICSEARCH_PORT - value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: ELASTICSEARCH_USERNAME - value: {{ .Values.endpoints.elasticsearch.auth.admin.username }} + valueFrom: + secretKeyRef: + name: {{ $esUserSecret }} + key: ELASTICSEARCH_USERNAME - name: ELASTICSEARCH_PASSWORD - value: {{ .Values.endpoints.elasticsearch.auth.admin.password }} + valueFrom: + secretKeyRef: + name: {{ $esUserSecret }} + key: ELASTICSEARCH_PASSWORD command: - /tmp/create_template.sh volumeMounts: diff --git a/fluent-logging/templates/job-image-repo-sync.yaml b/fluent-logging/templates/job-image-repo-sync.yaml index 41d479408..fb2a60798 100644 --- a/fluent-logging/templates/job-image-repo-sync.yaml +++ b/fluent-logging/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "fluent-logging-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml index 1f9e175be..a4a85a3f2 100644 --- a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml @@ -16,14 +16,13 @@ limitations under the License. {{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.prometheus_fluentd_exporter }} {{ $fluentd_host := tuple "fluentd" "internal" "metrics" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} {{ $fluentd_metrics_path := "api/plugins.json" }} {{ $fluentd_metrics_host := printf "http://%s/%s" $fluentd_host $fluentd_metrics_path }} {{- $serviceAccountName := "prometheus-fluentd-exporter"}} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus_fluentd_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -42,7 +41,7 @@ spec: {{ .Values.labels.prometheus_fluentd_exporter.node_selector_key }}: {{ .Values.labels.prometheus_fluentd_exporter.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_fluentd_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus_fluentd_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: fluentd-exporter image: {{ .Values.images.tags.prometheus_fluentd_exporter }} @@ -53,7 +52,7 @@ spec: - start ports: - name: metrics - containerPort: {{ .Values.network.prometheus_fluentd_exporter.port }} + containerPort: {{ tuple "prometheus_fluentd_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: FLUENTD_METRICS_HOST value: {{ $fluentd_metrics_host }} diff --git a/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml b/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml index 58acda763..4c829682b 100644 --- a/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml +++ b/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml @@ -31,7 +31,7 @@ metadata: spec: ports: - name: metrics - port: {{ .Values.network.prometheus_fluentd_exporter.port }} + port: {{ tuple "prometheus_fluentd_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "prometheus_fluentd_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/fluent-logging/templates/pod-helm-tests.yaml b/fluent-logging/templates/pod-helm-tests.yaml index 36b15230f..75bf8762f 100644 --- a/fluent-logging/templates/pod-helm-tests.yaml +++ b/fluent-logging/templates/pod-helm-tests.yaml @@ -43,7 +43,7 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD - name: ELASTICSEARCH_ENDPOINT - value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: - name: fluent-logging-bin mountPath: /tmp/helm-tests.sh diff --git a/fluent-logging/templates/service-fluentd.yaml b/fluent-logging/templates/service-fluentd.yaml index a6e5a12fe..4d7fc2bd8 100644 --- a/fluent-logging/templates/service-fluentd.yaml +++ b/fluent-logging/templates/service-fluentd.yaml @@ -24,12 +24,12 @@ metadata: spec: ports: - name: forward - port: {{ .Values.network.fluentd.port.service }} + port: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.fluentd.node_port.enabled }} nodePort: {{ .Values.network.fluentd.node_port.port }} {{ end }} - name: metrics - port: {{ .Values.network.fluentd.port.metrics }} + port: {{ tuple "fluentd" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "fluentd" "internal" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ if .Values.network.fluentd.node_port.enabled }} diff --git a/fluent-logging/values.yaml b/fluent-logging/values.yaml index 0f616ab0b..502b8de30 100644 --- a/fluent-logging/values.yaml +++ b/fluent-logging/values.yaml @@ -28,7 +28,7 @@ labels: prometheus_fluentd_exporter: node_selector_key: openstack-control-plane node_selector_value: enabled - elasticsearch_template: + job: node_selector_key: openstack-control-plane node_selector_value: enabled @@ -37,7 +37,7 @@ images: fluentbit: docker.io/fluent/fluent-bit:0.12.14 fluentd: docker.io/kolla/ubuntu-source-fluentd:ocata prometheus_fluentd_exporter: docker.io/srwilkers/fluentd_exporter:v0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 elasticsearch_template: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 @@ -62,7 +62,7 @@ dependencies: - endpoint: node service: local_image_registry static: - elasticsearch-template: + elasticsearch_template: services: - endpoint: internal service: elasticsearch @@ -73,6 +73,8 @@ dependencies: - endpoint: internal service: fluentd fluentd: + jobs: + - elasticsearch-template services: - endpoint: internal service: elasticsearch @@ -159,17 +161,18 @@ conf: max_retry_wait: 300 disable_retry_limit: "" num_threads: 8 + type_name: fluentd fluentd_exporter: log: format: "logger:stdout?json=true" level: "info" template: template: "logstash-*" + index_patterns: "logstash-*" settings: - number_of_shards: 5 - number_of_replicas: 1 + number_of_shards: 1 mappings: - _doc: + doc: properties: kubernetes: properties: @@ -229,10 +232,8 @@ endpoints: scheme: default: http port: - client: + http: default: 80 - discovery: - default: 9300 kafka: namespace: null name: kafka @@ -289,11 +290,6 @@ network: node_port: enabled: false port: 32329 - port: - service: 24224 - metrics: 24220 - prometheus_fluentd_exporter: - port: 9309 pod: affinity: diff --git a/grafana/templates/bin/_datasource.sh.tpl b/grafana/templates/bin/_datasource.sh.tpl index 4db9ec2cd..2176f282d 100644 --- a/grafana/templates/bin/_datasource.sh.tpl +++ b/grafana/templates/bin/_datasource.sh.tpl @@ -17,7 +17,7 @@ limitations under the License. set -ex -exec curl "http://${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}@${GRAFANA_SERVICE}:{{ .Values.network.grafana.port }}/api/datasources" \ +exec curl "http://${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}@${GRAFANA_SERVICE}:${GRAFANA_PORT}/api/datasources" \ -H "Content-Type: application/json;charset=UTF-8" --data-binary \ {{- with .Values.conf.datasource }} "{\"name\":\"{{ .name }}\",\"type\":\"{{ .type }}\",\"url\":\"$PROMETHEUS_URL\",\"database\":\"{{ .database }}\",\"jsonData\":{ {{ .jsonData }} },\"access\":\"{{ .access }}\",\"isDefault\":{{ .isDefault }}}" diff --git a/grafana/templates/configmap-bin.yaml b/grafana/templates/configmap-bin.yaml index b1a566c9d..e7efdd4c2 100644 --- a/grafana/templates/configmap-bin.yaml +++ b/grafana/templates/configmap-bin.yaml @@ -26,7 +26,7 @@ data: {{- include "helm-toolkit.scripts.db_init" . | indent 4 }} db-session-sync.py: | {{ tuple "bin/_db-session-sync.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} datasource.sh: | {{ tuple "bin/_datasource.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/grafana/templates/configmap-etc.yaml b/grafana/templates/configmap-etc.yaml index 74f699e1f..e66e1ebd5 100644 --- a/grafana/templates/configmap-etc.yaml +++ b/grafana/templates/configmap-etc.yaml @@ -35,10 +35,10 @@ kind: ConfigMap metadata: name: grafana-etc data: - grafana.ini: |+ + grafana.ini: | {{ include "helm-toolkit.utils.to_ini" .Values.conf.grafana | indent 4 }} {{ range $key, $value := .Values.conf.dashboards }} - {{$key}}.json: |+ + {{$key}}.json: | {{ toJson $value | indent 4 }} {{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 5a263554e..c56164a4e 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -16,17 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.grafana .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.grafana -}} -{{- end -}} {{- $mounts_grafana := .Values.pod.mounts.grafana.grafana }} {{- $serviceAccountName := "grafana" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "grafana" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -45,9 +39,9 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.grafana.node_selector_key }}: {{ .Values.labels.grafana.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "grafana" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana {{ tuple $envAll "grafana" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -57,11 +51,11 @@ spec: - start ports: - name: dashboard - containerPort: {{ .Values.network.grafana.port }} + containerPort: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /login - port: 3000 + port: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 env: diff --git a/grafana/templates/ingress-grafana.yaml b/grafana/templates/ingress-grafana.yaml index 55c0d2fff..5fb7a698f 100644 --- a/grafana/templates/ingress-grafana.yaml +++ b/grafana/templates/ingress-grafana.yaml @@ -14,45 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress }} -{{- $envAll := . }} -{{- if .Values.network.grafana.ingress.public }} -{{- $backendServiceType := "grafana" }} -{{- $backendPort := "dashboard" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: -{{ toYaml .Values.network.grafana.ingress.annotations | indent 4 }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.grafana.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index d8753c872..3b11d2b03 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_db_init_session }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.db_init_session }} {{- $serviceAccountName := "grafana-db-init-session" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_init_session" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_init_session" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-db-init-session {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index d395f60ab..d7cfaab34 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_db_init }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.db_init }} {{- $serviceAccountName := "grafana-db-init" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-db-init {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index 4cdcfa9aa..3538da559 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_db_session_sync }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.db_session_sync }} {{- $serviceAccountName := "grafana-db-session-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_session_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_session_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-db-session-sync {{ tuple $envAll "grafana_db_session_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-image-repo-sync.yaml b/grafana/templates/job-image-repo-sync.yaml index 9ec1fa8e2..1f59fe879 100644 --- a/grafana/templates/job-image-repo-sync.yaml +++ b/grafana/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "grafana-image-repo-sync" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-prometheus-datasource.yaml b/grafana/templates/job-prometheus-datasource.yaml index 9c923f727..fbea030a5 100644 --- a/grafana/templates/job-prometheus-datasource.yaml +++ b/grafana/templates/job-prometheus-datasource.yaml @@ -17,9 +17,8 @@ limitations under the License. {{- if .Values.manifests.job_datasource }} {{- $envAll := . }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.register_datasource -}} {{- $serviceAccountName := "grafana-register-datasource" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "register_datasource" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "register_datasource" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-datasource {{ tuple $envAll "datasource" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -56,6 +55,8 @@ spec: key: GRAFANA_ADMIN_PASSWORD - name: GRAFANA_SERVICE value: {{ tuple "grafana" "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: GRAFANA_PORT + value: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: PROMETHEUS_URL value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} volumeMounts: diff --git a/grafana/templates/service-ingress.yaml b/grafana/templates/service-ingress.yaml index 5dbb337dd..8a1201a27 100644 --- a/grafana/templates/service-ingress.yaml +++ b/grafana/templates/service-ingress.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress }} -{{- $envAll := . }} -{{- if .Values.network.grafana.ingress.public }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "grafana" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.grafana.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "grafana" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/grafana/templates/service.yaml b/grafana/templates/service.yaml index 3255f7ae3..abcf43ecc 100644 --- a/grafana/templates/service.yaml +++ b/grafana/templates/service.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: dashboard - port: {{ .Values.network.grafana.port }} + port: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.grafana.node_port.enabled }} nodePort: {{ .Values.network.grafana.node_port.port }} {{ end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index 8fc333814..cd1a9280f 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -20,7 +20,7 @@ images: tags: grafana: docker.io/grafana/grafana:4.5.2 datasource: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 grafana_db_session_sync: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 @@ -32,8 +32,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + grafana: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -162,6 +166,7 @@ endpoints: port: grafana: default: 3000 + public: 80 monitoring: name: prometheus namespace: null @@ -221,15 +226,16 @@ dependencies: network: grafana: - port: 3000 node_port: enabled: false port: 30902 ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / secrets: oslo_db: @@ -10146,3 +10152,607 @@ conf: timezone: browser title: Openstack Main1 version: 2 + nginx_stats: + __inputs: + - name: DS_PROMETHEUS + label: prometheus + description: '' + type: datasource + pluginId: prometheus + pluginName: Prometheus + __requires: + - type: grafana + id: grafana + name: Grafana + version: 4.5.2 + - type: panel + id: graph + name: Graph + version: '' + - type: datasource + id: prometheus + name: Prometheus + version: 1.0.0 + annotations: + list: [] + description: Show stats from the hnlq715/nginx-vts-exporter. + editable: true + gnetId: 2949 + graphTooltip: 0 + hideControls: false + id: + links: [] + refresh: 10s + rows: + - collapse: false + height: 250 + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 7 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 12 + stack: false + steppedLine: false + targets: + - expr: sum(nginx_upstream_responses_total{upstream=~"^$Upstream$"}) by (status_code, + upstream) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ status_code }}.{{ upstream }}" + metric: nginx_upstream_response + refId: A + step: 4 + thresholds: [] + timeFrom: + timeShift: + title: HTTP Response Codes by Upstream + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + - collapse: false + height: 250 + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 6 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_upstream_requests_total{upstream=~"^$Upstream$"}[5m])) + by (upstream) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ upstream}}" + metric: nginx_upstream_requests + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Upstream Requests rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 5 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_upstream_bytes_total{upstream=~"^$Upstream$"}[5m])) by + (direction, upstream) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ direction }}.{{ upstream }}" + metric: nginx_upstream_bytes + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Upstream Bytes Transfer rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + - collapse: false + height: 250px + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 1 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_connections_total[5m])) by (type) + format: time_series + intervalFactor: 2 + legendFormat: "{{ type}}" + metric: nginx_server_connections + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Overall Connections rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 4 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_cache_total{ server_zone=~"$ingress"}[5m])) by (server_zone, + type) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ type }}.{{ server_zone }}" + metric: nginx_server_cache + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Cache Action rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: '0' + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + - collapse: false + height: 250 + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 3 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_requests_total{ server_zone=~"$ingress" }[5m])) by (server_zone) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ server_zone}}" + metric: nginx_server_requests + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Overall Requests rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 2 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_bytes_total{ server_zone=~"$ingress" }[5m])) by (direction, + server_zone) + format: time_series + intervalFactor: 2 + legendFormat: "{{ direction }}.{{ server_zone }}" + metric: nginx_server_bytes + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Overall Bytes Transferred rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: bytes + label: + logBase: 1 + max: + min: '0' + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + schemaVersion: 14 + style: dark + tags: + - prometheus + - nginx + templating: + list: + - allValue: ".*" + current: {} + datasource: "${DS_PROMETHEUS}" + hide: 0 + includeAll: false + label: + multi: true + name: Upstream + options: [] + query: label_values(nginx_upstream_bytes_total, upstream) + refresh: 1 + regex: '' + sort: 1 + tagValuesQuery: '' + tags: [] + tagsQuery: '' + type: query + useTags: false + - allValue: + current: {} + datasource: "${DS_PROMETHEUS}" + hide: 0 + includeAll: false + label: + multi: true + name: ingress + options: [] + query: label_values(nginx_bytes_total, server_zone) + refresh: 1 + regex: "/^[^\\*_]+$/" + sort: 1 + tagValuesQuery: '' + tags: [] + tagsQuery: '' + type: query + useTags: false + time: + from: now-1h + to: now + timepicker: + refresh_intervals: + - 5s + - 10s + - 30s + - 1m + - 5m + - 15m + - 30m + - 1h + - 2h + - 1d + time_options: + - 5m + - 15m + - 1h + - 6h + - 12h + - 24h + - 2d + - 7d + - 30d + timezone: browser + title: Nginx Stats + version: 13 diff --git a/helm-toolkit/.gitignore b/helm-toolkit/.gitignore index e1bd7e85a..f5f3a91ab 100644 --- a/helm-toolkit/.gitignore +++ b/helm-toolkit/.gitignore @@ -1,3 +1,3 @@ secrets/* -!secrets/.gitkeep +!secrets/.gitkeep templates/_secrets.tpl diff --git a/helm-toolkit/templates/manifests/_ingress.yaml.tpl b/helm-toolkit/templates/manifests/_ingress.yaml.tpl new file mode 100644 index 000000000..cf98bf504 --- /dev/null +++ b/helm-toolkit/templates/manifests/_ingress.yaml.tpl @@ -0,0 +1,70 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for a services ingress rules. +# It can be used in charts dict created similar to the following: +# {- $ingressOpts := dict "envAll" . "backendServiceType" "key-manager" -} +# { $ingressOpts | include "helm-toolkit.manifests.ingress" } + +{{- define "helm-toolkit.manifests.ingress._host_rules" -}} +{{- $vHost := index . "vHost" -}} +{{- $backendName := index . "backendName" -}} +{{- $backendPort := index . "backendPort" -}} +- host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} + +{{- define "helm-toolkit.manifests.ingress" -}} +{{- $envAll := index . "envAll" -}} +{{- $backendService := index . "backendService" | default "api" -}} +{{- $backendServiceType := index . "backendServiceType" -}} +{{- $backendPort := index . "backendPort" -}} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} +{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} +spec: + rules: +{{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix)}} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +{{- end }} +{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} +{{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }} +{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ printf "%s-%s" $ingressName "fqdn" }} + annotations: + kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "cluster" | quote }} +{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} +spec: + rules: +{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.yaml b/helm-toolkit/templates/manifests/_job-bootstrap.yaml new file mode 100644 index 000000000..754ff217a --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-bootstrap.yaml @@ -0,0 +1,97 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db creation and user management. +# It can be used in charts dict created similar to the following: +# {- $dbSyncJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" } + +{{- define "helm-toolkit.manifests.job_bootstrap" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.bootstrap -}} +{{- $podVolMounts := index . "podVolMounts" | default false -}} +{{- $podVols := index . "podVols" | default false -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $configFile := index . "configFile" | default (printf "/etc/%s/%s.conf" $serviceName $serviceName ) -}} +{{- $keystoneUser := index . "keystoneUser" | default $serviceName -}} +{{- $openrc := index . "openrc" | default "true" -}} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "bootstrap" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "bootstrap" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: bootstrap + image: {{ $envAll.Values.images.tags.bootstrap }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{- if eq $openrc "true" }} + env: +{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} +{{- end }} + command: + - /tmp/bootstrap.sh + volumeMounts: + - name: bootstrap-sh + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true + - name: etc-service + mountPath: {{ dir $configFile | quote }} + - name: bootstrap-conf + mountPath: {{ $configFile | quote }} + subPath: {{ base $configFile | quote }} + readOnly: true +{{- if $podVolMounts }} +{{ $podVolMounts | toYaml | indent 12 }} +{{- end }} + volumes: + - name: bootstrap-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + - name: etc-service + emptyDir: {} + - name: bootstrap-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- if $podVols }} +{{ $podVols | toYaml | indent 8 }} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl new file mode 100644 index 000000000..753ff8bd2 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl @@ -0,0 +1,123 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db creation and user management. +# It can be used in charts dict created similar to the following: +# {- $dbToDropJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbToDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" } +# +# If the service does not use olso then the db can be managed with: +# {- $dbToDrop := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.horizon -} +# {- $dbToDropJob := dict "envAll" . "serviceName" "horizon" "dbToDrop" $dbToDrop -} +# { $dbToDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" } + +{{- define "helm-toolkit.manifests.job_db_drop_mysql" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.db_drop -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $dbToDrop := index . "dbToDrop" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} +{{- $dbsToDrop := default (list $dbToDrop) (index . "dbsToDrop") }} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-drop" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-drop" | quote }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $dbToDrop := $dbsToDrop }} +{{ $dbToDropType := default "oslo" $dbToDrop.inputType }} + - name: {{ printf "%s-%s-%d" $serviceNamePretty "db-drop" $key1 | quote }} + image: {{ $envAll.Values.images.tags.db_drop }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_drop | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToDrop.adminSecret | quote }} + key: DB_CONNECTION +{{- if eq $dbToDropType "oslo" }} + - name: OPENSTACK_CONFIG_FILE + value: {{ $dbToDrop.configFile | quote }} + - name: OPENSTACK_CONFIG_DB_SECTION + value: {{ $dbToDrop.configDbSection | quote }} + - name: OPENSTACK_CONFIG_DB_KEY + value: {{ $dbToDrop.configDbKey | quote }} +{{- end }} +{{- if eq $dbToDropType "secret" }} + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToDrop.userSecret | quote }} + key: DB_CONNECTION +{{- end }} + command: + - /tmp/db-drop.py + volumeMounts: + - name: db-drop-sh + mountPath: /tmp/db-drop.py + subPath: db-drop.py + readOnly: true +{{- if eq $dbToDropType "oslo" }} + - name: etc-service + mountPath: {{ dir $dbToDrop.configFile | quote }} + - name: db-drop-conf + mountPath: {{ $dbToDrop.configFile | quote }} + subPath: {{ base $dbToDrop.configFile | quote }} + readOnly: true +{{- end }} +{{- end }} + volumes: + - name: db-drop-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- $local := dict "configMapBinFirst" true -}} +{{- range $key1, $dbToDrop := $dbsToDrop }} +{{- $dbToDropType := default "oslo" $dbToDrop.inputType }} +{{- if and (eq $dbToDropType "oslo") $local.configMapBinFirst }} +{{- $_ := set $local "configMapBinFirst" false }} + - name: etc-service + emptyDir: {} + - name: db-drop-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl new file mode 100644 index 000000000..c325ccf92 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl @@ -0,0 +1,120 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db creation and user management. +# It can be used in charts dict created similar to the following: +# {- $dbToInitJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbToInitJob | include "helm-toolkit.manifests.job_db_init_mysql" } +# +# If the service does not use olso then the db can be managed with: +# {- $dbToInit := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.horizon -} +# {- $dbToInitJob := dict "envAll" . "serviceName" "horizon" "dbToInit" $dbToInit -} +# { $dbToInitJob | include "helm-toolkit.manifests.job_db_init_mysql" } + +{{- define "helm-toolkit.manifests.job_db_init_mysql" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.db_init -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $dbToInit := index . "dbToInit" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} +{{- $dbsToInit := default (list $dbToInit) (index . "dbsToInit") }} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-init" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-init" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $dbToInit := $dbsToInit }} +{{ $dbToInitType := default "oslo" $dbToInit.inputType }} + - name: {{ printf "%s-%s-%d" $serviceNamePretty "db-init" $key1 | quote }} + image: {{ $envAll.Values.images.tags.db_init }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToInit.adminSecret | quote }} + key: DB_CONNECTION +{{- if eq $dbToInitType "oslo" }} + - name: OPENSTACK_CONFIG_FILE + value: {{ $dbToInit.configFile | quote }} + - name: OPENSTACK_CONFIG_DB_SECTION + value: {{ $dbToInit.configDbSection | quote }} + - name: OPENSTACK_CONFIG_DB_KEY + value: {{ $dbToInit.configDbKey | quote }} +{{- end }} +{{- if eq $dbToInitType "secret" }} + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToInit.userSecret | quote }} + key: DB_CONNECTION +{{- end }} + command: + - /tmp/db-init.py + volumeMounts: + - name: db-init-sh + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true +{{- if eq $dbToInitType "oslo" }} + - name: etc-service + mountPath: {{ dir $dbToInit.configFile | quote }} + - name: db-init-conf + mountPath: {{ $dbToInit.configFile | quote }} + subPath: {{ base $dbToInit.configFile | quote }} + readOnly: true +{{- end }} +{{- end }} + volumes: + - name: db-init-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- $local := dict "configMapBinFirst" true -}} +{{- range $key1, $dbToInit := $dbsToInit }} +{{- $dbToInitType := default "oslo" $dbToInit.inputType }} +{{- if and (eq $dbToInitType "oslo") $local.configMapBinFirst }} +{{- $_ := set $local "configMapBinFirst" false }} + - name: etc-service + emptyDir: {} + - name: db-init-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl new file mode 100644 index 000000000..9ce476268 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl @@ -0,0 +1,94 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db migration and management. +# It can be used in charts dict created similar to the following: +# {- $dbSyncJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" } + +{{- define "helm-toolkit.manifests.job_db_sync" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := $envAll.Values.dependencies.static.db_sync }} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $podVolMounts := index . "podVolMounts" | default false -}} +{{- $podVols := index . "podVols" | default false -}} +{{- $podEnvVars := index . "podEnvVars" | default false -}} +{{- $dbToSync := index . "dbToSync" | default ( dict "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "image" ( index $envAll.Values.images.tags ( printf "%s_db_sync" $serviceName )) ) -}} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-sync" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} + image: {{ $dbToSync.image | quote }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{- if $podEnvVars }} + env: +{{ $podEnvVars | toYaml | indent 12 }} +{{- end }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etc-service + mountPath: {{ dir $dbToSync.configFile | quote }} + - name: db-sync-conf + mountPath: {{ $dbToSync.configFile | quote }} + subPath: {{ base $dbToSync.configFile | quote }} + readOnly: true +{{- if $podVolMounts }} +{{ $podVolMounts | toYaml | indent 12 }} +{{- end }} + volumes: + - name: db-sync-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + - name: etc-service + emptyDir: {} + - name: db-sync-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- if $podVols }} +{{ $podVols | toYaml | indent 8 }} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl new file mode 100644 index 000000000..303816149 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl @@ -0,0 +1,83 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone service management. +# It can be used in charts dict created similar to the following: +# {- $ksEndpointJob := dict "envAll" . "serviceName" "senlin" "serviceTypes" ( tuple "clustering" ) -} +# { $ksEndpointJob | include "helm-toolkit.manifests.job_ks_endpoints" } + +{{- define "helm-toolkit.manifests.job_ks_endpoints" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $serviceTypes := index . "serviceTypes" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.ks_endpoints -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "ks-endpoints" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "ks-endpoints" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := $serviceTypes }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ printf "%s-%s-%s" $osServiceType "ks-endpoints" $osServiceEndPoint | quote }} + image: {{ $envAll.Values.images.tags.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint | quote }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType | quote }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl new file mode 100644 index 000000000..9a7c4e932 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone service management. +# It can be used in charts dict created similar to the following: +# {- $ksServiceJob := dict "envAll" . "serviceName" "senlin" "serviceTypes" ( tuple "clustering" ) -} +# { $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" } + +{{- define "helm-toolkit.manifests.job_ks_service" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $serviceTypes := index . "serviceTypes" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.ks_service -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "ks-service" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "ks-service" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := $serviceTypes }} + - name: {{ printf "%s-%s" $osServiceType "ks-service-registration" | quote }} + image: {{ $envAll.Values.images.tags.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType | quote }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl new file mode 100644 index 000000000..c4908637c --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -0,0 +1,83 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone user management. +# It can be used in charts dict created similar to the following: +# {- $ksUserJob := dict "envAll" . "serviceName" "senlin" } +# { $ksUserJob | include "helm-toolkit.manifests.job_ks_user" } + +{{- define "helm-toolkit.manifests.job_ks_user" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.ks_user -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceUser := index . "serviceUser" | default $serviceName -}} +{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "ks-user" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceUserPretty "ks-user" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName | quote }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ks-user + image: {{ $envAll.Values.images.tags.ks_user }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: {{ $serviceName | quote }} +{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLES + {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }} + {{- if kindIs "slice" $serviceOsRoles }} + value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }} + {{- else }} + value: {{ $serviceOsRoles | quote }} + {{- end }} + volumes: + - name: ks-user-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl new file mode 100644 index 000000000..bbbde4f8b --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -0,0 +1,74 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.manifests.job_rabbit_init" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.rabbit_init -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceUser := index . "serviceUser" | default $serviceName -}} +{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "rabbit-init" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceUserPretty "rabbit-init" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "rabbit-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName | quote }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: rabbit-init + image: {{ $envAll.Values.images.tags.rabbit_init | quote }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.rabbit_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/rabbit-init.sh + volumeMounts: + - name: rabbit-init-sh + mountPath: /tmp/rabbit-init.sh + subPath: rabbit-init.sh + readOnly: true + env: + - name: RABBITMQ_ADMIN_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $envAll.Values.secrets.oslo_messaging.admin }} + key: RABBITMQ_CONNECTION + - name: RABBITMQ_USER_CONNECTION + valueFrom: + secretKeyRef: + name: {{ index $envAll.Values.secrets.oslo_messaging $serviceName }} + key: RABBITMQ_CONNECTION + volumes: + - name: rabbit-init-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_service-ingress.tpl b/helm-toolkit/templates/manifests/_service-ingress.tpl new file mode 100644 index 000000000..29be3f43b --- /dev/null +++ b/helm-toolkit/templates/manifests/_service-ingress.tpl @@ -0,0 +1,40 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for a services ingress rules. +# It can be used in charts dict created similar to the following: +# {- $serviceIngressOpts := dict "envAll" . "backendServiceType" "key-manager" -} +# { $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" } + +{{- define "helm-toolkit.manifests.service_ingress" -}} +{{- $envAll := index . "envAll" -}} +{{- $backendServiceType := index . "backendServiceType" -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- if index $envAll.Values.endpoints $backendServiceType }} +{{- if index $envAll.Values.endpoints $backendServiceType "ip" }} +{{- if index $envAll.Values.endpoints $backendServiceType "ip" "ingress" }} + clusterIP: {{ (index $envAll.Values.endpoints $backendServiceType "ip" "ingress") }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/scripts/_ks-user.sh.tpl b/helm-toolkit/templates/scripts/_ks-user.sh.tpl index 1b61371bd..72b81fc71 100644 --- a/helm-toolkit/templates/scripts/_ks-user.sh.tpl +++ b/helm-toolkit/templates/scripts/_ks-user.sh.tpl @@ -76,6 +76,10 @@ openstack user set --password="${SERVICE_OS_PASSWORD}" "${USER_ID}" openstack user show "${USER_ID}" function ks_assign_user_role () { + # Get user role + USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + # Manage user role assignment openstack role add \ --user="${USER_ID}" \ @@ -92,9 +96,10 @@ function ks_assign_user_role () { } # Manage user service role -export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ - "${SERVICE_OS_ROLE}"); -ks_assign_user_role +IFS=',' +for SERVICE_OS_ROLE in ${SERVICE_OS_ROLES}; do + ks_assign_user_role +done # Manage user member role : ${MEMBER_OS_ROLE:="_member_"} diff --git a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl new file mode 100644 index 000000000..6c45dba44 --- /dev/null +++ b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.rabbit_init" }} +#!/bin/bash +set -ex + +# Extract connection details +RABBIT_HOSTNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \ + | awk -F'[:/]' '{print $1}'` +RABBIT_PORT=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \ + | awk -F'[:/]' '{print $2}'` + +# Extract Admin User creadential +RABBITMQ_ADMIN_USERNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $4}'` +RABBITMQ_ADMIN_PASSWORD=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $5}'` + +# Extract User creadential +RABBITMQ_USERNAME=`echo $RABBITMQ_USER_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $4}'` +RABBITMQ_PASSWORD=`echo $RABBITMQ_USER_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $5}'` + +# Using admin creadential, list current rabbitmq users +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \ + list users + +# if user already exist, credentials will be overwritten +# Using admin creadential, adding new admin rabbitmq user" +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \ + declare user name=$RABBITMQ_USERNAME password=$RABBITMQ_PASSWORD \ + tags="administrator" + +# Declare permissions for new user +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \ + declare permission vhost="/" user=$RABBITMQ_USERNAME \ + configure=".*" write=".*" read=".*" + +# Using new user creadential, list current rabbitmq users +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_USERNAME --password=$RABBITMQ_PASSWORD \ + list users + +# Using new user creadential, list permissions +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_USERNAME --password=$RABBITMQ_PASSWORD \ + list permissions + +{{- end }} diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl index 5da4a0fbf..76e6bb3c4 100644 --- a/helm-toolkit/templates/scripts/_rally_test.sh.tpl +++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl @@ -19,19 +19,45 @@ limitations under the License. set -ex {{- $rallyTests := index . 0 }} -: ${RALLY_ENV_NAME:="openstack-helm"} +: "${RALLY_ENV_NAME:="openstack-helm"}" + rally-manage db create -rally deployment create --fromenv --name ${RALLY_ENV_NAME} -rally deployment use ${RALLY_ENV_NAME} +cat > /tmp/rally-config.json << EOF +{ + "type": "ExistingCloud", + "auth_url": "${OS_AUTH_URL}", + "region_name": "${OS_REGION_NAME}", + "endpoint_type": "public", + "admin": { + "username": "${OS_USERNAME}", + "password": "${OS_PASSWORD}", + "project_name": "${OS_PROJECT_NAME}", + "user_domain_name": "${OS_USER_DOMAIN_NAME}", + "project_domain_name": "${OS_PROJECT_DOMAIN_NAME}" + }, + "users": [ + { + "username": "${SERVICE_OS_USERNAME}", + "password": "${SERVICE_OS_PASSWORD}", + "project_name": "${SERVICE_OS_PROJECT_NAME}", + "user_domain_name": "${SERVICE_OS_USER_DOMAIN_NAME}", + "project_domain_name": "${SERVICE_OS_PROJECT_DOMAIN_NAME}" + } + ] +} +EOF +rally deployment create --file /tmp/rally-config.json --name "${RALLY_ENV_NAME}" +rm -f /tmp/rally-config.json +rally deployment use "${RALLY_ENV_NAME}" rally deployment check {{- if $rallyTests.run_tempest }} -rally verify create-verifier --name ${RALLY_ENV_NAME}-tempest --type tempest -SERVICE_TYPE=$(rally deployment check | grep ${RALLY_ENV_NAME} | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n') -rally verify start --pattern tempest.api.$SERVICE_TYPE* -rally verify delete-verifier --id ${RALLY_ENV_NAME}-tempest --force +rally verify create-verifier --name "${RALLY_ENV_NAME}-tempest" --type tempest +SERVICE_TYPE="$(rally deployment check | grep "${RALLY_ENV_NAME}" | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n')" +rally verify start --pattern "tempest.api.${SERVICE_TYPE}*" +rally verify delete-verifier --id "${RALLY_ENV_NAME}-tempest" --force {{- end }} rally task validate /etc/rally/rally_tests.yaml rally task start /etc/rally/rally_tests.yaml -rally deployment destroy --deployment ${RALLY_ENV_NAME} +rally deployment destroy --deployment "${RALLY_ENV_NAME}" rally task sla-check {{- end }} diff --git a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl index 669daf02e..41915a78a 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl @@ -16,8 +16,18 @@ limitations under the License. {{- define "helm-toolkit.snippets.kubernetes_entrypoint_init_container" -}} {{- $envAll := index . 0 -}} -{{- $deps := index . 1 -}} +{{- $component := index . 1 -}} {{- $mounts := index . 2 -}} + +{{- $_ := set $envAll.Values "__kubernetes_entrypoint_init_container" dict -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" dict -}} +{{- if and ($envAll.Values.images.local_registry.active) (ne $component "image_repo_sync") -}} +{{- $_ := include "helm-toolkit.utils.merge" ( tuple $envAll.Values.__kubernetes_entrypoint_init_container.deps ( index $envAll.Values.dependencies.static $component ) $envAll.Values.dependencies.dynamic.common.local_image_registry ) -}} +{{- else -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" ( index $envAll.Values.dependencies.static $component ) -}} +{{- end -}} +{{- $deps := $envAll.Values.__kubernetes_entrypoint_init_container.deps }} + - name: init {{ tuple $envAll "dep_check" | include "helm-toolkit.snippets.image" | indent 2 }} env: @@ -33,14 +43,18 @@ limitations under the License. fieldPath: metadata.namespace - name: INTERFACE_NAME value: eth0 + - name: PATH + value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ - name: DEPENDENCY_SERVICE value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_service_list" }}" - name: DEPENDENCY_JOBS - value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}" + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}" - name: DEPENDENCY_DAEMONSET - value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.daemonset }}" + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.daemonset }}" - name: DEPENDENCY_CONTAINER - value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.container }}" + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.container }}" + - name: DEPENDENCY_POD + value: {{ if $deps.pod }}{{ toJson $deps.pod | quote }}{{ else }}""{{ end }} - name: COMMAND value: "echo done" command: diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl index 1284b36c9..f9f48ef7b 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl @@ -57,7 +57,7 @@ rules: {{ if eq $v "jobs" }} - jobs {{- end -}} - {{ if or (eq $v "daemonsets") (eq $v "jobs") }} + {{ if or (eq $v "pods") (eq $v "daemonsets") (eq $v "jobs") }} - pods {{- end -}} {{ if eq $v "services" }} diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl index 73bc903b9..e0a234f15 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl @@ -16,11 +16,21 @@ limitations under the License. {{- define "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" -}} {{- $envAll := index . 0 -}} -{{- $deps := index . 1 -}} +{{- $component := index . 1 -}} {{- $saName := index . 2 -}} {{- $saNamespace := $envAll.Release.Namespace }} {{- $randomKey := randAlphaNum 32 }} {{- $allNamespace := dict $randomKey "" }} + +{{- $_ := set $envAll.Values "__kubernetes_entrypoint_init_container" dict -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" dict -}} +{{- if and ($envAll.Values.images.local_registry.active) (ne $component "image_repo_sync") -}} +{{- $_ := include "helm-toolkit.utils.merge" ( tuple $envAll.Values.__kubernetes_entrypoint_init_container.deps ( index $envAll.Values.dependencies.static $component ) $envAll.Values.dependencies.dynamic.common.local_image_registry ) -}} +{{- else -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" ( index $envAll.Values.dependencies.static $component ) -}} +{{- end -}} +{{- $deps := $envAll.Values.__kubernetes_entrypoint_init_container.deps }} + --- apiVersion: v1 kind: ServiceAccount @@ -40,6 +50,8 @@ metadata: {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "jobs," ((index $allNamespace $saNamespace) | default "")) }} {{- else if and (eq $k "daemonset") $v }} {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }} +{{- else if and (eq $k "pod") $v }} +{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }} {{- end -}} {{- end -}} {{- $_ := unset $allNamespace $randomKey }} diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl new file mode 100644 index 000000000..448b60f81 --- /dev/null +++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl @@ -0,0 +1,271 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.daemonset_overrides" }} + {{- $daemonset := index . 0 }} + {{- $daemonset_yaml := index . 1 }} + {{- $configmap_include := index . 2 }} + {{- $configmap_name := index . 3 }} + {{- $context := index . 4 }} + {{- $_ := unset $context ".Files" }} + {{- $_ := set $context.Values "__daemonset_yaml" $daemonset_yaml }} + {{- $daemonset_root_name := printf (print $context.Chart.Name "_" $daemonset) }} + {{- $_ := set $context.Values "__daemonset_list" list }} + {{- $_ := set $context.Values "__default" dict }} + {{- if hasKey $context.Values.conf "overrides" }} + {{- range $key, $val := $context.Values.conf.overrides }} + + {{- if eq $key $daemonset_root_name }} + {{- range $type, $type_data := . }} + + {{- if eq $type "hosts" }} + {{- range $host_data := . }} + {{/* dictionary that will contain all info needed to generate this + iteration of the daemonset */}} + {{- $current_dict := dict }} + + {{/* set daemonset name */}} + {{- $_ := set $current_dict "name" $host_data.name }} + + {{/* apply overrides */}} + {{- $override_conf_copy := $host_data.conf }} + {{- $root_conf_copy := omit $context.Values.conf "overrides" }} + {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} + {{- $root_conf_copy2 := dict "conf" $merged_dict }} + {{- $context_values := omit $context.Values "conf" }} + {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $current_dict "nodeData" $root_conf_copy4 }} + + {{/* Schedule to this host explicitly. */}} + {{- $nodeSelector_dict := dict }} + + {{- $_ := set $nodeSelector_dict "key" "kubernetes.io/hostname" }} + {{- $_ := set $nodeSelector_dict "operator" "In" }} + + {{- $values_list := list $host_data.name }} + {{- $_ := set $nodeSelector_dict "values" $values_list }} + + {{- $list_aggregate := list $nodeSelector_dict }} + {{- $_ := set $current_dict "matchExpressions" $list_aggregate }} + + {{/* store completed daemonset entry/info into global list */}} + {{- $list_aggregate := append $context.Values.__daemonset_list $current_dict }} + {{- $_ := set $context.Values "__daemonset_list" $list_aggregate }} + + {{- end }} + {{- end }} + + {{- if eq $type "labels" }} + {{- $_ := set $context.Values "__label_list" . }} + {{- range $label_data := . }} + {{/* dictionary that will contain all info needed to generate this + iteration of the daemonset. */}} + {{- $_ := set $context.Values "__current_label" dict }} + + {{/* set daemonset name */}} + {{- $_ := set $context.Values.__current_label "name" $label_data.label.key }} + + {{/* apply overrides */}} + {{- $override_conf_copy := $label_data.conf }} + {{- $root_conf_copy := omit $context.Values.conf "overrides" }} + {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} + {{- $root_conf_copy2 := dict "conf" $merged_dict }} + {{- $context_values := omit $context.Values "conf" }} + {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }} + + {{/* Schedule to the provided label value(s) */}} + {{- $label_dict := omit $label_data.label "NULL" }} + {{- $_ := set $label_dict "operator" "In" }} + {{- $list_aggregate := list $label_dict }} + {{- $_ := set $context.Values.__current_label "matchExpressions" $list_aggregate }} + + {{/* Do not schedule to other specified labels, with higher + precedence as the list position increases. Last defined label + is highest priority. */}} + {{- $other_labels := without $context.Values.__label_list $label_data }} + {{- range $label_data2 := $other_labels }} + {{- $label_dict := omit $label_data2.label "NULL" }} + + {{- $_ := set $label_dict "operator" "NotIn" }} + + {{- $list_aggregate := append $context.Values.__current_label.matchExpressions $label_dict }} + {{- $_ := set $context.Values.__current_label "matchExpressions" $list_aggregate }} + {{- end }} + {{- $_ := set $context.Values "__label_list" $other_labels }} + + {{/* Do not schedule to any other specified hosts */}} + {{- range $type, $type_data := $val }} + {{- if eq $type "hosts" }} + {{- range $host_data := . }} + {{- $label_dict := dict }} + + {{- $_ := set $label_dict "key" "kubernetes.io/hostname" }} + {{- $_ := set $label_dict "operator" "NotIn" }} + + {{- $values_list := list $host_data.name }} + {{- $_ := set $label_dict "values" $values_list }} + + {{- $list_aggregate := append $context.Values.__current_label.matchExpressions $label_dict }} + {{- $_ := set $context.Values.__current_label "matchExpressions" $list_aggregate }} + {{- end }} + {{- end }} + {{- end }} + + {{/* store completed daemonset entry/info into global list */}} + {{- $list_aggregate := append $context.Values.__daemonset_list $context.Values.__current_label }} + {{- $_ := set $context.Values "__daemonset_list" $list_aggregate }} + {{- $_ := unset $context.Values "__current_label" }} + + {{- end }} + {{- end }} + {{- end }} + + {{/* scheduler exceptions for the default daemonset */}} + {{- $_ := set $context.Values.__default "matchExpressions" list }} + + {{- range $type, $type_data := . }} + {{/* Do not schedule to other specified labels */}} + {{- if eq $type "labels" }} + {{- range $label_data := . }} + {{- $default_dict := omit $label_data.label "NULL" }} + + {{- $_ := set $default_dict "operator" "NotIn" }} + + {{- $list_aggregate := append $context.Values.__default.matchExpressions $default_dict }} + {{- $_ := set $context.Values.__default "matchExpressions" $list_aggregate }} + {{- end }} + {{- end }} + {{/* Do not schedule to other specified hosts */}} + {{- if eq $type "hosts" }} + {{- range $host_data := . }} + {{- $default_dict := dict }} + + {{- $_ := set $default_dict "key" "kubernetes.io/hostname" }} + {{- $_ := set $default_dict "operator" "NotIn" }} + + {{- $values_list := list $host_data.name }} + {{- $_ := set $default_dict "values" $values_list }} + + {{- $list_aggregate := append $context.Values.__default.matchExpressions $default_dict }} + {{- $_ := set $context.Values.__default "matchExpressions" $list_aggregate }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + + {{/* generate the default daemonset */}} + + {{/* set name */}} + {{- $_ := set $context.Values.__default "name" "default" }} + + {{/* no overrides apply, so copy as-is */}} + {{- $root_conf_copy1 := omit $context.Values.conf "overrides" }} + {{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }} + {{- $context_values := omit $context.Values "conf" }} + {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }} + + {{/* add to global list */}} + {{- $list_aggregate := append $context.Values.__daemonset_list $context.Values.__default }} + {{- $_ := set $context.Values "__daemonset_list" $list_aggregate }} + + {{- $_ := set $context.Values "__last_configmap_name" $configmap_name }} + {{- range $current_dict := $context.Values.__daemonset_list }} + + {{- $context_novalues := omit $context "Values" }} + {{- $merged_dict := merge $current_dict.nodeData $context_novalues }} + {{- $_ := set $current_dict "nodeData" $merged_dict }} + + {{/* name needs to be a DNS-1123 compliant name. Ensure lower case */}} + {{- $name_format1 := printf (print $daemonset_root_name "-" $current_dict.name) | lower }} + {{/* labels may contain underscores which would be invalid here, so we replace them with dashes + there may be other valid label names which would make for an invalid DNS-1123 name + but these will be easier to handle in future with sprig regex* functions + (not availabile in helm 2.5.1) */}} + {{- $name_format2 := $name_format1 | replace "_" "-" }} + {{/* To account for the case where the same label is defined multiple times in overrides + (but with different label values), we add a sha of the scheduling data to ensure + name uniqueness */}} + {{- $_ := set $current_dict "dns_1123_name" dict }} + {{- if hasKey $current_dict "matchExpressions" }} + {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }} + {{- else }} + {{- $_ := set $current_dict "dns_1123_name" $name_format2 }} + {{- end }} + + {{/* set daemonset metadata name */}} + {{- if not $context.Values.__daemonset_yaml.metadata }}{{- $_ := set $context.Values.__daemonset_yaml "metadata" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }} + {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }} + + {{/* set container name + assume not more than one container is defined */}} + {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }} + {{- $_ := set $container "name" $current_dict.dns_1123_name }} + {{- $cont_list := list $container }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }} + + {{/* cross-reference configmap name to container volume definitions */}} + {{- $_ := set $context.Values "__volume_list" list }} + {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }} + {{- $_ := set $context.Values "__volume" $current_volume }} + {{- if hasKey $context.Values.__volume "configMap" }} + {{- if eq $context.Values.__volume.configMap.name $context.Values.__last_configmap_name }} + {{- $_ := set $context.Values.__volume.configMap "name" $current_dict.dns_1123_name }} + {{- end }} + {{- end }} + {{- $updated_list := append $context.Values.__volume_list $context.Values.__volume }} + {{- $_ := set $context.Values "__volume_list" $updated_list }} + {{- end }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "volumes" $context.Values.__volume_list }} + + + {{/* populate scheduling restrictions */}} + {{- if hasKey $current_dict "matchExpressions" }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "spec" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec.affinity }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "affinity" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec.affinity "nodeAffinity" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity "requiredDuringSchedulingIgnoredDuringExecution" dict }}{{- end }} + {{- $match_exprs := dict }} + {{- $_ := set $match_exprs "matchExpressions" $current_dict.matchExpressions }} + {{- $appended_match_expr := list $match_exprs }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution "nodeSelectorTerms" $appended_match_expr }} + {{- end }} + + {{/* input value hash for current set of values overrides */}} + {{- if not $context.Values.__daemonset_yaml.spec }}{{- $_ := set $context.Values.__daemonset_yaml "spec" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template }}{{- $_ := set $context.Values.__daemonset_yaml.spec "template" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }} + {{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }} + {{- $values_hash := $cmap | quote | sha256sum }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }} + + {{/* generate configmap */}} +--- +{{ $cmap }} + {{/* generate daemonset yaml */}} +--- +{{ $context.Values.__daemonset_yaml | toYaml }} + {{- $_ := set $context.Values "__last_configmap_name" $current_dict.dns_1123_name }} + {{- end }} +{{- end }} diff --git a/helm-toolkit/templates/utils/_dependency_resolver.tpl b/helm-toolkit/templates/utils/_dependency_resolver.tpl new file mode 100644 index 000000000..b1b3bd4e5 --- /dev/null +++ b/helm-toolkit/templates/utils/_dependency_resolver.tpl @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.dependency_resolver" }} +{{- $envAll := index . "envAll" -}} +{{- $dependencyMixinParam := index . "dependencyMixinParam" -}} +{{- $dependencyKey := index . "dependencyKey" -}} +{{- if $dependencyMixinParam -}} +{{- $_ := set $envAll.Values "pod_dependency" dict -}} +{{- if kindIs "string" $dependencyMixinParam }} +{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency ( index $envAll.Values.dependencies.static $dependencyKey ) ( index $envAll.Values.dependencies.dynamic.targeted $dependencyMixinParam $dependencyKey ) ) -}} +{{- else if kindIs "slice" $dependencyMixinParam }} +{{- range $k, $v := $dependencyMixinParam -}} +{{- if not $envAll.Values.__deps }}{{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }}{{- end }} +{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}} +{{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}} +{{- end }} +{{- end }} +{{- else -}} +{{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}} +{{- end -}} +{{ $envAll.Values.pod_dependency | toYaml }} +{{- end }} diff --git a/helm-toolkit/templates/utils/_joinListWithSpace.tpl b/helm-toolkit/templates/utils/_joinListWithSpace.tpl new file mode 100644 index 000000000..5875a7cb1 --- /dev/null +++ b/helm-toolkit/templates/utils/_joinListWithSpace.tpl @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.joinListWithSpace" -}} +{{- $local := dict "first" true -}} +{{- range $k, $v := . -}}{{- if not $local.first -}}{{- " " -}}{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_to_kv_list.tpl b/helm-toolkit/templates/utils/_to_kv_list.tpl new file mode 100644 index 000000000..6f29dc65d --- /dev/null +++ b/helm-toolkit/templates/utils/_to_kv_list.tpl @@ -0,0 +1,42 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns key value pair in the INI format (key = value) +# as needed by openstack config files +# +# Sample key value pair format: +# conf: +# libvirt: +# log_level: 3 +# Usage: +# { include "helm-toolkit.utils.to_kv_list" .Values.conf.libvirt } +# returns: log_level = 3 + +{{- define "helm-toolkit.utils.to_kv_list" -}} +{{- range $key, $value := . -}} +{{- if kindIs "slice" $value }} +{{ $key }} = {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }} +{{- else if kindIs "string" $value }} +{{- if regexMatch "^[0-9]+$" $value }} +{{ $key }} = {{ $value }} +{{- else }} +{{ $key }} = {{ $value | quote }} +{{- end }} +{{- else }} +{{ $key }} = {{ $value }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_values_template_renderer.tpl b/helm-toolkit/templates/utils/_values_template_renderer.tpl new file mode 100644 index 000000000..4cc5471ed --- /dev/null +++ b/helm-toolkit/templates/utils/_values_template_renderer.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright 2018 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +This function renders out configuration sections into a format suitable for +incorporation into a config-map. This allows various forms of input to be +rendered out as appropriate, as illustrated in the following example: + +With the input: + + conf: + some: + config_to_render: | + #We can use all of gotpl here: eg macros, ranges etc. + Listen 0.0.0.0:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + config_to_complete: + #here we can fill out params, but things need to be valid yaml as input + '{{ .Release.Name }}': '{{ printf "%s-%s" .Release.Namespace "namespace" }}' + static_config: + #this is just passed though as yaml to the configmap + foo: bar + +And the template: + + {{- $envAll := . }} + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: application-etc + data: + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.some.config_to_render "key" "config_to_render.conf") | indent 2 }} + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.some.config_to_complete "key" "config_to_complete.yaml") | indent 2 }} + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.some.static_config "key" "static_config.yaml") | indent 2 }} + +The rendered output will match: + + apiVersion: v1 + kind: ConfigMap + metadata: + name: application-etc + data: + config_to_render.conf: | + #We can use all of gotpl here: eg macros, ranges etc. + Listen 0.0.0.0:80 + + config_to_complete.yaml: | + 'RELEASE-NAME': 'default-namespace' + + static_config.yaml: | + foo: bar + +*/}} + +{{- define "helm-toolkit.snippets.values_template_renderer" -}} +{{- $envAll := index . "envAll" -}} +{{- $template := index . "template" -}} +{{- $key := index . "key" -}} +{{- with $envAll -}} +{{- $templateRendered := tpl ( $template | toYaml ) . }} +{{- if hasPrefix "|\n" $templateRendered }} +{{ $key }}: {{ $templateRendered }} +{{- else }} +{{ $key }}: | +{{ $templateRendered | indent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kibana/templates/configmap-bin.yaml b/kibana/templates/configmap-bin.yaml index eb53b820f..61cadcdba 100644 --- a/kibana/templates/configmap-bin.yaml +++ b/kibana/templates/configmap-bin.yaml @@ -26,6 +26,6 @@ data: {{ tuple "bin/_apache.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} kibana.sh: | {{ tuple "bin/_kibana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/kibana/templates/configmap-etc.yaml b/kibana/templates/configmap-etc.yaml index 5b9800b92..09cf679ce 100644 --- a/kibana/templates/configmap-etc.yaml +++ b/kibana/templates/configmap-etc.yaml @@ -22,10 +22,10 @@ kind: ConfigMap metadata: name: kibana-etc data: - httpd.conf: |+ + httpd.conf: | {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - kibana-host.conf: |+ + kibana-host.conf: | {{- tuple .Values.conf.apache.host "etc/_kibana-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - kibana.yml: |+ + kibana.yml: | {{ toYaml .Values.conf.kibana | indent 4 }} {{- end }} diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index c9eb05191..25cc722a7 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -17,15 +17,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.kibana .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.kibana -}} -{{- end -}} {{- $serviceAccountName := "kibana" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "kibana" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -48,7 +42,7 @@ spec: nodeSelector: {{ .Values.labels.kibana.node_selector_key }}: {{ .Values.labels.kibana.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "kibana" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: apache-proxy {{ tuple $envAll "apache_proxy" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -58,7 +52,7 @@ spec: - start ports: - name: http - containerPort: 80 + containerPort: {{ tuple "kibana" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: KIBANA_PORT value: {{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} @@ -97,7 +91,7 @@ spec: - start ports: - name: kibana - containerPort: {{ .Values.network.kibana.port }} + containerPort: {{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: ELASTICSEARCH_URL value: {{ tuple "elasticsearch" "default" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} diff --git a/kibana/templates/ingress-kibana.yaml b/kibana/templates/ingress-kibana.yaml index 0454f73bf..66db94ce9 100644 --- a/kibana/templates/ingress-kibana.yaml +++ b/kibana/templates/ingress-kibana.yaml @@ -14,47 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress_kibana }} -{{- $envAll := . }} -{{- if .Values.network.kibana.ingress.public }} -{{- $backendServiceType := "kibana" }} -{{- $backendPort := "http" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.kibana.ingress.proxy_body_size }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.kibana.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "kibana" "backendServiceType" "kibana" "backendPort" "http" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/kibana/templates/job-image-repo-sync.yaml b/kibana/templates/job-image-repo-sync.yaml index b1e3adeb5..57c6f6b7a 100644 --- a/kibana/templates/job-image-repo-sync.yaml +++ b/kibana/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kibana-image-repo-sync" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/kibana/templates/service-ingress-kibana.yaml b/kibana/templates/service-ingress-kibana.yaml index 6c2fb838b..c78fc3a4f 100644 --- a/kibana/templates/service-ingress-kibana.yaml +++ b/kibana/templates/service-ingress-kibana.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress_kibana }} -{{- if .Values.network.kibana.ingress.public }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "kibana" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.kibana.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "kibana" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/kibana/templates/service.yaml b/kibana/templates/service.yaml index e2fd36cea..61ffab1e8 100644 --- a/kibana/templates/service.yaml +++ b/kibana/templates/service.yaml @@ -23,7 +23,7 @@ metadata: spec: ports: - name: http - port: 80 + port: {{ tuple "kibana" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.kibana.node_port.enabled }} nodePort: {{ .Values.network.kibana.node_port.port }} {{ end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index dd534f4a1..c6e4cbd9a 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -16,12 +16,15 @@ labels: kibana: node_selector_key: openstack-control-plane node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: apache_proxy: docker.io/httpd:2.4 - kibana: docker.elastic.co/kibana/kibana:6.2.2 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + kibana: docker.io/kibana:5.6.4 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -169,12 +172,18 @@ endpoints: port: kibana: default: 5601 + http: + default: 80 network: kibana: ingress: public: true - proxy_body_size: 1024M + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30905 @@ -184,9 +193,9 @@ manifests: configmap_bin: true configmap_etc: true deployment: true - ingress_kibana: true + ingress: true job_image_repo_sync: true secret_elasticsearch: true secret_admin: true service: true - service_ingress_kibana: true + service_ingress: true diff --git a/kube-dns/templates/configmap-bin.yaml b/kube-dns/templates/configmap-bin.yaml index 961d54d8a..d7d5f6aad 100644 --- a/kube-dns/templates/configmap-bin.yaml +++ b/kube-dns/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: kube-dns-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index b3d7c218e..d702a64c5 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -16,12 +16,6 @@ limitations under the License. {{- if .Values.manifests.deployment_kube_dns }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.kube_dns .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.kube_dns -}} -{{- end -}} --- apiVersion: extensions/v1beta1 kind: Deployment diff --git a/kube-dns/templates/job-image-repo-sync.yaml b/kube-dns/templates/job-image-repo-sync.yaml index 27a40e6a0..81078c9c1 100644 --- a/kube-dns/templates/job-image-repo-sync.yaml +++ b/kube-dns/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kube-dns-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index c365a769d..fff1ad953 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -15,15 +15,16 @@ # https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml new file mode 100644 index 000000000..194bdda23 --- /dev/null +++ b/nagios/Chart.yaml @@ -0,0 +1,22 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +description: OpenStack-Helm Nagios +name: nagios +version: 0.1.0 +home: https://www.nagios.org +sources: + - https://git.openstack.org/cgit/openstack/openstack-helm-addons +maintainers: + - name: OpenStack-Helm Authors diff --git a/nagios/requirements.yaml b/nagios/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/nagios/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/nagios/templates/_helpers.tpl b/nagios/templates/_helpers.tpl new file mode 100644 index 000000000..c689b0bbe --- /dev/null +++ b/nagios/templates/_helpers.tpl @@ -0,0 +1,41 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function defines commands, hosts, hostgroups, and services for nagios by +# consuming yaml trees to define the fields for these objects + +{{- define "nagios.object_definition" -}} +{{- $type := index . 0 }} +{{- $objects := index . 1 }} +{{- range $object := $objects }} +{{ range $config := $object }} +define {{ $type }} { +{{- range $key, $value := $config}} + {{ $key }} {{ $value }} +{{- end }} +} +{{end -}} +{{- end -}} +{{- end -}} + +{{- define "nagios.to_nagios_conf" -}} +{{- range $key, $value := . -}} +{{ if eq $key "cfg_file" }} +{{ range $file := $value -}} +{{ $key }}={{ $file }} +{{ end }} +{{- else }} +{{ $key }}={{ $value }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/nagios/templates/configmap-bin.yaml b/nagios/templates/configmap-bin.yaml new file mode 100644 index 000000000..5761d1a8d --- /dev/null +++ b/nagios/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nagios-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/nagios/templates/configmap-etc.yaml b/nagios/templates/configmap-etc.yaml new file mode 100644 index 000000000..75c9fa1f9 --- /dev/null +++ b/nagios/templates/configmap-etc.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nagios-etc +data: + nagios.cfg: |+ +{{ include "nagios.to_nagios_conf" .Values.conf.nagios.config | indent 4 }} + nagios_objects.cfg: |+ +{{- tuple "host" .Values.conf.nagios.hosts | include "nagios.object_definition" | indent 4 }} +{{- tuple "hostgroup" .Values.conf.nagios.host_groups | include "nagios.object_definition" | indent 4 }} +{{- tuple "command" .Values.conf.nagios.commands | include "nagios.object_definition" | indent 4 }} +{{- tuple "service" .Values.conf.nagios.services | include "nagios.object_definition" | indent 4 }} +{{- end }} diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml new file mode 100644 index 000000000..3a68572ae --- /dev/null +++ b/nagios/templates/deployment.yaml @@ -0,0 +1,102 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment }} +{{- $envAll := . }} + +{{- $serviceAccountName := "nagios" }} +{{ tuple $envAll "nagios" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $serviceAccountName }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nagios +spec: + replicas: {{ .Values.pod.replicas.nagios }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "nagios" "monitoring" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.nagios.node_selector_key }}: {{ .Values.labels.nagios.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.nagios.timeout | default "30" }} + initContainers: +{{ tuple $envAll "nagios" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: nagios +{{ tuple $envAll "nagios" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.nagios | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: metrics + containerPort: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: + - name: PROMETHEUS_SERVICE + value: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + volumeMounts: + - name: nagios-etc + mountPath: /opt/nagios/etc/nagios.cfg + subPath: nagios.cfg + readOnly: true + - name: nagios-etc + mountPath: /opt/nagios/etc/nagios_objects.cfg + subPath: nagios_objects.cfg + readOnly: true + volumes: + - name: nagios-etc + configMap: + name: nagios-etc + defaultMode: 0444 +{{- end }} diff --git a/nagios/templates/etc/_nagios.cfg.tpl b/nagios/templates/etc/_nagios.cfg.tpl new file mode 100644 index 000000000..c51fb6d4c --- /dev/null +++ b/nagios/templates/etc/_nagios.cfg.tpl @@ -0,0 +1,3 @@ +# Nagios Configuration File + +{{ .Values.conf.nagios.cfg }} diff --git a/nagios/templates/ingress-nagios.yaml b/nagios/templates/ingress-nagios.yaml new file mode 100644 index 000000000..89b6c1ba2 --- /dev/null +++ b/nagios/templates/ingress-nagios.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress .Values.network.nagios.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "nagios" "backendServiceType" "nagios" "backendPort" "metrics" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/nagios/templates/job-image-repo-sync.yaml b/nagios/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..61087759e --- /dev/null +++ b/nagios/templates/job-image-repo-sync.yaml @@ -0,0 +1,68 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} + +{{- $serviceAccountName := "nagios-image-repo-sync" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: nagios-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "nagios" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: nagios-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: nagios-bin + configMap: + name: nagios-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} diff --git a/nagios/templates/service-ingress-nagios.yaml b/nagios/templates/service-ingress-nagios.yaml new file mode 100644 index 000000000..c0b52cf17 --- /dev/null +++ b/nagios/templates/service-ingress-nagios.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress .Values.network.nagios.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "nagios" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/nagios/templates/service.yaml b/nagios/templates/service.yaml new file mode 100644 index 000000000..e878871fe --- /dev/null +++ b/nagios/templates/service.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "nagios" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: metrics + port: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.nagios.node_port.enabled }} + nodePort: {{ .Values.network.nagios.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "nagios" "monitoring" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.nagios.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/nagios/values.yaml b/nagios/values.yaml new file mode 100644 index 000000000..458b0160e --- /dev/null +++ b/nagios/values.yaml @@ -0,0 +1,293 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for nagios. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + tags: + nagios: docker.io/srwilkers/prometheus-nagios:v0.1.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + nagios: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +dependencies: + dynamic: + common: + jobs: + - nagios-image-repo-sync + services: + - service: local_image_registry + endpoint: node + static: + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + nagios: + services: null + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + monitoring: + name: prometheus + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 9090 + public: 80 + nagios: + name: nagios + namespace: null + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + nagios: + default: 25 + +network: + nagios: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + node_port: + enabled: false + port: 30925 + +pod: + lifecycle: + upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + termination_grace_period: + nagios: + timeout: 30 + replicas: + nagios: 3 + resources: + enabled: false + nagios: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "100m" + jobs: + image_repo_sync: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "100m" + +manifests: + configmap_bin: true + configmap_etc: true + deployment: true + ingress: true + job_image_repo_sync: true + service: true + service_ingress: true + +conf: + nagios: + hosts: + - prometheus: + use: linux-server + host_name: prometheus + alias: "Prometheus Monitoring" + address: $PROMETHEUS_SERVICE + hostgroups: monitoring + host_groups: + - monitoring: + hostgroup_name: monitoring + alias: "Monitoring Instances" + members: prometheus + commands: + - check_prometheus: + command_name: check_prometheus + command_line: "$USER1$/check_prometheus_metric.sh -H $HOSTADDRESS$ -q '$ARG1$' -w $ARG2$ -c $ARG3$ -n $ARG4$ -m $ARG5$" + - check_prometheus_nan_ok: + command_name: check_prometheus_nan_ok + command_line: "$USER1$/check_prometheus_metric.sh -H $HOSTADDRESS$ -q '$ARG1$' -w $ARG2$ -c $ARG3$ -n $ARG4$ -m $ARG5$ -O" + - check_prometheus_extra_info: + command_name: check_prometheus_extra_info + command_line: "$USER1$/check_prometheus_metric.sh -H $HOSTADDRESS$ -q '$ARG1$' -w $ARG2$ -c $ARG3$ -n $ARG4$ -m $ARG5$ -i -t vector" + services: + - check_prometheus_replicas: + use: generic-service + host_name: prometheus + service_description: "Check Prometheus replicas" + check_command: check_prometheus_extra_info!kube_statefulset_status_replicas{namespace="openstack",statefulset="prometheus"}!3!2!prometheus_replicas!lt + check_interval: 1 + - check_alertmanager_replicas: + use: generic-service + host_name: prometheus + service_description: "Check Alertmanager replicas" + check_command: check_prometheus_extra_info!kube_statefulset_status_replicas{namespace="openstack",statefulset="alertmanager"}!3!2!alertmanager_replicas!lt + check_interval: 1 + config: + log_file: /opt/nagios/var/nagios.log + cfg_file: + - /opt/nagios/etc/nagios_objects.cfg + - /opt/nagios/etc/objects/commands.cfg + - /opt/nagios/etc/objects/contacts.cfg + - /opt/nagios/etc/objects/timeperiods.cfg + - /opt/nagios/etc/objects/templates.cfg + object_cache_file: /opt/nagios/var/objects.cache + precached_object_file: /opt/nagios/var/objects.precache + resource_file: /opt/nagios/etc/resource.cfg + status_file: /opt/nagios/var/status.dat + status_update_interval: 10 + nagios_user: nagios + nagios_group: nagios + check_external_commands: 1 + command_file: /opt/nagios/var/rw/nagios.cmd + lock_file: /opt/nagios/var/nagios.lock + temp_file: /opt/nagios/var/nagios.tmp + temp_path: /tmp + event_broker_options: -1 + log_rotation_method: d + log_archive_path: /opt/nagios/var/archives + use_syslog: 1 + log_service_retries: 1 + log_host_retries: 1 + log_event_handlers: 1 + log_initial_states: 0 + log_current_states: 1 + log_external_commands: 1 + log_passive_checks: 1 + service_inter_check_delay_method: s + max_service_check_spread: 30 + service_interleave_factor: s + host_inter_check_delay_method: s + max_host_check_spread: 30 + max_concurrent_checks: 0 + check_result_reaper_frequency: 10 + max_check_result_reaper_time: 30 + check_result_path: /opt/nagios/var/spool/checkresults + max_check_result_file_age: 3600 + cached_host_check_horizon: 15 + cached_service_check_horizon: 15 + enable_predictive_host_dependency_checks: 1 + enable_predictive_service_dependency_checks: 1 + soft_state_dependencies: 0 + auto_reschedule_checks: 0 + auto_rescheduling_interval: 30 + auto_rescheduling_window: 180 + service_check_timeout: 60 + host_check_timeout: 30 + event_handler_timeout: 30 + notification_timeout: 30 + ocsp_timeout: 5 + perfdata_timeout: 5 + retain_state_information: 1 + state_retention_file: /opt/nagios/var/retention.dat + retention_update_interval: 60 + use_retained_program_state: 1 + use_retained_scheduling_info: 1 + retained_host_attribute_mask: 0 + retained_service_attribute_mask: 0 + retained_process_host_attribute_mask: 0 + retained_process_service_attribute_mask: 0 + retained_contact_host_attribute_mask: 0 + retained_contact_service_attribute_mask: 0 + interval_length: 60 + check_for_updates: 1 + bare_update_check: 0 + use_aggressive_host_checking: 0 + execute_service_checks: 1 + accept_passive_service_checks: 1 + execute_host_checks: 1 + accept_passive_host_checks: 1 + enable_notifications: 1 + enable_event_handlers: 1 + process_performance_data: 0 + obsess_over_services: 0 + obsess_over_hosts: 0 + translate_passive_host_checks: 0 + passive_host_checks_are_soft: 0 + check_for_orphaned_services: 1 + check_for_orphaned_hosts: 1 + check_service_freshness: 1 + service_freshness_check_interval: 60 + check_host_freshness: 0 + host_freshness_check_interval: 60 + additional_freshness_latency: 15 + enable_flap_detection: 1 + low_service_flap_threshold: 5.0 + high_service_flap_threshold: 20.0 + low_host_flap_threshold: 5.0 + high_host_flap_threshold: 20.0 + date_format: us + use_regexp_matching: 0 + use_true_regexp_matching: 0 + daemon_dumps_core: 0 + use_large_installation_tweaks: 0 + enable_environment_macros: 0 + debug_level: 0 + debug_verbosity: 1 + debug_file: /opt/nagios/var/nagios.debug + max_debug_file_size: 1000000 + allow_empty_hostgroup_assignment: 0 diff --git a/nfs-provisioner/templates/configmap-bin.yaml b/nfs-provisioner/templates/configmap-bin.yaml index 37e65dcfc..351993b2e 100644 --- a/nfs-provisioner/templates/configmap-bin.yaml +++ b/nfs-provisioner/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: nfs-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/nfs-provisioner/templates/deployment.yaml b/nfs-provisioner/templates/deployment.yaml index 428727f8b..a642d589d 100644 --- a/nfs-provisioner/templates/deployment.yaml +++ b/nfs-provisioner/templates/deployment.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.nfs .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.nfs -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "nfs-provisioner"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "nfs" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -114,9 +108,9 @@ spec: affinity: {{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.nfs.node_selector_key }}: {{ .Values.labels.nfs.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "nfs" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: nfs-provisioner {{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/nfs-provisioner/templates/job-image-repo-sync.yaml b/nfs-provisioner/templates/job-image-repo-sync.yaml index 6d3b1b7c3..f409b89ff 100644 --- a/nfs-provisioner/templates/job-image-repo-sync.yaml +++ b/nfs-provisioner/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "nfs-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml index e3b988226..b05819fff 100644 --- a/nfs-provisioner/values.yaml +++ b/nfs-provisioner/values.yaml @@ -47,7 +47,7 @@ pod: images: tags: nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -69,8 +69,12 @@ storage: size: 10Gi labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + nfs: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled storageclass: #NOTE(portdirect): Unless explicity set the provisioner name will be generated diff --git a/playbooks/osh-infra-build.retry b/playbooks/osh-infra-build.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-build.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-build.yaml b/playbooks/osh-infra-build.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-build.yaml rename to playbooks/osh-infra-build.yaml diff --git a/tools/gate/playbooks/osh-infra-collect-logs.yaml b/playbooks/osh-infra-collect-logs.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-collect-logs.yaml rename to playbooks/osh-infra-collect-logs.yaml diff --git a/playbooks/osh-infra-deploy-charts.retry b/playbooks/osh-infra-deploy-charts.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-deploy-charts.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-deploy-charts.yaml b/playbooks/osh-infra-deploy-charts.yaml similarity index 95% rename from tools/gate/playbooks/osh-infra-deploy-charts.yaml rename to playbooks/osh-infra-deploy-charts.yaml index b991e9e46..6e0303cd4 100644 --- a/tools/gate/playbooks/osh-infra-deploy-charts.yaml +++ b/playbooks/osh-infra-deploy-charts.yaml @@ -26,7 +26,7 @@ - hosts: primary vars_files: - vars.yaml - - ../chart-deploys/default.yaml + - ../tools/gate/chart-deploys/default.yaml vars: work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}" logs_dir: "/tmp/logs" diff --git a/tools/gate/playbooks/osh-infra-deploy-docker.yaml b/playbooks/osh-infra-deploy-docker.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-deploy-docker.yaml rename to playbooks/osh-infra-deploy-docker.yaml diff --git a/playbooks/osh-infra-deploy-k8s.retry b/playbooks/osh-infra-deploy-k8s.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-deploy-k8s.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-deploy-k8s.yaml b/playbooks/osh-infra-deploy-k8s.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-deploy-k8s.yaml rename to playbooks/osh-infra-deploy-k8s.yaml diff --git a/tools/gate/playbooks/osh-infra-docker.yaml b/playbooks/osh-infra-docker.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-docker.yaml rename to playbooks/osh-infra-docker.yaml diff --git a/tools/gate/playbooks/osh-infra-pull-images.yaml b/playbooks/osh-infra-pull-images.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-pull-images.yaml rename to playbooks/osh-infra-pull-images.yaml diff --git a/tools/gate/playbooks/osh-infra-upgrade-host.yaml b/playbooks/osh-infra-upgrade-host.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-upgrade-host.yaml rename to playbooks/osh-infra-upgrade-host.yaml diff --git a/playbooks/roles b/playbooks/roles new file mode 120000 index 000000000..d8c4472ca --- /dev/null +++ b/playbooks/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/tools/gate/playbooks/vars.yaml b/playbooks/vars.yaml similarity index 96% rename from tools/gate/playbooks/vars.yaml rename to playbooks/vars.yaml index 43ff187bb..184c1d8f9 100644 --- a/tools/gate/playbooks/vars.yaml +++ b/playbooks/vars.yaml @@ -17,6 +17,11 @@ version: helm: v2.7.2 cni: v0.6.0 +proxy: + http: null + https: null + noproxy: null + docker: insecure_registries: [] diff --git a/tools/gate/playbooks/zuul-linter.yaml b/playbooks/zuul-linter.yaml similarity index 100% rename from tools/gate/playbooks/zuul-linter.yaml rename to playbooks/zuul-linter.yaml diff --git a/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl b/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl index a6e08849d..26f6a9183 100644 --- a/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl +++ b/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl @@ -31,7 +31,7 @@ function generate_peers () { final_pod_suffix=$(( {{ .Values.pod.replicas.alertmanager }}-1 )) for pod_suffix in `seq 0 "$final_pod_suffix"` do - echo -mesh.peer={{ .Release.Name }}-$pod_suffix.$DISCOVERY_SVC:6783 + echo -mesh.peer={{ .Release.Name }}-$pod_suffix.$DISCOVERY_SVC:$MESH_PORT done } diff --git a/prometheus-alertmanager/templates/configmap-bin.yaml b/prometheus-alertmanager/templates/configmap-bin.yaml index 5ccd918c7..e60b2977f 100644 --- a/prometheus-alertmanager/templates/configmap-bin.yaml +++ b/prometheus-alertmanager/templates/configmap-bin.yaml @@ -24,6 +24,6 @@ metadata: data: alertmanager.sh: | {{ tuple "bin/_alertmanager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus-alertmanager/templates/configmap-etc.yaml b/prometheus-alertmanager/templates/configmap-etc.yaml index 177b0fb91..00517a079 100644 --- a/prometheus-alertmanager/templates/configmap-etc.yaml +++ b/prometheus-alertmanager/templates/configmap-etc.yaml @@ -22,8 +22,8 @@ kind: ConfigMap metadata: name: alertmanager-etc data: - alertmanager.yml: |+ + alertmanager.yml: | {{ toYaml .Values.conf.alertmanager | indent 4 }} - alert-templates.tmpl: |+ + alert-templates.tmpl: | {{ toYaml .Values.conf.alert_templates | indent 4 }} {{- end }} diff --git a/prometheus-alertmanager/templates/ingress-alertmanager.yaml b/prometheus-alertmanager/templates/ingress-alertmanager.yaml index 490aa780c..41ca10f34 100644 --- a/prometheus-alertmanager/templates/ingress-alertmanager.yaml +++ b/prometheus-alertmanager/templates/ingress-alertmanager.yaml @@ -14,47 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress }} -{{- $envAll := . }} -{{- if .Values.network.alertmanager.ingress.public }} -{{- $backendServiceType := "alerts" }} -{{- $backendPort := "alerts-api" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.alertmanager.ingress.proxy_body_size }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.alertmanager.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "alertmanager" "backendServiceType" "alerts" "backendPort" "alerts-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/prometheus-alertmanager/templates/job-image-repo-sync.yaml b/prometheus-alertmanager/templates/job-image-repo-sync.yaml index ab9c87021..25ced0bd6 100644 --- a/prometheus-alertmanager/templates/job-image-repo-sync.yaml +++ b/prometheus-alertmanager/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "alertmanager-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-alertmanager/templates/service-discovery.yaml b/prometheus-alertmanager/templates/service-discovery.yaml index ba82edf58..9485f3666 100644 --- a/prometheus-alertmanager/templates/service-discovery.yaml +++ b/prometheus-alertmanager/templates/service-discovery.yaml @@ -26,7 +26,7 @@ spec: clusterIP: None ports: - name: peer-mesh - port: {{ .Values.network.alertmanager.mesh_port }} + port: {{ tuple "alerts" "internal" "mesh" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "alertmanager" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml b/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml index 826f0e5f0..809cf5aeb 100644 --- a/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml +++ b/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress }} -{{- $envAll := . }} -{{- if .Values.network.alertmanager.ingress.public }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "alerts" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.alertmanager.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "alerts" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/prometheus-alertmanager/templates/service.yaml b/prometheus-alertmanager/templates/service.yaml index fb17dfca3..9667ac26e 100644 --- a/prometheus-alertmanager/templates/service.yaml +++ b/prometheus-alertmanager/templates/service.yaml @@ -27,7 +27,7 @@ spec: {{ if .Values.network.alertmanager.node_port.enabled }} nodePort: {{ .Values.network.alertmanager.node_port.port }} {{ end }} - port: {{ .Values.network.alertmanager.port }} + port: {{ tuple "alerts" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "alertmanager" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ if .Values.network.alertmanager.node_port.enabled }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index 0cb683180..39d198a88 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -16,18 +16,12 @@ limitations under the License. {{- if .Values.manifests.statefulset }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.alertmanager .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.alertmanager -}} -{{- end -}} {{- $mounts_alertmanager := .Values.pod.mounts.alertmanager.alertmanager }} {{- $mounts_alertmanager_init := .Values.pod.mounts.alertmanager.init_container }} {{- $serviceAccountName := "alertmanager"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "alertmanager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: StatefulSet @@ -48,10 +42,10 @@ spec: affinity: {{ tuple $envAll "alertmanager" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.alertmanager.node_selector_key }}: {{ .Values.labels.alertmanager.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.alertmanager.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "alertmanager" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: alertmanager-perms {{ tuple $envAll "alertmanager" | include "helm-toolkit.snippets.image" | indent 10 }} securityContext: @@ -81,15 +75,17 @@ spec: env: - name: DISCOVERY_SVC value: {{ tuple "alerts" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: MESH_PORT + value: {{ tuple "alerts" "internal" "mesh" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} ports: - name: alerts-api - containerPort: {{ .Values.network.alertmanager.port }} + containerPort: {{ tuple "alerts" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: peer-mesh - containerPort: {{ .Values.network.alertmanager.mesh_port }} + containerPort: {{ tuple "alerts" "internal" "mesh" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /#/status - port: {{ .Values.network.alertmanager.port }} + port: {{ tuple "alerts" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml index 2df5acca7..2806cc036 100644 --- a/prometheus-alertmanager/values.yaml +++ b/prometheus-alertmanager/values.yaml @@ -20,7 +20,7 @@ images: tags: alertmanager: docker.io/prom/alertmanager:v0.11.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -30,8 +30,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + alertmanager: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -129,12 +133,14 @@ network: alertmanager: ingress: public: true - proxy_body_size: 1024M + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30903 - port: 9093 - mesh_port: 6783 storage: enabled: true diff --git a/prometheus-kube-state-metrics/templates/configmap-bin.yaml b/prometheus-kube-state-metrics/templates/configmap-bin.yaml index c360c8f58..83217621d 100644 --- a/prometheus-kube-state-metrics/templates/configmap-bin.yaml +++ b/prometheus-kube-state-metrics/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: kube-metrics-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index 89b1a7de7..98d710b56 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.kube_state_metrics .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.kube_state_metrics -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "kube-state-metrics"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "kube_state_metrics" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole @@ -98,15 +92,15 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.kube_state_metrics.node_selector_key }}: {{ .Values.labels.kube_state_metrics.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.kube_state_metrics.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "kube_state_metrics" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: kube-state-metrics {{ tuple $envAll "kube_state_metrics" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.kube_state_metrics | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ports: - name: metrics - containerPort: {{ .Values.network.kube_state_metrics.port }} + containerPort: {{ tuple "kube_state_metrics" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- end }} diff --git a/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml b/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml index 06d296077..f9e463c8d 100644 --- a/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml +++ b/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kube-metrics-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-kube-state-metrics/templates/service-controller-manager.yaml b/prometheus-kube-state-metrics/templates/service-controller-manager.yaml index b9a08b9b2..65ee4d35e 100644 --- a/prometheus-kube-state-metrics/templates/service-controller-manager.yaml +++ b/prometheus-kube-state-metrics/templates/service-controller-manager.yaml @@ -35,7 +35,7 @@ spec: clusterIP: None ports: - name: http-metrics - port: 10252 - targetPort: 10252 + port: {{ tuple "kube_controller_manager" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "kube_controller_manager" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP {{- end }} diff --git a/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml b/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml index bfc16a204..7bb2e8981 100644 --- a/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml +++ b/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml @@ -31,8 +31,8 @@ metadata: spec: ports: - name: http - port: {{ .Values.network.kube_state_metrics.port }} - targetPort: 8080 + port: {{ tuple "kube_state_metrics" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "kube_state_metrics" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "kube-state-metrics" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/prometheus-kube-state-metrics/templates/service-scheduler.yaml b/prometheus-kube-state-metrics/templates/service-scheduler.yaml index ef396a7e1..73b66ac79 100644 --- a/prometheus-kube-state-metrics/templates/service-scheduler.yaml +++ b/prometheus-kube-state-metrics/templates/service-scheduler.yaml @@ -35,7 +35,7 @@ spec: clusterIP: None ports: - name: http-metrics - port: 10251 - targetPort: 10251 + port: {{ tuple "kube_scheduler" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "kube_scheduler" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP {{- end }} diff --git a/prometheus-kube-state-metrics/values.yaml b/prometheus-kube-state-metrics/values.yaml index 22e07cfde..2448cfa78 100644 --- a/prometheus-kube-state-metrics/values.yaml +++ b/prometheus-kube-state-metrics/values.yaml @@ -19,7 +19,7 @@ images: tags: kube_state_metrics: quay.io/coreos/kube-state-metrics:v1.2.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -29,8 +29,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + kube_state_metrics: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -87,6 +91,8 @@ dependencies: services: - endpoint: internal service: local_image_registry + kube_state_metrics: + services: null endpoints: cluster_domain_suffix: cluster.local @@ -120,11 +126,17 @@ endpoints: default: 'http' path: default: /metrics + port: + metrics: + default: 10251 kube_controller_manager: scheme: default: 'http' path: default: /metrics + port: + metrics: + default: 10252 monitoring: prometheus: @@ -136,10 +148,6 @@ monitoring: kube_controller_manager: scrape: true -network: - kube_state_metrics: - port: 8080 - manifests: configmap_bin: true deployment: true diff --git a/prometheus-node-exporter/templates/configmap-bin.yaml b/prometheus-node-exporter/templates/configmap-bin.yaml index 9ffae3c66..1578a02fa 100644 --- a/prometheus-node-exporter/templates/configmap-bin.yaml +++ b/prometheus-node-exporter/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: node-exporter-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index b9658aacd..0c2b2af6e 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.node_exporter .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.node_exporter -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "node-exporter"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "node_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -54,14 +48,21 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.node_exporter.node_selector_key }}: {{ .Values.labels.node_exporter.node_selector_value }} hostNetwork: true hostPID: true initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "node_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: node-exporter {{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} + args: + - --collector.ntp + - --collector.ntp.server={{ .Values.conf.ntp_server_ip }} + - --collector.meminfo_numa + - --collector.bonding + - --collector.megacli + - --collector.mountstats ports: - name: metrics containerPort: {{ .Values.network.node_exporter.port }} diff --git a/prometheus-node-exporter/templates/job-image-repo-sync.yaml b/prometheus-node-exporter/templates/job-image-repo-sync.yaml index 7392f4bed..1f8813abd 100644 --- a/prometheus-node-exporter/templates/job-image-repo-sync.yaml +++ b/prometheus-node-exporter/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "node-exporter-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml index a35df2226..436483297 100644 --- a/prometheus-node-exporter/values.yaml +++ b/prometheus-node-exporter/values.yaml @@ -19,7 +19,7 @@ images: tags: node_exporter: docker.io/prom/node-exporter:v0.15.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -29,8 +29,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + node_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -138,3 +142,6 @@ manifests: daemonset: true job_image_repo_sync: true service: true + +conf: + ntp_server_ip: 127.0.0.1 diff --git a/prometheus-openstack-exporter/templates/configmap-bin.yaml b/prometheus-openstack-exporter/templates/configmap-bin.yaml index 1df9ef260..01447fa88 100644 --- a/prometheus-openstack-exporter/templates/configmap-bin.yaml +++ b/prometheus-openstack-exporter/templates/configmap-bin.yaml @@ -22,9 +22,9 @@ kind: ConfigMap metadata: name: prometheus-openstack-exporter-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - ks-user.sh: |+ + ks-user.sh: | {{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} prometheus-openstack-exporter.sh: | {{ tuple "bin/_prometheus-openstack-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 4a0e57028..9f7576cd0 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -17,15 +17,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} {{- $ksUserSecret := .Values.secrets.identity.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.prometheus_openstack_exporter .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.prometheus_openstack_exporter -}} -{{- end -}} {{- $serviceAccountName := "prometheus-openstack-exporter" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus_openstack_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -41,10 +35,10 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.openstack_exporter.node_selector_key }}: {{ .Values.labels.openstack_exporter.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_openstack_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus_openstack_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: openstack-metrics-exporter {{ tuple $envAll "prometheus_openstack_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml b/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml index ab71d7b63..20cde3f1d 100644 --- a/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml +++ b/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml @@ -17,11 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "prometheus-openstack-exporter-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} - +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -36,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 937f98424..2528e0cb9 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_ks_user }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.ks_user }} {{- $serviceAccountName := "prometheus-openstack-exporter-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "ks_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: prometheus-openstack-exporter-ks-user {{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index 0983b36e9..acfa49955 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -19,7 +19,7 @@ images: tags: prometheus_openstack_exporter: docker.io/rakeshpatnaik/prometheus-openstack-exporter:v0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 pull_policy: IfNotPresent @@ -30,8 +30,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + openstack_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: diff --git a/prometheus/templates/_helpers.tpl b/prometheus/templates/_helpers.tpl new file mode 100644 index 000000000..549762388 --- /dev/null +++ b/prometheus/templates/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function generates the command line flags passed to Prometheus at time of +# execution. This allows the Prometheus service configuration to be flexible, as +# the only way to define Prometheus's configuration is via command line flags. +# The yaml definition for these flags uses the full yaml path as the key, and +# replaces underscores with hyphens to match the syntax required for the flags +# generated (This is required due to Go's yaml parsing capabilities). +# For example: +# +# conf: +# prometheus: +# command_line_flags: +# storage.tsdb.max_block_duration: 2h +# +# Will generate the following flag: +# --storage.tsdb.max-block-duration=2h +# +# Prometheus's command flags can be found by either running 'prometheus -h' or +# 'prometheus --help-man' + +{{- define "prometheus.utils.command_line_flags" -}} +{{- range $flag, $value := . }} +{{- $flag := $flag | replace "_" "-" -}} +{{- if eq $flag "web.enable-admin-api" -}} +{{- if $value -}} +{{- printf "--%s" $flag }} +{{- end -}} +{{- else -}} +{{- $value := $value | toString }} +{{- printf "--%s=%s " $flag $value }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/prometheus/templates/bin/_prometheus.sh.tpl b/prometheus/templates/bin/_prometheus.sh.tpl index ad0d75c1e..bbdf28038 100644 --- a/prometheus/templates/bin/_prometheus.sh.tpl +++ b/prometheus/templates/bin/_prometheus.sh.tpl @@ -20,18 +20,8 @@ set -ex COMMAND="${@:-start}" function start () { - exec /bin/prometheus \ - --config.file=/etc/config/prometheus.yml \ - --log.level={{ .Values.conf.prometheus.log.level | quote }} \ - --query.max-concurrency={{ .Values.conf.prometheus.query.max_concurrency }} \ - --storage.tsdb.path={{ .Values.conf.prometheus.storage.tsdb.path }} \ - --storage.tsdb.retention={{ .Values.conf.prometheus.storage.tsdb.retention }} \ - --storage.tsdb.min-block-duration={{ .Values.conf.prometheus.storage.tsdb.min_block_duration }} \ - --storage.tsdb.max-block-duration={{ .Values.conf.prometheus.storage.tsdb.max_block_duration }} \ - {{ if .Values.conf.prometheus.web_admin_api.enabled }} - --web.enable-admin-api \ - {{ end }} - --query.timeout={{ .Values.conf.prometheus.query.timeout }} +{{ $flags := include "prometheus.utils.command_line_flags" .Values.conf.prometheus.command_line_flags }} + exec /bin/prometheus --config.file=/etc/config/prometheus.yml {{ $flags }} } function stop () { diff --git a/prometheus/templates/configmap-bin.yaml b/prometheus/templates/configmap-bin.yaml index 8aaf24e49..08b81e265 100644 --- a/prometheus/templates/configmap-bin.yaml +++ b/prometheus/templates/configmap-bin.yaml @@ -26,6 +26,6 @@ data: {{ tuple "bin/_prometheus.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} helm-tests.sh: | {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus/templates/configmap-etc.yaml b/prometheus/templates/configmap-etc.yaml index eaa0dee29..0f203faea 100644 --- a/prometheus/templates/configmap-etc.yaml +++ b/prometheus/templates/configmap-etc.yaml @@ -16,16 +16,28 @@ limitations under the License. {{- if .Values.manifests.configmap_etc }} {{- $envAll := . }} + +{{- if empty $envAll.Values.conf.prometheus.scrape_configs.rule_files -}} +{{- $_ := set $envAll.Values "__rule_files" ( list ) }} +{{- $rulesKeys := keys $envAll.Values.conf.prometheus.rules -}} +{{- range $rule := $rulesKeys }} +{{- $rulesFile := printf "/etc/config/rules/%s.rules" $rule }} +{{- $__rule_files := append $envAll.Values.__rule_files $rulesFile }} +{{- $_ := set $envAll.Values "__rule_files" $__rule_files }} +{{ end }} +{{- set .Values.conf.prometheus.scrape_configs "rule_files" $envAll.Values.__rule_files | quote | trunc 0 -}} +{{- end -}} + --- apiVersion: v1 kind: ConfigMap metadata: name: prometheus-etc data: - prometheus.yml: |+ + prometheus.yml: | {{ toYaml .Values.conf.prometheus.scrape_configs | indent 4 }} {{ range $key, $value := .Values.conf.prometheus.rules }} - {{ $key }}.rules: |+ + {{ $key }}.rules: | {{ toYaml $value | indent 4 }} {{ end }} {{- end }} diff --git a/prometheus/templates/ingress-prometheus.yaml b/prometheus/templates/ingress-prometheus.yaml index 6a62a94ec..ae2e9ad42 100644 --- a/prometheus/templates/ingress-prometheus.yaml +++ b/prometheus/templates/ingress-prometheus.yaml @@ -14,47 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress_prometheus }} -{{- $envAll := . }} -{{- if .Values.network.prometheus.ingress.public }} -{{- $backendServiceType := "monitoring" }} -{{- $backendPort := "prom-metrics" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.prometheus.ingress.proxy_body_size }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.prometheus.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "prometheus" "backendServiceType" "monitoring" "backendPort" "prom-metrics" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/prometheus/templates/job-image-repo-sync.yaml b/prometheus/templates/job-image-repo-sync.yaml index b239dfb71..302501cd2 100644 --- a/prometheus/templates/job-image-repo-sync.yaml +++ b/prometheus/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "prometheus-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus/templates/service-ingress-prometheus.yaml b/prometheus/templates/service-ingress-prometheus.yaml index 62bc2511b..57781c64a 100644 --- a/prometheus/templates/service-ingress-prometheus.yaml +++ b/prometheus/templates/service-ingress-prometheus.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress_prometheus }} -{{- if .Values.network.prometheus.ingress.public }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "monitoring" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.prometheus.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "monitoring" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/prometheus/templates/service.yaml b/prometheus/templates/service.yaml index 34e2e6772..5789727ee 100644 --- a/prometheus/templates/service.yaml +++ b/prometheus/templates/service.yaml @@ -31,7 +31,7 @@ metadata: spec: ports: - name: prom-metrics - port: {{ .Values.network.prometheus.port }} + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.prometheus.node_port.enabled }} nodePort: {{ .Values.network.prometheus.node_port.port }} {{ end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index df3e8ef8b..6e697d3da 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -16,18 +16,12 @@ limitations under the License. {{- if .Values.manifests.statefulset_prometheus }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.prometheus .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.prometheus -}} -{{- end -}} {{- $mounts_prometheus := .Values.pod.mounts.prometheus.prometheus }} {{- $mounts_prometheus_init := .Values.pod.mounts.prometheus.init_container }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "prometheus"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole @@ -89,10 +83,10 @@ spec: affinity: {{ tuple $envAll "prometheus" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.prometheus.node_selector_key }}: {{ .Values.labels.prometheus.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: prometheus-perms {{ tuple $envAll "prometheus" | include "helm-toolkit.snippets.image" | indent 10 }} securityContext: @@ -121,11 +115,11 @@ spec: {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ports: - name: prom-metrics - containerPort: {{ .Values.network.prometheus.port }} + containerPort: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /status - port: {{ .Values.network.prometheus.port }} + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 86fbf458b..0e73d90f8 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -21,7 +21,7 @@ images: tags: prometheus: docker.io/prom/prometheus:v2.0.0 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -31,8 +31,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + prometheus: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -156,11 +160,14 @@ network: prometheus: ingress: public: true - proxy_body_size: 1024M + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30900 - port: 9090 storage: enabled: true @@ -174,40 +181,30 @@ storage: manifests: configmap_bin: true configmap_etc: true - ingress_prometheus: true + ingress: true helm_tests: true job_image_repo_sync: true - service_ingress_prometheus: true + service_ingress: true service: true statefulset_prometheus: true conf: prometheus: - storage: - tsdb: - path: /var/lib/prometheus/data - retention: 7d - min_block_duration: 2h - max_block_duration: 6h - log: - format: logger:stdout?json=true - level: info - query: - max_concurrency: 20 - timeout: 2m - web_admin_api: - enabled: false + # Consumed by a prometheus helper function to generate the command line flags + # for configuring the prometheus service + command_line_flags: + log.level: info + query.max_concurrency: 20 + query.timeout: 2m + storage.tsdb.path: /var/lib/prometheus/data + storage.tsdb.retention: 7d + storage.tsdb.min_block_duration: 2h + storage.tsdb.max_block_duration: 2h + web.enable_admin_api: false scrape_configs: global: scrape_interval: 60s evaluation_interval: 60s - rule_files: - - /etc/config/rules/alertmanager.rules - - /etc/config/rules/etcd3.rules - - /etc/config/rules/kubernetes.rules - - /etc/config/rules/kube_apiserver.rules - - /etc/config/rules/kube_controller_manager.rules - - /etc/config/rules/kubelet.rules scrape_configs: - job_name: kubelet scheme: https diff --git a/redis/templates/configmap-bin.yaml b/redis/templates/configmap-bin.yaml index 50ee33613..76bb0a0ad 100644 --- a/redis/templates/configmap-bin.yaml +++ b/redis/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: redis-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/redis/templates/deployment.yaml b/redis/templates/deployment.yaml index 8066abf41..349912ce5 100644 --- a/redis/templates/deployment.yaml +++ b/redis/templates/deployment.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.redis .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.redis -}} -{{- end -}} {{- $serviceAccountName := "redis"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "redis" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: Deployment @@ -42,9 +36,9 @@ spec: affinity: {{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.redis.node_selector_key }}: {{ .Values.labels.redis.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "redis" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: redis {{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/redis/templates/job-image-repo-sync.yaml b/redis/templates/job-image-repo-sync.yaml index 282b24845..63fe5ed0b 100644 --- a/redis/templates/job-image-repo-sync.yaml +++ b/redis/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "redis-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/redis/values.yaml b/redis/values.yaml index 388edee75..081d0e72b 100644 --- a/redis/values.yaml +++ b/redis/values.yaml @@ -20,7 +20,7 @@ images: tags: redis: docker.io/redis:4.0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -65,8 +65,12 @@ pod: cpu: "2000m" labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + redis: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled network: port: 6379 diff --git a/registry/templates/configmap-bin.yaml b/registry/templates/configmap-bin.yaml index 92a86a406..0f43eef89 100644 --- a/registry/templates/configmap-bin.yaml +++ b/registry/templates/configmap-bin.yaml @@ -22,10 +22,10 @@ kind: ConfigMap metadata: name: registry-bin data: - bootstrap.sh: |+ + bootstrap.sh: | {{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - registry.sh: |+ + registry.sh: | {{ tuple "bin/_registry.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - registry-proxy.sh: |+ + registry-proxy.sh: | {{ tuple "bin/_registry-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/registry/templates/configmap-etc.yaml b/registry/templates/configmap-etc.yaml index fe6ee325a..dc39a97cc 100644 --- a/registry/templates/configmap-etc.yaml +++ b/registry/templates/configmap-etc.yaml @@ -31,8 +31,8 @@ kind: ConfigMap metadata: name: registry-etc data: - config.yml: |+ + config.yml: | {{ toYaml .Values.conf.registry | indent 4 }} - default.conf: |+ + default.conf: | {{ tuple "etc/_default.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index 290b4f456..7c63e2d1f 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset_registry_proxy }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.registry_proxy .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.registry_proxy -}} -{{- end -}} {{- $serviceAccountName := "docker-registry-proxy"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "registry_proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: DaemonSet @@ -41,11 +35,11 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.registry.node_selector_key }}: {{ .Values.labels.registry.node_selector_value }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "registry_proxy" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: registry-proxy {{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 79dc540e3..f8d6dac3e 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment_registry }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.registry .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.registry -}} -{{- end -}} {{- $serviceAccountName := "docker-registry"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "registry" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: Deployment @@ -45,9 +39,9 @@ spec: affinity: {{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.registry.node_selector_key }}: {{ .Values.labels.registry.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "registry" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: registry {{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 01ba345e0..da5b9161c 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -17,15 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_bootstrap }} {{- $envAll := . }} {{- if .Values.bootstrap.enabled }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.bootstrap .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.bootstrap -}} -{{- end -}} {{- $serviceAccountName := "docker-bootstrap"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -40,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: docker-bootstrap {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/registry/values.yaml b/registry/values.yaml index 04423c182..0bbbe2d9a 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -18,8 +18,12 @@ # name: value labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + registry: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled release_group: null @@ -28,7 +32,7 @@ images: registry: docker.io/registry:2 registry_proxy: gcr.io/google_containers/kube-registry-proxy:0.4 bootstrap: docker.io/docker:17.07.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 pull_policy: "IfNotPresent" local_registry: active: false @@ -117,7 +121,7 @@ bootstrap: script: docker info preload_images: - - quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + - quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 dependencies: static: diff --git a/tools/gate/playbooks/build-helm-packages/tasks/main.yaml b/roles/build-helm-packages/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/build-helm-packages/tasks/main.yaml rename to roles/build-helm-packages/tasks/main.yaml diff --git a/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml b/roles/build-helm-packages/tasks/setup-helm-serve.yaml similarity index 100% rename from tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml rename to roles/build-helm-packages/tasks/setup-helm-serve.yaml diff --git a/tools/gate/playbooks/build-helm-packages/templates/helm-serve.service.j2 b/roles/build-helm-packages/templates/helm-serve.service.j2 similarity index 100% rename from tools/gate/playbooks/build-helm-packages/templates/helm-serve.service.j2 rename to roles/build-helm-packages/templates/helm-serve.service.j2 diff --git a/tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml b/roles/build-images/tasks/kubeadm-aio.yaml similarity index 69% rename from tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml rename to roles/build-images/tasks/kubeadm-aio.yaml index d56c54bca..ed3ed149b 100644 --- a/tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml +++ b/roles/build-images/tasks/kubeadm-aio.yaml @@ -35,7 +35,8 @@ # CNI_VERSION: "{{ version.cni }}" # HELM_VERSION: "{{ version.helm }}" # CHARTS: "calico,flannel,tiller,kube-dns" - - name: Kubeadm-AIO image build path + - name: Kubeadm-AIO image build path with proxy + when: proxy.http is defined and (proxy.http | trim != "") shell: |- set -e docker build \ @@ -47,7 +48,27 @@ --build-arg CNI_VERSION="{{ version.cni }}" \ --build-arg HELM_VERSION="{{ version.helm }}" \ --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ + --build-arg HTTP_PROXY="{{ proxy.http }}" \ + --build-arg HTTPS_PROXY="{{ proxy.https }}" \ + --build-arg NO_PROXY="{{ proxy.noproxy }}" \ . args: chdir: "{{ kubeadm_aio_path.stdout }}/" executable: /bin/bash + - name: Kubeadm-AIO image build path + when: proxy.http is undefined or (proxy.http | trim == "") + shell: |- + set -e + docker build \ + --network host \ + --force-rm \ + --tag "{{ images.kubernetes.kubeadm_aio }}" \ + --file tools/images/kubeadm-aio/Dockerfile \ + --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ + --build-arg CNI_VERSION="{{ version.cni }}" \ + --build-arg HELM_VERSION="{{ version.helm }}" \ + --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ + . + args: + chdir: "{{ kubeadm_aio_path.stdout }}/" + executable: /bin/bash \ No newline at end of file diff --git a/tools/gate/playbooks/build-images/tasks/main.yaml b/roles/build-images/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/build-images/tasks/main.yaml rename to roles/build-images/tasks/main.yaml diff --git a/tools/gate/playbooks/clean-host/tasks/main.yaml b/roles/clean-host/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/clean-host/tasks/main.yaml rename to roles/clean-host/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml similarity index 100% rename from tools/gate/playbooks/deploy-docker/tasks/deploy-ansible-docker-support.yaml rename to roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml diff --git a/tools/gate/playbooks/deploy-docker/tasks/main.yaml b/roles/deploy-docker/tasks/main.yaml similarity index 67% rename from tools/gate/playbooks/deploy-docker/tasks/main.yaml rename to roles/deploy-docker/tasks/main.yaml index f0d7e0cf5..48aa29be0 100644 --- a/tools/gate/playbooks/deploy-docker/tasks/main.yaml +++ b/roles/deploy-docker/tasks/main.yaml @@ -38,6 +38,32 @@ dest: /etc/systemd/system/docker.service mode: 0640 +# NOTE: (lamt) Setting up the proxy before installing docker +- name: ensure docker.service.d directory exists + when: proxy.http is defined and (proxy.http | trim != "") + file: + path: /etc/systemd/system/docker.service.d + state: directory + +- name: proxy | moving proxy systemd unit into place + when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") ) + template: + src: http-proxy.conf.j2 + dest: /etc/systemd/system/docker.service.d/http-proxy.conf + mode: 0640 + +- name: centos | add docker-ce repository + when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) + get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + +- name: fedora | add docker-ce repository + when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) + get_url: + url: https://download.docker.com/linux/fedora/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + - name: deploy docker packages when: need_docker | failed include_role: @@ -48,7 +74,7 @@ deb: - docker.io rpm: - - docker-latest + - docker-ce - name: if docker insecure registry is defined set_fact: diff --git a/tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 b/roles/deploy-docker/templates/centos-docker.service.j2 similarity index 64% rename from tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 rename to roles/deploy-docker/templates/centos-docker.service.j2 index dfac46188..ba9540e2d 100644 --- a/tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 +++ b/roles/deploy-docker/templates/centos-docker.service.j2 @@ -1,8 +1,8 @@ [Unit] Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=network.target -Wants=docker-latest-storage-setup.service +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target [Service] Type=notify @@ -10,13 +10,11 @@ NotifyAccess=all Environment=GOTRACEBACK=crash Environment=DOCKER_HTTP_HOST_COMPAT=1 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin -ExecStart=/usr/bin/dockerd-latest \ - --add-runtime docker-runc=/usr/libexec/docker/docker-runc-latest \ - --default-runtime=docker-runc \ +ExecStart=/usr/bin/dockerd \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ - -g /var/lib/docker \ - --storage-driver=overlay \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy \ + --data-root=/var/lib/docker \ + --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false ExecReload=/bin/kill -s HUP $MAINPID diff --git a/roles/deploy-docker/templates/daemon.json.j2 b/roles/deploy-docker/templates/daemon.json.j2 new file mode 100644 index 000000000..824f84849 --- /dev/null +++ b/roles/deploy-docker/templates/daemon.json.j2 @@ -0,0 +1,3 @@ +{ + "insecure-registries" : [{{ docker_insecure_registries }}] +} diff --git a/tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 b/roles/deploy-docker/templates/fedora-docker.service.j2 similarity index 55% rename from tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 rename to roles/deploy-docker/templates/fedora-docker.service.j2 index c6ba16b7d..e471b92f3 100644 --- a/tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 +++ b/roles/deploy-docker/templates/fedora-docker.service.j2 @@ -1,20 +1,19 @@ [Unit] Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=network.target docker-latest-containerd.service -Wants=docker-latest-storage-setup.service -Requires=docker-latest-containerd.service +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target [Service] Type=notify Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/dockerd-latest \ - --add-runtime oci=/usr/libexec/docker/docker-runc-latest \ - --default-runtime=oci \ - --containerd /run/containerd.sock \ +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ - -g /var/lib/docker \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy \ + --data-root=/var/lib/docker \ --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false diff --git a/roles/deploy-docker/templates/http-proxy.conf.j2 b/roles/deploy-docker/templates/http-proxy.conf.j2 new file mode 100644 index 000000000..90d8e1d53 --- /dev/null +++ b/roles/deploy-docker/templates/http-proxy.conf.j2 @@ -0,0 +1,4 @@ +[Service] +Environment="HTTP_PROXY={{ proxy.http }}" +Environment="HTTPS_PROXY={{ proxy.https }}" +Environment="NO_PROXY={{ proxy.noproxy }}" diff --git a/tools/gate/playbooks/deploy-docker/templates/ubuntu-docker.service.j2 b/roles/deploy-docker/templates/ubuntu-docker.service.j2 similarity index 100% rename from tools/gate/playbooks/deploy-docker/templates/ubuntu-docker.service.j2 rename to roles/deploy-docker/templates/ubuntu-docker.service.j2 diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml rename to roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml rename to roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml b/roles/deploy-helm-packages/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml rename to roles/deploy-helm-packages/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml b/roles/deploy-helm-packages/tasks/util-chart-group.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml rename to roles/deploy-helm-packages/tasks/util-chart-group.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml rename to roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-test.yaml b/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-test.yaml rename to roles/deploy-helm-packages/tasks/util-common-helm-test.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml rename to roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml similarity index 97% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml rename to roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml index 75338d2ba..afd5d371e 100644 --- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml +++ b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml @@ -16,7 +16,7 @@ vars: kubeadm_aio_action: clean-host block: - - name: "kubeadm-aio perfoming action: {{ kubeadm_aio_action }}" + - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}" become: true become_user: root docker_container: diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml rename to roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/main.yaml b/roles/deploy-kubeadm-aio-common/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/main.yaml rename to roles/deploy-kubeadm-aio-common/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml similarity index 97% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml rename to roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml index c184190ce..a634cd45f 100644 --- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml +++ b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml @@ -17,7 +17,7 @@ kubeadm_aio_action: null kubeadm_kubelet_labels: "" block: - - name: "perfoming {{ kubeadm_aio_action }} action" + - name: "performing {{ kubeadm_aio_action }} action" become: true become_user: root docker_container: diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-master/tasks/main.yaml b/roles/deploy-kubeadm-aio-master/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-master/tasks/main.yaml rename to roles/deploy-kubeadm-aio-master/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml b/roles/deploy-kubeadm-aio-node/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml rename to roles/deploy-kubeadm-aio-node/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml rename to roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml rename to roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml diff --git a/tools/gate/playbooks/deploy-package/tasks/dist.yaml b/roles/deploy-package/tasks/dist.yaml similarity index 100% rename from tools/gate/playbooks/deploy-package/tasks/dist.yaml rename to roles/deploy-package/tasks/dist.yaml diff --git a/tools/gate/playbooks/deploy-package/tasks/pip.yaml b/roles/deploy-package/tasks/pip.yaml similarity index 86% rename from tools/gate/playbooks/deploy-package/tasks/pip.yaml rename to roles/deploy-package/tasks/pip.yaml index f0c60206d..429bb50b3 100644 --- a/tools/gate/playbooks/deploy-package/tasks/pip.yaml +++ b/roles/deploy-package/tasks/pip.yaml @@ -15,6 +15,10 @@ - name: managing pip packages become: true become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" vars: state: present pip: diff --git a/tools/gate/playbooks/deploy-python-pip/tasks/main.yaml b/roles/deploy-python-pip/tasks/main.yaml similarity index 92% rename from tools/gate/playbooks/deploy-python-pip/tasks/main.yaml rename to roles/deploy-python-pip/tasks/main.yaml index 19cf5af98..a48868a54 100644 --- a/tools/gate/playbooks/deploy-python-pip/tasks/main.yaml +++ b/roles/deploy-python-pip/tasks/main.yaml @@ -39,6 +39,10 @@ - name: ensuring pip is the latest version become: true become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" pip: name: pip state: latest diff --git a/tools/gate/playbooks/deploy-python/tasks/main.yaml b/roles/deploy-python/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-python/tasks/main.yaml rename to roles/deploy-python/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-yq/tasks/main.yaml b/roles/deploy-yq/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-yq/tasks/main.yaml rename to roles/deploy-yq/tasks/main.yaml diff --git a/tools/gate/playbooks/describe-kubernetes-objects/tasks/main.yaml b/roles/describe-kubernetes-objects/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/describe-kubernetes-objects/tasks/main.yaml rename to roles/describe-kubernetes-objects/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-host-logs/tasks/main.yaml b/roles/gather-host-logs/tasks/main.yaml similarity index 95% rename from tools/gate/playbooks/gather-host-logs/tasks/main.yaml rename to roles/gather-host-logs/tasks/main.yaml index b4739b8e1..29f028e35 100644 --- a/tools/gate/playbooks/gather-host-logs/tasks/main.yaml +++ b/roles/gather-host-logs/tasks/main.yaml @@ -26,6 +26,7 @@ mount > {{ logs_dir }}/system/mount.txt docker images > {{ logs_dir }}/system/docker-images.txt brctl show > {{ logs_dir }}/system/brctl-show.txt + ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt args: executable: /bin/bash ignore_errors: True diff --git a/tools/gate/playbooks/gather-pod-logs/tasks/main.yaml b/roles/gather-pod-logs/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-pod-logs/tasks/main.yaml rename to roles/gather-pod-logs/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-prom-metrics/tasks/main.yaml b/roles/gather-prom-metrics/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-prom-metrics/tasks/main.yaml rename to roles/gather-prom-metrics/tasks/main.yaml diff --git a/tools/gate/playbooks/helm-release-status/tasks/main.yaml b/roles/helm-release-status/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/helm-release-status/tasks/main.yaml rename to roles/helm-release-status/tasks/main.yaml diff --git a/tools/gate/playbooks/pull-images/tasks/main.yaml b/roles/pull-images/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/pull-images/tasks/main.yaml rename to roles/pull-images/tasks/main.yaml diff --git a/tools/gate/playbooks/setup-firewall/tasks/main.yaml b/roles/setup-firewall/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/setup-firewall/tasks/main.yaml rename to roles/setup-firewall/tasks/main.yaml diff --git a/tools/gate/playbooks/upgrade-host/tasks/main.yaml b/roles/upgrade-host/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/upgrade-host/tasks/main.yaml rename to roles/upgrade-host/tasks/main.yaml diff --git a/tiller/templates/configmap-bin.yaml b/tiller/templates/configmap-bin.yaml index 540a978e9..2872fa982 100644 --- a/tiller/templates/configmap-bin.yaml +++ b/tiller/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: tiller-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml index f6917394d..dc9b863f9 100644 --- a/tiller/templates/deployment-tiller.yaml +++ b/tiller/templates/deployment-tiller.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment_tiller }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.tiller .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.tiller -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "tiller" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "tiller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -64,7 +58,7 @@ spec: name: tiller spec: initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "tiller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - env: - name: TILLER_NAMESPACE diff --git a/tiller/templates/job-image-repo-sync.yaml b/tiller/templates/job-image-repo-sync.yaml index 6f2400fa5..359a5d276 100644 --- a/tiller/templates/job-image-repo-sync.yaml +++ b/tiller/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kube-dns-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/tiller/values.yaml b/tiller/values.yaml index 8c577ee89..1203b3959 100644 --- a/tiller/values.yaml +++ b/tiller/values.yaml @@ -18,15 +18,16 @@ # name: value labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled release_group: null images: tags: tiller: gcr.io/kubernetes-helm/tiller:v2.7.2 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: diff --git a/tools/gate/chart-deploys/default.yaml b/tools/gate/chart-deploys/default.yaml index 75edaa183..3d6215da2 100644 --- a/tools/gate/chart-deploys/default.yaml +++ b/tools/gate/chart-deploys/default.yaml @@ -24,6 +24,7 @@ chart_groups: timeout: 600 charts: - prometheus + - nagios - prometheus_node_exporter - prometheus_kube_state_metrics - prometheus_alertmanager @@ -136,6 +137,16 @@ charts: ingress: public: false + nagios: + chart_name: nagios + release: nagios + namespace: openstack + values: + network: + nagios: + ingress: + public: false + prometheus_openstack_exporter: chart_name: prometheus-openstack-exporter release: prometheus-openstack-exporter diff --git a/tools/gate/devel/start.sh b/tools/gate/devel/start.sh index 9105b7c40..56a2a2340 100755 --- a/tools/gate/devel/start.sh +++ b/tools/gate/devel/start.sh @@ -94,7 +94,7 @@ function dump_logs () { trap 'dump_logs "$?"' ERR for PLAYBOOK in ${PLAYBOOKS}; do - ansible-playbook ${WORK_DIR}/tools/gate/playbooks/${PLAYBOOK}.yaml \ + ansible-playbook ${WORK_DIR}/playbooks/${PLAYBOOK}.yaml \ -i ${INVENTORY} \ --extra-vars=@${VARS} \ --extra-vars "work_dir=${WORK_DIR}" diff --git a/tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 b/tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 deleted file mode 100644 index 9e120371d..000000000 --- a/tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{ - "insecure-registries" : [{{ docker_insecure_registries }}] -} diff --git a/tools/images/kubeadm-aio/Dockerfile b/tools/images/kubeadm-aio/Dockerfile index df3d885a3..8f2caefe9 100644 --- a/tools/images/kubeadm-aio/Dockerfile +++ b/tools/images/kubeadm-aio/Dockerfile @@ -28,6 +28,18 @@ ENV HELM_VERSION ${HELM_VERSION} ARG CHARTS="calico,flannel,tiller,kube-dns" ENV CHARTS ${CHARTS} +ARG HTTP_PROXY="" +ENV HTTP_PROXY ${HTTP_PROXY} +ENV http_proxy ${HTTP_PROXY} + +ARG HTTPS_PROXY="" +ENV HTTPS_PROXY ${HTTPS_PROXY} +ENV https_proxy ${HTTPS_PROXY} + +ARG NO_PROXY="127.0.0.1,localhost,.svc.cluster.local" +ENV NO_PROXY ${NO_PROXY} +ENV no_proxy ${NO_PROXY} + ENV container="docker" \ DEBIAN_FRONTEND="noninteractive" \ CNI_BIN_DIR="/opt/cni/bin" diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml index 3e35cc774..c472ec29b 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml @@ -63,7 +63,7 @@ environment: KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - name: kubeadm | cni | calico - command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600 + command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set conf.node.IP_AUTODETECTION_METHOD="can-reach={% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600 environment: HELM_HOST: 'localhost:44134' - name: kubeadm | cni | calico diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 index 690a0a53d..1881eac1e 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 @@ -31,7 +31,6 @@ token: {{ kubeadm_bootstrap_token }} tokenTTL: 24h0m0s selfHosted: {{ k8s.selfHosted }} apiServerExtraArgs: - runtime-config: "batch/v2alpha1=true" service-node-port-range: "1024-65535" controllerManagerExtraArgs: address: "0.0.0.0" diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml index ff500c552..efaf2a87e 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml @@ -1,7 +1,9 @@ - - - name: "installing python {{ package }}" become: true become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" pip: name: "{{ package }}"