From c2040f36112b244d50920b91ef5fb401bc25a777 Mon Sep 17 00:00:00 2001 From: Madhukar Nayakbomman Date: Wed, 18 Apr 2018 16:14:25 -0700 Subject: [PATCH] Rebasing openstack-helm-infra Changes from below commits are been added as part of rebase OSH-Infra: Update labels for chart components This ps adds more granular node selectors for the charts in osh infra to match what is currently done in osh Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d Address errors with Elasticsearch and Kibana This moves Elasticsearch and Kibana to use the latest version (6.2.2), as the images we were using are no longer supported with the 6.x release. There was a change in the doc reference in the log entries that prevented the previous ES version from indexing those entries, resulting in a busted gate. Moving Kibana to 6.2.2 was required to match major/minor versions with Elasticsearch The Elasticsearch version change also required changing config file locations, changing the entrypoint used for launching the service, changing the running user for the elasticsearch service, and updated the ES tests as some of the API responses changed between versions This also required updating the elasticsearch template job as the mapping definition entries changed between versions Change-Id: Ia4cd9a66851754a1bb8f225c7e24513c43568e93 kube-state-metrics: use endpoints section and lookups to set port This PS moves kube-state-metrics to use the endpoints section and lookups to set the ports it serves on. Change-Id: Icb4757a59852e508148ca9f1e682c722e40042c9 Remove Api version requirement for CronJob Curator Curator job in Elasticsearch helm chart has a condition on api version batch/v2alpha1. Cronjob resource is deprecated in batch/v2alpha1 from k8s 1.8 and batch/v1beta1 is enabled by default. Remove the condition on API version as it is no more required. Closes-Bug: #1753524 Change-Id: Ia296b3742e655fae508e5d4402e7f3881db31688 KubeADM: force calico interface to match to same as kubelet This PS forces calico to use the same interface as the kubelet for inter-node communication. Change-Id: I7d03beec46cccba4a57e092bf108695e8e88996f Kibana: use endpoints section and lookups to set port This PS moves kibana to use the endpoints section and lookups to set the port it serves on. Change-Id: I710428f92e80faf6ac5bb444f938447248e99217 Prometheus: use endpoints section and lookups to set port This PS moves prometheus to use the endpoints section and lookups to set the port it serves on. Change-Id: Ifae665e21128dd566da5a68b9904a94a68df4018 Grafana: use endpoints section and lookups to set port This PS moves grafana to use the endpoints section and lookups to set the port it serves on. Change-Id: I51d4c10297f3423569539dcbf7fbecad24d5e47f Fluent-logging: use endpoints section and lookups to set port This PS moves fluent-logging to use the endpoints section and lookups to set the port it serves on. Change-Id: I7cbbd8d6287942eb36f70ae74872405038e523e8 Elasticsearch: use endpoints section and lookups to set port This PS moves elasticsearch to use the endpoints section and lookups to set the port it serves on. Change-Id: I4a73893124b6d988cd1f885cfc3dd62abeb4ae8c Gate: get full process list from host This PS adds the ps command to the gate log collection task. Change-Id: Ife1710854547b28a6dfa6b3e4d527ebf4d04179b Alertmanager: use endpoints section and lookups to set port This PS moves alertmanager to use the endpoints section and lookups to set the ports it serves on. Change-Id: I62108ca207f615d10d0b4385da204214b9aeae32 yaml cleanup: trim multiline strings Change-Id: I7e8f423be2efb84f3116258beca805265ca388f7 Revert Elasticsearch/Kibana image change This reverts the changes made to Elasticsearch, Kibana and fluent logging charts in https://review.openstack.org/#/c/550229/7. Specifically, this moves the images back to previous used versions and makes the required changes to the fluent-logging elasticsearch template job to include the correct mapping directives for the elasticsearch template. This change was made to give more time for evaluating a more robust solution for switching to the official upstream images that will not cause intermittent gate failures as seen since 550229 was merged Change-Id: I9f70b3412a8edc5cb1d80937b158aa2fe7b1ec82 Correcting a spelling error perfoming -> performing Change-Id: I639d8a4d0021dbdcd66ff711f86c25f1313a823f Fluentd: Change elasticsearch endpoint port and creds reference Updates the fluent-logging chart to reference the elasticsearch endpoint via lookups on the `http` port to match the elasticsearch chart's handling of the client port. This also updates the helm test pod to reference the elasticsearch credentials via the secret used elsewhere in the fluent-logging chart Change-Id: I352d912db5e231e14dc58cdf897ae642f3256373 Provide ability to specify proxy This patch set provides ability to configure the proxy setting in the ansible playbook used to run the gate. Change-Id: I7ae66cb16fa6db7d46a0a3f23c289cc625e583c4 Signed-off-by: Tin Lam calico: only specify ipv6 listen address if we have one Change-Id: I2bb381c227b06f5c511497b3e1720f9336f6d1c8 Dynamically generate list of rules files for prometheus This enables the dynamic generation of the list of rules files for prometheus, driven by the rules added in the appropriate tree under .Values.conf.prometheus.rules. This removes the necessity of adding the file name manually in addition to defining the rules in the rules tree, which should reduce overhead associated with adding new rules for prometheus to evaluate Change-Id: Ib768a252c5ea4f2d099df534c3ffcfb2949d7481 Calico: update chart to deploy calicoctl via init-container This PS moves the installation of calicoctl to an init-container. Change-Id: I2dbd4c605889d86c87455d43a500d8a2697c49af Nagios Chart This adds the nagios chart to osh-infra to provide additional monitoring functionality. It uses helper functions to consume yaml definitions for services, commands, hosts and hostgroups to generate the required configurations for those entities in nagios's configuration Change-Id: I6238bb8cb1e5c8dc48594ddea50693f3e7b0a176 add additional collectors to process exporter Change-Id: I2c1055103a89663920cb309c714658caa3a74e05 Support pod dependencies Adds support for a new feature of kubernetes-entrypoint, pod dependencies, that was added in v0.3.0. Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6 Helm-Toolkit: Reduce delta between OSH and OSH-Infra This PS reduces the delta between OSH and OSH-Infra helm toolkits. Change-Id: I00a684b3801a0990550f55c8facb0252fddb67f2 Helm-Toolkit: Reduce delta between OSH and OSH-Infra to image repo This PS reduces the delta between OSH and OSH-Infra helm toolkits to simply the image repo management functions. Change-Id: I3addfbcda6a3c1d34c9f967be07eaceffb468f0e Grafana dashboard for Nginx using nginx-vts metrics Change-Id: Ifd0eeab3fcb2740ab53ce23ba1bcd2146f351aed Calico: Remove duplicate calico_cni image tag This removes a duplicate calico_cni image tag from the calico chart in osh-infra Change-Id: I702796cf43ead9c10558a76bf4c23e133b0e8228 Nagios: Configure ports with endpoint port lookups This ps updates the nagios chart to use endpoint port lookups for port configuration, bringing it in line with the other charts Change-Id: I500b4741d50132f6c316ded660981e2af8b71e7a Update to F27 and update docker packages This PS moves the fedora gates to use F27. It also updates the docker packages used for both fedora and centos Change-Id: Ic5ab5793d7176a81a8ea70c82b1d53a1fdf5f740 Move roles and playbooks to top level This proposes moving the playbooks and roles to the top level of osh-infra to be consumed by osh Change-Id: I7e3516da8e516060f94b8b9c8875918504de7446 Prometheus: Generate command line flags dynamically This proposes a means for generating the command line flags for configuring the Prometheus service via the values file instead of templating out the command line flags used for the service. This allows flexibility in choosing which flags and values to use when deploying Prometheus, without needing to modify the chart itself Change-Id: I74845b96e213403ad743724137a82ce2c78fcd1f OSH-infra: move charts to use ingress manifest in htk This moves all relevant charts in osh-infra to use the htk manifest template for ingresses, bringing them in line with the charts in openstack-helm Change-Id: Ic9c3cc6f0051fa66b6f88ec2b2725698b36ce824 Gate: update paths for pip 10 installation Pip>=10 moves the entrypoint to /usr/local/bin from /usr/bin, this ps forces the shell to forget all locations following upgrade to allow it to adapt to the new location. Change-Id: I1ed92b75f689e982397cd4fc87ac262256e161e8 Helm-Toolkit: Kubernetes Entrypoint, simplify image dependencies This PS simplify the logic for dyanmicly merging the image management depenencies into pod deps when active. Partial-Bug: #1765459 Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a --- Makefile | 2 +- .../templates/bin/_install-calicoctl.sh.tpl | 3 - calico/templates/configmap-bin.yaml | 6 +- calico/templates/configmap-etc.yaml | 20 +- calico/templates/daemonset-calico-etcd.yaml | 10 +- calico/templates/daemonset-calico-node.yaml | 131 ++-- .../deployment-calico-kube-controllers.yaml | 10 +- .../etc/bird/_bird6.cfg.mesh.template.tpl | 7 +- .../etc/bird/_bird6.cfg.no-mesh.template.tpl | 7 +- calico/templates/job-calico-settings.yaml | 5 +- calico/templates/job-image-repo-sync.yaml | 7 +- calico/values.yaml | 12 +- elasticsearch/templates/configmap-bin.yaml | 2 +- elasticsearch/templates/configmap-etc.yaml | 12 +- elasticsearch/templates/cron-job-curator.yaml | 9 +- .../templates/deployment-client.yaml | 23 +- .../templates/deployment-master.yaml | 18 +- .../templates/job-image-repo-sync.yaml | 7 +- .../job-register-snapshot-repository.yaml | 8 +- .../prometheus/exporter-deployment.yaml | 13 +- .../prometheus/exporter-service.yaml | 2 +- elasticsearch/templates/service-data.yaml | 2 +- .../templates/service-discovery.yaml | 2 +- elasticsearch/templates/service-logging.yaml | 2 +- elasticsearch/templates/statefulset-data.yaml | 18 +- elasticsearch/values.yaml | 15 +- flannel/templates/configmap-bin.yaml | 2 +- .../templates/daemonset-kube-flannel-ds.yaml | 10 +- flannel/templates/job-image-repo-sync.yaml | 7 +- flannel/values.yaml | 7 +- fluent-logging/templates/_helpers.tpl | 4 + fluent-logging/templates/configmap-bin.yaml | 2 +- fluent-logging/templates/configmap-etc.yaml | 8 +- .../templates/daemonset-fluent-bit.yaml | 12 +- .../templates/deployment-fluentd.yaml | 12 +- .../templates/job-elasticsearch-template.yaml | 22 +- .../templates/job-image-repo-sync.yaml | 7 +- .../prometheus/exporter-deployment.yaml | 7 +- .../prometheus/exporter-service.yaml | 2 +- fluent-logging/templates/pod-helm-tests.yaml | 2 +- fluent-logging/templates/service-fluentd.yaml | 4 +- fluent-logging/values.yaml | 24 +- grafana/templates/bin/_datasource.sh.tpl | 2 +- grafana/templates/configmap-bin.yaml | 2 +- grafana/templates/configmap-etc.yaml | 4 +- grafana/templates/deployment.yaml | 16 +- grafana/templates/ingress-grafana.yaml | 44 +- grafana/templates/job-db-init-session.yaml | 7 +- grafana/templates/job-db-init.yaml | 7 +- grafana/templates/job-db-session-sync.yaml | 7 +- grafana/templates/job-image-repo-sync.yaml | 7 +- .../templates/job-prometheus-datasource.yaml | 9 +- grafana/templates/service-ingress.yaml | 18 +- grafana/templates/service.yaml | 2 +- grafana/values.yaml | 622 +++++++++++++++++- helm-toolkit/.gitignore | 2 +- .../templates/manifests/_ingress.yaml.tpl | 70 ++ .../templates/manifests/_job-bootstrap.yaml | 97 +++ .../manifests/_job-db-drop-mysql.yaml.tpl | 123 ++++ .../manifests/_job-db-init-mysql.yaml.tpl | 120 ++++ .../templates/manifests/_job-db-sync.yaml.tpl | 94 +++ .../manifests/_job-ks-endpoints.yaml.tpl | 83 +++ .../manifests/_job-ks-service.yaml.tpl | 77 +++ .../templates/manifests/_job-ks-user.yaml.tpl | 83 +++ .../manifests/_job-rabbit-init.yaml.tpl | 74 +++ .../templates/manifests/_service-ingress.tpl | 40 ++ .../templates/scripts/_ks-user.sh.tpl | 11 +- .../templates/scripts/_rabbit-init.sh.tpl | 67 ++ .../templates/scripts/_rally_test.sh.tpl | 42 +- .../_kubernetes_entrypoint_init_container.tpl | 22 +- .../snippets/_kubernetes_pod_rbac_roles.tpl | 2 +- .../_kubernetes_pod_rbac_serviceaccount.tpl | 14 +- .../templates/utils/_daemonset_overrides.tpl | 271 ++++++++ .../templates/utils/_dependency_resolver.tpl | 36 + .../templates/utils/_joinListWithSpace.tpl | 20 + helm-toolkit/templates/utils/_to_kv_list.tpl | 42 ++ .../utils/_values_template_renderer.tpl | 81 +++ kibana/templates/configmap-bin.yaml | 2 +- kibana/templates/configmap-etc.yaml | 6 +- kibana/templates/deployment.yaml | 14 +- kibana/templates/ingress-kibana.yaml | 46 +- kibana/templates/job-image-repo-sync.yaml | 7 +- kibana/templates/service-ingress-kibana.yaml | 18 +- kibana/templates/service.yaml | 2 +- kibana/values.yaml | 19 +- kube-dns/templates/configmap-bin.yaml | 2 +- kube-dns/templates/deployment-kube-dns.yaml | 6 - kube-dns/templates/job-image-repo-sync.yaml | 7 +- kube-dns/values.yaml | 7 +- nagios/Chart.yaml | 22 + nagios/requirements.yaml | 18 + nagios/templates/_helpers.tpl | 41 ++ nagios/templates/configmap-bin.yaml | 27 + nagios/templates/configmap-etc.yaml | 32 + nagios/templates/deployment.yaml | 102 +++ nagios/templates/etc/_nagios.cfg.tpl | 3 + nagios/templates/ingress-nagios.yaml | 20 + nagios/templates/job-image-repo-sync.yaml | 68 ++ nagios/templates/service-ingress-nagios.yaml | 20 + nagios/templates/service.yaml | 36 + nagios/values.yaml | 293 +++++++++ nfs-provisioner/templates/configmap-bin.yaml | 2 +- nfs-provisioner/templates/deployment.yaml | 12 +- .../templates/job-image-repo-sync.yaml | 7 +- nfs-provisioner/values.yaml | 10 +- playbooks/osh-infra-build.retry | 1 + .../osh-infra-build.yaml | 0 .../osh-infra-collect-logs.yaml | 0 playbooks/osh-infra-deploy-charts.retry | 1 + .../osh-infra-deploy-charts.yaml | 2 +- .../osh-infra-deploy-docker.yaml | 0 playbooks/osh-infra-deploy-k8s.retry | 1 + .../osh-infra-deploy-k8s.yaml | 0 .../osh-infra-docker.yaml | 0 .../osh-infra-pull-images.yaml | 0 .../osh-infra-upgrade-host.yaml | 0 playbooks/roles | 1 + {tools/gate/playbooks => playbooks}/vars.yaml | 5 + .../playbooks => playbooks}/zuul-linter.yaml | 0 .../templates/bin/_alertmanager.sh.tpl | 2 +- .../templates/configmap-bin.yaml | 2 +- .../templates/configmap-etc.yaml | 4 +- .../templates/ingress-alertmanager.yaml | 46 +- .../templates/job-image-repo-sync.yaml | 7 +- .../templates/service-discovery.yaml | 2 +- .../service-ingress-alertmanager.yaml | 18 +- .../templates/service.yaml | 2 +- .../templates/statefulset.yaml | 20 +- prometheus-alertmanager/values.yaml | 18 +- .../templates/configmap-bin.yaml | 2 +- .../templates/deployment.yaml | 14 +- .../templates/job-image-repo-sync.yaml | 7 +- .../templates/service-controller-manager.yaml | 4 +- .../templates/service-kube-state-metrics.yaml | 4 +- .../templates/service-scheduler.yaml | 4 +- prometheus-kube-state-metrics/values.yaml | 22 +- .../templates/configmap-bin.yaml | 2 +- .../templates/daemonset.yaml | 19 +- .../templates/job-image-repo-sync.yaml | 7 +- prometheus-node-exporter/values.yaml | 13 +- .../templates/configmap-bin.yaml | 4 +- .../templates/deployment.yaml | 12 +- .../templates/job-image-repo-sync.yaml | 8 +- .../templates/job-ks-user.yaml | 7 +- prometheus-openstack-exporter/values.yaml | 10 +- prometheus/templates/_helpers.tpl | 48 ++ prometheus/templates/bin/_prometheus.sh.tpl | 14 +- prometheus/templates/configmap-bin.yaml | 2 +- prometheus/templates/configmap-etc.yaml | 16 +- prometheus/templates/ingress-prometheus.yaml | 46 +- prometheus/templates/job-image-repo-sync.yaml | 7 +- .../templates/service-ingress-prometheus.yaml | 18 +- prometheus/templates/service.yaml | 2 +- prometheus/templates/statefulset.yaml | 16 +- prometheus/values.yaml | 53 +- redis/templates/configmap-bin.yaml | 2 +- redis/templates/deployment.yaml | 12 +- redis/templates/job-image-repo-sync.yaml | 7 +- redis/values.yaml | 10 +- registry/templates/configmap-bin.yaml | 6 +- registry/templates/configmap-etc.yaml | 4 +- .../templates/daemonset-registry-proxy.yaml | 12 +- registry/templates/deployment-registry.yaml | 12 +- registry/templates/job-bootstrap.yaml | 12 +- registry/values.yaml | 12 +- .../build-helm-packages/tasks/main.yaml | 0 .../tasks/setup-helm-serve.yaml | 0 .../templates/helm-serve.service.j2 | 0 .../build-images/tasks/kubeadm-aio.yaml | 23 +- .../build-images/tasks/main.yaml | 0 .../clean-host/tasks/main.yaml | 0 .../tasks/deploy-ansible-docker-support.yaml | 0 .../deploy-docker/tasks/main.yaml | 28 +- .../templates/centos-docker.service.j2 | 16 +- roles/deploy-docker/templates/daemon.json.j2 | 3 + .../templates/fedora-docker.service.j2 | 19 +- .../templates/http-proxy.conf.j2 | 4 + .../templates/ubuntu-docker.service.j2 | 0 .../tasks/generate-dynamic-over-rides.yaml | 0 .../tasks/helm-setup-dev-environment.yaml | 0 .../deploy-helm-packages/tasks/main.yaml | 0 .../tasks/util-chart-group.yaml | 0 .../tasks/util-common-helm-chart.yaml | 0 .../tasks/util-common-helm-test.yaml | 0 .../tasks/util-common-wait-for-pods.yaml | 0 .../tasks/clean-node.yaml | 2 +- .../tasks/deploy-kubelet.yaml | 0 .../deploy-kubeadm-aio-common/tasks/main.yaml | 0 .../tasks/util-kubeadm-aio-run.yaml | 2 +- .../deploy-kubeadm-aio-master/tasks/main.yaml | 0 .../deploy-kubeadm-aio-node/tasks/main.yaml | 0 .../tasks/util-generate-join-command.yaml | 0 .../tasks/util-run-join-command.yaml | 0 .../deploy-package/tasks/dist.yaml | 0 .../deploy-package/tasks/pip.yaml | 4 + .../deploy-python-pip/tasks/main.yaml | 4 + .../deploy-python/tasks/main.yaml | 0 .../deploy-yq/tasks/main.yaml | 0 .../tasks/main.yaml | 0 .../gather-host-logs/tasks/main.yaml | 1 + .../gather-pod-logs/tasks/main.yaml | 0 .../gather-prom-metrics/tasks/main.yaml | 0 .../helm-release-status/tasks/main.yaml | 0 .../pull-images/tasks/main.yaml | 0 .../setup-firewall/tasks/main.yaml | 0 .../upgrade-host/tasks/main.yaml | 0 tiller/templates/configmap-bin.yaml | 2 +- tiller/templates/deployment-tiller.yaml | 10 +- tiller/templates/job-image-repo-sync.yaml | 7 +- tiller/values.yaml | 7 +- tools/gate/chart-deploys/default.yaml | 11 + tools/gate/devel/start.sh | 2 +- .../deploy-docker/templates/daemon.json.j2 | 3 - tools/images/kubeadm-aio/Dockerfile | 12 + .../deploy-kubeadm-master/tasks/helm-cni.yaml | 2 +- .../templates/kubeadm-conf.yaml.j2 | 1 - .../roles/deploy-package/tasks/pip.yaml | 6 +- 217 files changed, 3434 insertions(+), 869 deletions(-) create mode 100644 helm-toolkit/templates/manifests/_ingress.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-bootstrap.yaml create mode 100644 helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl create mode 100644 helm-toolkit/templates/manifests/_service-ingress.tpl create mode 100644 helm-toolkit/templates/scripts/_rabbit-init.sh.tpl create mode 100644 helm-toolkit/templates/utils/_daemonset_overrides.tpl create mode 100644 helm-toolkit/templates/utils/_dependency_resolver.tpl create mode 100644 helm-toolkit/templates/utils/_joinListWithSpace.tpl create mode 100644 helm-toolkit/templates/utils/_to_kv_list.tpl create mode 100644 helm-toolkit/templates/utils/_values_template_renderer.tpl create mode 100644 nagios/Chart.yaml create mode 100644 nagios/requirements.yaml create mode 100644 nagios/templates/_helpers.tpl create mode 100644 nagios/templates/configmap-bin.yaml create mode 100644 nagios/templates/configmap-etc.yaml create mode 100644 nagios/templates/deployment.yaml create mode 100644 nagios/templates/etc/_nagios.cfg.tpl create mode 100644 nagios/templates/ingress-nagios.yaml create mode 100644 nagios/templates/job-image-repo-sync.yaml create mode 100644 nagios/templates/service-ingress-nagios.yaml create mode 100644 nagios/templates/service.yaml create mode 100644 nagios/values.yaml create mode 100644 playbooks/osh-infra-build.retry rename {tools/gate/playbooks => playbooks}/osh-infra-build.yaml (100%) rename {tools/gate/playbooks => playbooks}/osh-infra-collect-logs.yaml (100%) create mode 100644 playbooks/osh-infra-deploy-charts.retry rename {tools/gate/playbooks => playbooks}/osh-infra-deploy-charts.yaml (95%) rename {tools/gate/playbooks => playbooks}/osh-infra-deploy-docker.yaml (100%) create mode 100644 playbooks/osh-infra-deploy-k8s.retry rename {tools/gate/playbooks => playbooks}/osh-infra-deploy-k8s.yaml (100%) rename {tools/gate/playbooks => playbooks}/osh-infra-docker.yaml (100%) rename {tools/gate/playbooks => playbooks}/osh-infra-pull-images.yaml (100%) rename {tools/gate/playbooks => playbooks}/osh-infra-upgrade-host.yaml (100%) create mode 120000 playbooks/roles rename {tools/gate/playbooks => playbooks}/vars.yaml (96%) rename {tools/gate/playbooks => playbooks}/zuul-linter.yaml (100%) create mode 100644 prometheus/templates/_helpers.tpl rename {tools/gate/playbooks => roles}/build-helm-packages/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/build-helm-packages/tasks/setup-helm-serve.yaml (100%) rename {tools/gate/playbooks => roles}/build-helm-packages/templates/helm-serve.service.j2 (100%) rename {tools/gate/playbooks => roles}/build-images/tasks/kubeadm-aio.yaml (69%) rename {tools/gate/playbooks => roles}/build-images/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/clean-host/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-docker/tasks/deploy-ansible-docker-support.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-docker/tasks/main.yaml (67%) rename {tools/gate/playbooks => roles}/deploy-docker/templates/centos-docker.service.j2 (64%) create mode 100644 roles/deploy-docker/templates/daemon.json.j2 rename {tools/gate/playbooks => roles}/deploy-docker/templates/fedora-docker.service.j2 (55%) create mode 100644 roles/deploy-docker/templates/http-proxy.conf.j2 rename {tools/gate/playbooks => roles}/deploy-docker/templates/ubuntu-docker.service.j2 (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/util-chart-group.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/util-common-helm-chart.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/util-common-helm-test.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-common/tasks/clean-node.yaml (97%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-common/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml (97%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-master/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-node/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-package/tasks/dist.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-package/tasks/pip.yaml (86%) rename {tools/gate/playbooks => roles}/deploy-python-pip/tasks/main.yaml (92%) rename {tools/gate/playbooks => roles}/deploy-python/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/deploy-yq/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/describe-kubernetes-objects/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/gather-host-logs/tasks/main.yaml (95%) rename {tools/gate/playbooks => roles}/gather-pod-logs/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/gather-prom-metrics/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/helm-release-status/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/pull-images/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/setup-firewall/tasks/main.yaml (100%) rename {tools/gate/playbooks => roles}/upgrade-host/tasks/main.yaml (100%) delete mode 100644 tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 diff --git a/Makefile b/Makefile index 69eba463c..2eab65abd 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ SHELL := /bin/bash HELM := helm TASK := build -EXCLUDES := helm-toolkit doc tests tools logs tmp +EXCLUDES := helm-toolkit doc tests tools logs tmp roles playbooks CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) .PHONY: $(EXCLUDES) $(CHARTS) diff --git a/calico/templates/bin/_install-calicoctl.sh.tpl b/calico/templates/bin/_install-calicoctl.sh.tpl index be3df90a4..fb24f96c4 100644 --- a/calico/templates/bin/_install-calicoctl.sh.tpl +++ b/calico/templates/bin/_install-calicoctl.sh.tpl @@ -47,6 +47,3 @@ exec /opt/cni/bin/calicoctl.bin \$* EOF chmod +x /host/opt/cni/bin/calicoctl - -# sleep forever -while [ 1 ]; do sleep 86400; done; diff --git a/calico/templates/configmap-bin.yaml b/calico/templates/configmap-bin.yaml index 196db6740..9a6eff808 100644 --- a/calico/templates/configmap-bin.yaml +++ b/calico/templates/configmap-bin.yaml @@ -22,10 +22,10 @@ kind: ConfigMap metadata: name: calico-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - install-calicoctl.sh: |+ + install-calicoctl.sh: | {{ tuple "bin/_install-calicoctl.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - calico-settings.sh: |+ + calico-settings.sh: | {{ tuple "bin/_calico-settings.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/calico/templates/configmap-etc.yaml b/calico/templates/configmap-etc.yaml index b8aa4fffe..7549546dc 100644 --- a/calico/templates/configmap-etc.yaml +++ b/calico/templates/configmap-etc.yaml @@ -39,25 +39,25 @@ data: # we overlay templates found natively in the calico-node container so that we may override # bgp configuration - bird6.cfg.mesh.template: |+ + bird6.cfg.mesh.template: | {{ tuple "etc/bird/_bird6.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird6.cfg.no-mesh.template: |+ + bird6.cfg.no-mesh.template: | {{ tuple "etc/bird/_bird6.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird6_ipam.cfg.template: |+ + bird6_ipam.cfg.template: | {{ tuple "etc/bird/_bird6_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird_aggr.cfg.template: |+ + bird_aggr.cfg.template: | {{ tuple "etc/bird/_bird_aggr.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird.cfg.mesh.template: |+ + bird.cfg.mesh.template: | {{ tuple "etc/bird/_bird.cfg.mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird.cfg.no-mesh.template: |+ + bird.cfg.no-mesh.template: | {{ tuple "etc/bird/_bird.cfg.no-mesh.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - bird_ipam.cfg.template: |+ + bird_ipam.cfg.template: | {{ tuple "etc/bird/_bird_ipam.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - custom_filters6.cfg.template: |+ + custom_filters6.cfg.template: | {{ tuple "etc/bird/_custom_filters6.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - custom_filters.cfg.template: |+ + custom_filters.cfg.template: | {{ tuple "etc/bird/_custom_filters.cfg.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - tunl-ip.template: |+ + tunl-ip.template: | {{ tuple "etc/bird/_tunl-ip.template.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} # The location of your etcd cluster. This uses the Service clusterIP diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index b7b314e69..8071f9d89 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset_calico_etcd }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.etcd .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.etcd -}} -{{- end -}} {{- $serviceAccountName := "calico-etcd"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "etcd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- # This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet # to force it to run on the master even when the master isn't schedulable, and uses @@ -60,7 +54,7 @@ spec: node-role.kubernetes.io/master: "" hostNetwork: true initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "etcd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: calico-etcd {{ tuple $envAll "calico_etcd" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 6d09d7407..b5a23de7a 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -33,17 +33,10 @@ limitations under the License. {{- end -}} {{- end -}} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.calico_node .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.calico_node -}} -{{- end -}} - {{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.calico_node }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-cni-plugin"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "calico_node" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -111,7 +104,67 @@ spec: serviceAccountName: {{ $serviceAccountName }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.node.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ if .Values.manifests.daemonset_calico_node_calicoctl }} + - name: install-calicoctl +{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/install-calicoctl.sh + env: + - name: ETCD_ENDPOINTS + valueFrom: + configMapKeyRef: + name: calico-etc + key: etcd_endpoints +{{ if .Values.endpoints.etcd.auth.client.tls.ca}} + - name: ETCD_CA_CERT_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.ca }} + - name: ETCD_CA_CERT + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.ca +{{ end }} +{{ if .Values.endpoints.etcd.auth.client.tls.key}} + - name: ETCD_KEY_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.key }} + - name: ETCD_KEY + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.key +{{ end }} +{{ if .Values.endpoints.etcd.auth.client.tls.crt}} + - name: ETCD_CERT_FILE + value: {{ .Values.endpoints.etcd.auth.client.path.crt }} + - name: ETCD_CERT + valueFrom: + secretKeyRef: + name: calico-certificates + key: tls.crt +{{ end }} + volumeMounts: + - mountPath: /host/etc/calico + name: calico-cert-dir + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /tmp/install-calicoctl.sh + name: calico-bin + subPath: install-calicoctl.sh + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} + subPath: tls.ca + readOnly: true + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} + subPath: tls.crt + readOnly: true + - name: calico-certificates + mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} + subPath: tls.key + readOnly: true +{{ end }} containers: # Runs calico/node container on each Kubernetes node. This # container programs network policy and routes on each @@ -219,66 +272,6 @@ spec: mountPath: /host/opt/cni/bin - name: cni-net-dir mountPath: /host/etc/cni/net.d -{{ if .Values.manifests.daemonset_calico_node_calicoctl }} - - name: install-calicoctl -{{ tuple $envAll "calico_ctl" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.calico_ctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/install-calicoctl.sh - env: - - name: ETCD_ENDPOINTS - valueFrom: - configMapKeyRef: - name: calico-etc - key: etcd_endpoints -{{ if .Values.endpoints.etcd.auth.client.tls.ca}} - - name: ETCD_CA_CERT_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.ca }} - - name: ETCD_CA_CERT - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.ca -{{ end }} -{{ if .Values.endpoints.etcd.auth.client.tls.key}} - - name: ETCD_KEY_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.key }} - - name: ETCD_KEY - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.key -{{ end }} -{{ if .Values.endpoints.etcd.auth.client.tls.crt}} - - name: ETCD_CERT_FILE - value: {{ .Values.endpoints.etcd.auth.client.path.crt }} - - name: ETCD_CERT - valueFrom: - secretKeyRef: - name: calico-certificates - key: tls.crt -{{ end }} - volumeMounts: - - mountPath: /host/etc/calico - name: calico-cert-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /tmp/install-calicoctl.sh - name: calico-bin - subPath: install-calicoctl.sh - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} - subPath: tls.ca - readOnly: true - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.crt }} - subPath: tls.crt - readOnly: true - - name: calico-certificates - mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} - subPath: tls.key - readOnly: true -{{ end }} volumes: # Used by calico/node. - name: lib-modules diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index 9c5b65ff9..7b8cb41cc 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment_calico_kube_policy_controllers }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.calico_kube_policy_controllers .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.calico_kube_policy_controllers -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "calico-kube-controllers"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "calico_kube_policy_controllers" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -102,7 +96,7 @@ spec: operator: Exists serviceAccountName: {{ $serviceAccountName }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "calico_kube_policy_controllers" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.policy_controller.timeout | default "30" }} containers: - name: calico-policy-controller diff --git a/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl b/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl index 860a3aa8b..a43ea155f 100644 --- a/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl +++ b/calico/templates/etc/bird/_bird6.cfg.mesh.template.tpl @@ -5,9 +5,6 @@ include "bird6_ipam.cfg"; {{`{{$node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}`}}{{`{{$node_ip := getv $node_ip_key}}`}} {{`{{$node_ip6_key := printf "/host/%s/ip_addr_v6" (getenv "NODENAME")}}`}}{{`{{$node_ip6 := getv $node_ip6_key}}`}} -# ensure we only listen to a specific ip and address -listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.mesh.port.listen}}; - router id {{`{{$node_ip}}`}}; # Use IPv4 address since router id is 4 octets, even in MP-BGP {{`{{define "LOGGING"}}`}} @@ -46,6 +43,10 @@ protocol direct { {{`{{if eq "" ($node_ip6)}}`}}# IPv6 disabled on this node. {{`{{else}}`}}{{`{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}`}} + +# ensure we only listen to a specific ip and address +listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.mesh.port.listen}}; + # Template for all BGP clients template bgp bgp_template { {{`{{template "LOGGING"}}`}} diff --git a/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl b/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl index 3493ac210..44c8731af 100644 --- a/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl +++ b/calico/templates/etc/bird/_bird6.cfg.no-mesh.template.tpl @@ -5,9 +5,6 @@ include "bird6_ipam.cfg"; {{`{{$node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}`}}{{`{{$node_ip := getv $node_ip_key}}`}} {{`{{$node_ip6_key := printf "/host/%s/ip_addr_v6" (getenv "NODENAME")}}`}}{{`{{$node_ip6 := getv $node_ip6_key}}`}} -# ensure we only listen to a specific ip and address -listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.no_mesh.port.listen}}; - router id {{`{{$node_ip}}`}}; # Use IPv4 address since router id is 4 octets, even in MP-BGP {{`{{define "LOGGING"}}`}} @@ -46,6 +43,10 @@ protocol direct { {{`{{if eq "" ($node_ip6)}}`}}# IPv6 disabled on this node. {{`{{else}}`}}{{`{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}`}} + +# ensure we only listen to a specific ip and address +listen bgp address {{`{{$node_ip6}}`}} port {{.Values.networking.bgp.ipv6.no_mesh.port.listen}}; + # Template for all BGP clients template bgp bgp_template { {{`{{template "LOGGING"}}`}} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index 1096557aa..49a937803 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_calico_settings }} {{- $envAll := . }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.calico_settings -}} {{- $serviceAccountName := "calico-settings"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "calico_settings" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -47,7 +46,7 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "calico_settings" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: calico-settings {{ tuple $envAll "calico_settings" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/calico/templates/job-image-repo-sync.yaml b/calico/templates/job-image-repo-sync.yaml index edfc09012..07e758adf 100644 --- a/calico/templates/job-image-repo-sync.yaml +++ b/calico/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "calico-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/calico/values.yaml b/calico/values.yaml index db961aa27..05585f2dd 100644 --- a/calico/values.yaml +++ b/calico/values.yaml @@ -21,19 +21,19 @@ # calico/kube-policy-controller:v0.7.0 labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: calico_etcd: quay.io/coreos/etcd:v3.1.10 calico_node: quay.io/calico/node:v2.6.5 calico_cni: quay.io/calico/cni:v1.11.2 - calico_cni: quay.io/calico/cni:v1.10.0 calico_ctl: quay.io/calico/ctl:v1.6.2 calico_settings: quay.io/calico/ctl:v1.6.2 calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -140,6 +140,10 @@ dependencies: service: etcd etcd: services: null + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry endpoints: cluster_domain_suffix: cluster.local diff --git a/elasticsearch/templates/configmap-bin.yaml b/elasticsearch/templates/configmap-bin.yaml index d7db9a24e..585227498 100644 --- a/elasticsearch/templates/configmap-bin.yaml +++ b/elasticsearch/templates/configmap-bin.yaml @@ -32,6 +32,6 @@ data: {{ tuple "bin/_register-repository.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} curator.sh: | {{ tuple "bin/_curator.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/elasticsearch/templates/configmap-etc.yaml b/elasticsearch/templates/configmap-etc.yaml index 8bfcefc61..f0c41a433 100644 --- a/elasticsearch/templates/configmap-etc.yaml +++ b/elasticsearch/templates/configmap-etc.yaml @@ -26,16 +26,16 @@ kind: ConfigMap metadata: name: elasticsearch-etc data: - httpd.conf: |+ + httpd.conf: | {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - elasticsearch-host.conf: |+ + elasticsearch-host.conf: | {{- tuple .Values.conf.apache.host "etc/_elasticsearch-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - elasticsearch.yml: |+ + elasticsearch.yml: | {{ toYaml .Values.conf.elasticsearch.config | indent 4 }} - log4j2.properties: |+ + log4j2.properties: | {{- tuple .Values.conf.elasticsearch "etc/_log4j2.properties.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - action_file.yml: |+ + action_file.yml: | {{ toYaml .Values.conf.curator.action_file | indent 4 }} - config.yml: |+ + config.yml: | {{ toYaml .Values.conf.curator.config | indent 4 }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index a6da2dae0..da79e5f5c 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -15,14 +15,12 @@ limitations under the License. */}} {{- if .Values.manifests.cron_curator }} -{{- if .Capabilities.APIVersions.Has "batch/v2alpha1" }} {{- $envAll := . }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.curator -}} {{- $serviceAccountName := "elastic-curator"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "curator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: batch/v2alpha1 +apiVersion: batch/v1beta1 kind: CronJob metadata: name: elastic-curator @@ -38,7 +36,7 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} +{{ tuple $envAll "curator" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} containers: - name: curator {{ tuple $envAll "curator" | include "helm-toolkit.snippets.image" | indent 14 }} @@ -72,4 +70,3 @@ spec: name: elasticsearch-etc defaultMode: 0444 {{- end }} -{{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 15f3a3d18..af6d62785 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -16,18 +16,13 @@ limitations under the License. {{- if .Values.manifests.deployment_client }} {{- $envAll := . }} + {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.elasticsearch_client .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.elasticsearch_client -}} -{{- end -}} {{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-client"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "elasticsearch_client" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -83,10 +78,10 @@ spec: affinity: {{ tuple $envAll "elasticsearch" "client" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.client.timeout | default "600" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_client" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: memory-map-increase securityContext: privileged: true @@ -169,18 +164,18 @@ spec: - stop ports: - name: http - containerPort: {{ .Values.network.client.port }} + containerPort: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: transport - containerPort: {{ .Values.network.discovery.port }} + containerPort: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} livenessProbe: tcpSocket: - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 20 periodSeconds: 10 readinessProbe: httpGet: path: /_cluster/health - port: {{ .Values.network.client.port }} + port: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: NAMESPACE valueFrom: @@ -225,6 +220,8 @@ spec: volumes: - name: pod-etc-apache emptyDir: {} + - name: elasticsearch-config + emptyDir: {} - name: elasticsearch-logs emptyDir: {} - name: elasticsearch-bin diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml index 41d5e581b..1c2909d0f 100644 --- a/elasticsearch/templates/deployment-master.yaml +++ b/elasticsearch/templates/deployment-master.yaml @@ -16,17 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment_master }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.elasticsearch_master .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.elasticsearch_master -}} -{{- end -}} {{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }} {{- $serviceAccountName := "elasticsearch-master"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "elasticsearch_master" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -83,9 +77,9 @@ spec: {{ tuple $envAll "elasticsearch" "master" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.master.timeout | default "600" }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_master" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: memory-map-increase securityContext: privileged: true @@ -131,10 +125,10 @@ spec: - stop ports: - name: transport - containerPort: {{ .Values.network.discovery.port }} + containerPort: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} livenessProbe: tcpSocket: - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 20 periodSeconds: 10 env: @@ -181,6 +175,8 @@ spec: volumes: - name: elasticsearch-logs emptyDir: {} + - name: elasticsearch-config + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/templates/job-image-repo-sync.yaml b/elasticsearch/templates/job-image-repo-sync.yaml index d07425b85..e98175595 100644 --- a/elasticsearch/templates/job-image-repo-sync.yaml +++ b/elasticsearch/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "elasticsearch-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index e86a92deb..2752a3dea 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -17,11 +17,11 @@ limitations under the License. {{- if .Values.manifests.job_snapshot_repository }} {{- if .Values.conf.elasticsearch.repository.enabled }} {{- $envAll := . }} + {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.snapshot_repository -}} {{- $serviceAccountName := "elasticsearch-register-snapshot-repository" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "snapshot_repository" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -36,9 +36,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "snapshot_repository" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: register-snapshot-repository {{ tuple $envAll "snapshot_repository" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml index d9b10d1a7..347729e66 100644 --- a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml @@ -16,16 +16,11 @@ limitations under the License. {{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.static.prometheus_elasticsearch_exporter .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.prometheus_elasticsearch_exporter -}} -{{- end -}} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} {{- $serviceAccountName := "prometheus-elasticsearch-exporter" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus_elasticsearch_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -41,10 +36,10 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_elasticsearch_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus_elasticsearch_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: elasticsearch-exporter {{ tuple $envAll "prometheus_elasticsearch_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -66,7 +61,7 @@ spec: key: ELASTICSEARCH_URI ports: - name: metrics - containerPort: {{ .Values.network.prometheus_elasticsearch_exporter.port }} + containerPort: {{ tuple "prometheus_elasticsearch_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: - name: elasticsearch-exporter-bin mountPath: /tmp/elasticsearch-exporter.sh diff --git a/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml b/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml index 2b9db7333..1d04b4aa5 100644 --- a/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml +++ b/elasticsearch/templates/monitoring/prometheus/exporter-service.yaml @@ -31,7 +31,7 @@ metadata: spec: ports: - name: metrics - port: {{ .Values.network.prometheus_elasticsearch_exporter.port }} + port: {{ tuple "prometheus_elasticsearch_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "elasticsearch" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/elasticsearch/templates/service-data.yaml b/elasticsearch/templates/service-data.yaml index e488ba63e..0dc7e544b 100644 --- a/elasticsearch/templates/service-data.yaml +++ b/elasticsearch/templates/service-data.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: transport - port: {{ .Values.network.data.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- if .Values.network.data.node_port.enabled }} nodePort: {{ .Values.network.data.node_port.port }} {{- end }} diff --git a/elasticsearch/templates/service-discovery.yaml b/elasticsearch/templates/service-discovery.yaml index 172c06ae2..efe2f0c2b 100644 --- a/elasticsearch/templates/service-discovery.yaml +++ b/elasticsearch/templates/service-discovery.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: transport - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- if .Values.network.discovery.node_port.enabled }} nodePort: {{ .Values.network.discovery.node_port.port }} {{- end }} diff --git a/elasticsearch/templates/service-logging.yaml b/elasticsearch/templates/service-logging.yaml index 7b937e247..a096617c8 100644 --- a/elasticsearch/templates/service-logging.yaml +++ b/elasticsearch/templates/service-logging.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: http - port: 80 + port: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- if .Values.network.client.node_port.enabled }} nodePort: {{ .Values.network.client.node_port.port }} {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 353f6da40..b790cb919 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -16,17 +16,11 @@ limitations under the License. {{- if .Values.manifests.statefulset_data }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.elasticsearch_data .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.elasticsearch_data -}} -{{- end -}} {{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-data"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "elasticsearch_data" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -79,10 +73,10 @@ spec: affinity: {{ tuple $envAll "elasticsearch" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.elasticsearch.node_selector_key }}: {{ .Values.labels.elasticsearch.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.data.timeout | default "600" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_data" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: memory-map-increase securityContext: privileged: true @@ -128,10 +122,10 @@ spec: - stop ports: - name: transport - containerPort: {{ .Values.network.data.port }} + containerPort: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} livenessProbe: tcpSocket: - port: {{ .Values.network.discovery.port }} + port: {{ tuple "elasticsearch" "internal" "discovery" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 20 periodSeconds: 10 env: @@ -178,6 +172,8 @@ spec: volumes: - name: elasticsearch-logs emptyDir: {} + - name: elasticsearch-config + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml index cae448f7c..e7f5a5310 100644 --- a/elasticsearch/values.yaml +++ b/elasticsearch/values.yaml @@ -24,7 +24,7 @@ images: elasticsearch: docker.elastic.co/elasticsearch/elasticsearch:6.2.2 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 snapshot_repository: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 pull_policy: "IfNotPresent" @@ -35,8 +35,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + elasticsearch: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled dependencies: dynamic: @@ -337,22 +341,17 @@ monitoring: network: client: - port: 9200 node_port: enabled: false port: 30920 discovery: - port: 9300 node_port: enabled: false port: 30930 data: - port: 9300 node_port: enabled: false port: 30931 - prometheus_elasticsearch_exporter: - port: 9108 storage: elasticsearch: diff --git a/flannel/templates/configmap-bin.yaml b/flannel/templates/configmap-bin.yaml index 02e2442af..450125dea 100644 --- a/flannel/templates/configmap-bin.yaml +++ b/flannel/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: flannel-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml index 7895a49bf..8de4ea0b5 100644 --- a/flannel/templates/daemonset-kube-flannel-ds.yaml +++ b/flannel/templates/daemonset-kube-flannel-ds.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset_kube_flannel_ds }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.flannel .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.flannel -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "flannel"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "flannel" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -89,7 +83,7 @@ spec: effect: NoSchedule serviceAccountName: {{ $serviceAccountName }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "flannel" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: kube-flannel {{ tuple $envAll "flannel" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/flannel/templates/job-image-repo-sync.yaml b/flannel/templates/job-image-repo-sync.yaml index bd86aca01..304978fe5 100644 --- a/flannel/templates/job-image-repo-sync.yaml +++ b/flannel/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "flannel-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/flannel/values.yaml b/flannel/values.yaml index a920a0f99..2b8a8eec4 100644 --- a/flannel/values.yaml +++ b/flannel/values.yaml @@ -15,13 +15,14 @@ # https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: flannel: quay.io/coreos/flannel:v0.8.0-amd64 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: diff --git a/fluent-logging/templates/_helpers.tpl b/fluent-logging/templates/_helpers.tpl index c3dafbfd2..672209051 100644 --- a/fluent-logging/templates/_helpers.tpl +++ b/fluent-logging/templates/_helpers.tpl @@ -135,7 +135,11 @@ section): {{- include "fluent_logging.recursive_tuple" $value | indent 2 }} } {{- else }} +{{- if eq $key "index_patterns"}} +{{ $key | quote -}}: [{{ $value | quote }}] +{{- else }} {{ $key | quote -}}:{{ $value | quote }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/fluent-logging/templates/configmap-bin.yaml b/fluent-logging/templates/configmap-bin.yaml index be40c2ccc..e331e36e1 100644 --- a/fluent-logging/templates/configmap-bin.yaml +++ b/fluent-logging/templates/configmap-bin.yaml @@ -30,6 +30,6 @@ data: {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} create_template.sh: | {{ tuple "bin/_create_template.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/fluent-logging/templates/configmap-etc.yaml b/fluent-logging/templates/configmap-etc.yaml index 029e1bd9e..a81a8371a 100644 --- a/fluent-logging/templates/configmap-etc.yaml +++ b/fluent-logging/templates/configmap-etc.yaml @@ -22,12 +22,12 @@ kind: ConfigMap metadata: name: fluent-logging-etc data: - fluent-bit.conf: |+ + fluent-bit.conf: | {{ include "fluent_logging.to_fluentbit_conf" .Values.conf.fluentbit | indent 4 }} - parsers.conf: |+ + parsers.conf: | {{ include "fluent_logging.to_fluentbit_conf" .Values.conf.parsers | indent 4 }} - td-agent.conf: |+ + td-agent.conf: | {{ include "fluent_logging.to_fluentd_conf" .Values.conf.td_agent | indent 4 }} - template.xml.raw: |+ + template.xml.raw: | {{ include "fluent_logging.to_elasticsearch_template" .Values.conf.template | indent 4 }} {{- end }} diff --git a/fluent-logging/templates/daemonset-fluent-bit.yaml b/fluent-logging/templates/daemonset-fluent-bit.yaml index e8c9057eb..439044de6 100644 --- a/fluent-logging/templates/daemonset-fluent-bit.yaml +++ b/fluent-logging/templates/daemonset-fluent-bit.yaml @@ -16,18 +16,11 @@ limitations under the License. {{- if .Values.manifests.daemonset_fluentbit }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.fluentbit }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.fluentbit .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.fluentbit -}} -{{- end -}} {{- $mounts_fluentbit := .Values.pod.mounts.fluentbit.fluentbit }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "fluentbit" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "fluentbit" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -99,10 +92,9 @@ spec: hostPID: true dnsPolicy: ClusterFirstWithHostNet initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "fluentbit" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: fluentbit - env: image: {{ .Values.images.tags.fluentbit }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.fluentbit | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} diff --git a/fluent-logging/templates/deployment-fluentd.yaml b/fluent-logging/templates/deployment-fluentd.yaml index 2d601e692..c0b705908 100644 --- a/fluent-logging/templates/deployment-fluentd.yaml +++ b/fluent-logging/templates/deployment-fluentd.yaml @@ -17,17 +17,11 @@ limitations under the License. {{- if .Values.manifests.deployment_fluentd }} {{- $envAll := . }} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.fluentd .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.fluentd -}} -{{- end -}} {{- $mounts_fluentd := .Values.pod.mounts.fluentd.fluentd }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "fluentd" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "fluentd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -100,7 +94,7 @@ spec: {{ .Values.labels.fluentd.node_selector_key }}: {{ .Values.labels.fluentd.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.fluentd.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "fluentd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: fluentd image: {{ .Values.images.tags.fluentd }} @@ -120,7 +114,7 @@ spec: - name: ELASTICSEARCH_HOST value: {{ tuple "elasticsearch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} - name: ELASTICSEARCH_PORT - value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: ELASTICSEARCH_USERNAME valueFrom: secretKeyRef: diff --git a/fluent-logging/templates/job-elasticsearch-template.yaml b/fluent-logging/templates/job-elasticsearch-template.yaml index ad90cc1c0..1dbf86a7e 100644 --- a/fluent-logging/templates/job-elasticsearch-template.yaml +++ b/fluent-logging/templates/job-elasticsearch-template.yaml @@ -16,9 +16,12 @@ limitations under the License. {{- if .Values.manifests.job_elasticsearch_template }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.elasticsearch_template }} +{{- $esUserSecret := .Values.secrets.elasticsearch.user }} {{- $mounts_elasticsearch_template := .Values.pod.mounts.elasticsearch_template.elasticsearch_template }} {{- $mounts_elasticsearch_template_init := .Values.pod.mounts.elasticsearch_template.init_container }} + +{{- $serviceAccountName := "fluent-logging-elasticsearch-template"}} +{{ tuple $envAll "elasticsearch_template" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -30,11 +33,12 @@ spec: labels: {{ tuple $envAll "fluent" "elasticsearch-template" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.elasticsearch_template.node_selector_key }}: {{ .Values.labels.elasticsearch_template.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies $mounts_elasticsearch_template_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "elasticsearch_template" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: elasticsearch-template image: {{ .Values.images.tags.elasticsearch_template }} @@ -44,11 +48,17 @@ spec: - name: ELASTICSEARCH_HOST value: {{ tuple "elasticsearch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }} - name: ELASTICSEARCH_PORT - value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: ELASTICSEARCH_USERNAME - value: {{ .Values.endpoints.elasticsearch.auth.admin.username }} + valueFrom: + secretKeyRef: + name: {{ $esUserSecret }} + key: ELASTICSEARCH_USERNAME - name: ELASTICSEARCH_PASSWORD - value: {{ .Values.endpoints.elasticsearch.auth.admin.password }} + valueFrom: + secretKeyRef: + name: {{ $esUserSecret }} + key: ELASTICSEARCH_PASSWORD command: - /tmp/create_template.sh volumeMounts: diff --git a/fluent-logging/templates/job-image-repo-sync.yaml b/fluent-logging/templates/job-image-repo-sync.yaml index 41d479408..fb2a60798 100644 --- a/fluent-logging/templates/job-image-repo-sync.yaml +++ b/fluent-logging/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "fluent-logging-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml index 1f9e175be..a4a85a3f2 100644 --- a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml @@ -16,14 +16,13 @@ limitations under the License. {{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.prometheus_fluentd_exporter }} {{ $fluentd_host := tuple "fluentd" "internal" "metrics" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} {{ $fluentd_metrics_path := "api/plugins.json" }} {{ $fluentd_metrics_host := printf "http://%s/%s" $fluentd_host $fluentd_metrics_path }} {{- $serviceAccountName := "prometheus-fluentd-exporter"}} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus_fluentd_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -42,7 +41,7 @@ spec: {{ .Values.labels.prometheus_fluentd_exporter.node_selector_key }}: {{ .Values.labels.prometheus_fluentd_exporter.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_fluentd_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus_fluentd_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: fluentd-exporter image: {{ .Values.images.tags.prometheus_fluentd_exporter }} @@ -53,7 +52,7 @@ spec: - start ports: - name: metrics - containerPort: {{ .Values.network.prometheus_fluentd_exporter.port }} + containerPort: {{ tuple "prometheus_fluentd_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: FLUENTD_METRICS_HOST value: {{ $fluentd_metrics_host }} diff --git a/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml b/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml index 58acda763..4c829682b 100644 --- a/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml +++ b/fluent-logging/templates/monitoring/prometheus/exporter-service.yaml @@ -31,7 +31,7 @@ metadata: spec: ports: - name: metrics - port: {{ .Values.network.prometheus_fluentd_exporter.port }} + port: {{ tuple "prometheus_fluentd_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "prometheus_fluentd_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/fluent-logging/templates/pod-helm-tests.yaml b/fluent-logging/templates/pod-helm-tests.yaml index 36b15230f..75bf8762f 100644 --- a/fluent-logging/templates/pod-helm-tests.yaml +++ b/fluent-logging/templates/pod-helm-tests.yaml @@ -43,7 +43,7 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD - name: ELASTICSEARCH_ENDPOINT - value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: - name: fluent-logging-bin mountPath: /tmp/helm-tests.sh diff --git a/fluent-logging/templates/service-fluentd.yaml b/fluent-logging/templates/service-fluentd.yaml index a6e5a12fe..4d7fc2bd8 100644 --- a/fluent-logging/templates/service-fluentd.yaml +++ b/fluent-logging/templates/service-fluentd.yaml @@ -24,12 +24,12 @@ metadata: spec: ports: - name: forward - port: {{ .Values.network.fluentd.port.service }} + port: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.fluentd.node_port.enabled }} nodePort: {{ .Values.network.fluentd.node_port.port }} {{ end }} - name: metrics - port: {{ .Values.network.fluentd.port.metrics }} + port: {{ tuple "fluentd" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "fluentd" "internal" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ if .Values.network.fluentd.node_port.enabled }} diff --git a/fluent-logging/values.yaml b/fluent-logging/values.yaml index 0f616ab0b..502b8de30 100644 --- a/fluent-logging/values.yaml +++ b/fluent-logging/values.yaml @@ -28,7 +28,7 @@ labels: prometheus_fluentd_exporter: node_selector_key: openstack-control-plane node_selector_value: enabled - elasticsearch_template: + job: node_selector_key: openstack-control-plane node_selector_value: enabled @@ -37,7 +37,7 @@ images: fluentbit: docker.io/fluent/fluent-bit:0.12.14 fluentd: docker.io/kolla/ubuntu-source-fluentd:ocata prometheus_fluentd_exporter: docker.io/srwilkers/fluentd_exporter:v0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 elasticsearch_template: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 @@ -62,7 +62,7 @@ dependencies: - endpoint: node service: local_image_registry static: - elasticsearch-template: + elasticsearch_template: services: - endpoint: internal service: elasticsearch @@ -73,6 +73,8 @@ dependencies: - endpoint: internal service: fluentd fluentd: + jobs: + - elasticsearch-template services: - endpoint: internal service: elasticsearch @@ -159,17 +161,18 @@ conf: max_retry_wait: 300 disable_retry_limit: "" num_threads: 8 + type_name: fluentd fluentd_exporter: log: format: "logger:stdout?json=true" level: "info" template: template: "logstash-*" + index_patterns: "logstash-*" settings: - number_of_shards: 5 - number_of_replicas: 1 + number_of_shards: 1 mappings: - _doc: + doc: properties: kubernetes: properties: @@ -229,10 +232,8 @@ endpoints: scheme: default: http port: - client: + http: default: 80 - discovery: - default: 9300 kafka: namespace: null name: kafka @@ -289,11 +290,6 @@ network: node_port: enabled: false port: 32329 - port: - service: 24224 - metrics: 24220 - prometheus_fluentd_exporter: - port: 9309 pod: affinity: diff --git a/grafana/templates/bin/_datasource.sh.tpl b/grafana/templates/bin/_datasource.sh.tpl index 4db9ec2cd..2176f282d 100644 --- a/grafana/templates/bin/_datasource.sh.tpl +++ b/grafana/templates/bin/_datasource.sh.tpl @@ -17,7 +17,7 @@ limitations under the License. set -ex -exec curl "http://${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}@${GRAFANA_SERVICE}:{{ .Values.network.grafana.port }}/api/datasources" \ +exec curl "http://${GF_SECURITY_ADMIN_USER}:${GF_SECURITY_ADMIN_PASSWORD}@${GRAFANA_SERVICE}:${GRAFANA_PORT}/api/datasources" \ -H "Content-Type: application/json;charset=UTF-8" --data-binary \ {{- with .Values.conf.datasource }} "{\"name\":\"{{ .name }}\",\"type\":\"{{ .type }}\",\"url\":\"$PROMETHEUS_URL\",\"database\":\"{{ .database }}\",\"jsonData\":{ {{ .jsonData }} },\"access\":\"{{ .access }}\",\"isDefault\":{{ .isDefault }}}" diff --git a/grafana/templates/configmap-bin.yaml b/grafana/templates/configmap-bin.yaml index b1a566c9d..e7efdd4c2 100644 --- a/grafana/templates/configmap-bin.yaml +++ b/grafana/templates/configmap-bin.yaml @@ -26,7 +26,7 @@ data: {{- include "helm-toolkit.scripts.db_init" . | indent 4 }} db-session-sync.py: | {{ tuple "bin/_db-session-sync.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} datasource.sh: | {{ tuple "bin/_datasource.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/grafana/templates/configmap-etc.yaml b/grafana/templates/configmap-etc.yaml index 74f699e1f..e66e1ebd5 100644 --- a/grafana/templates/configmap-etc.yaml +++ b/grafana/templates/configmap-etc.yaml @@ -35,10 +35,10 @@ kind: ConfigMap metadata: name: grafana-etc data: - grafana.ini: |+ + grafana.ini: | {{ include "helm-toolkit.utils.to_ini" .Values.conf.grafana | indent 4 }} {{ range $key, $value := .Values.conf.dashboards }} - {{$key}}.json: |+ + {{$key}}.json: | {{ toJson $value | indent 4 }} {{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 5a263554e..c56164a4e 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -16,17 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.grafana .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.grafana -}} -{{- end -}} {{- $mounts_grafana := .Values.pod.mounts.grafana.grafana }} {{- $serviceAccountName := "grafana" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "grafana" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -45,9 +39,9 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.grafana.node_selector_key }}: {{ .Values.labels.grafana.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "grafana" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana {{ tuple $envAll "grafana" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -57,11 +51,11 @@ spec: - start ports: - name: dashboard - containerPort: {{ .Values.network.grafana.port }} + containerPort: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /login - port: 3000 + port: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 env: diff --git a/grafana/templates/ingress-grafana.yaml b/grafana/templates/ingress-grafana.yaml index 55c0d2fff..5fb7a698f 100644 --- a/grafana/templates/ingress-grafana.yaml +++ b/grafana/templates/ingress-grafana.yaml @@ -14,45 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress }} -{{- $envAll := . }} -{{- if .Values.network.grafana.ingress.public }} -{{- $backendServiceType := "grafana" }} -{{- $backendPort := "dashboard" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: -{{ toYaml .Values.network.grafana.ingress.annotations | indent 4 }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.grafana.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index d8753c872..3b11d2b03 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_db_init_session }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.db_init_session }} {{- $serviceAccountName := "grafana-db-init-session" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_init_session" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_init_session" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-db-init-session {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index d395f60ab..d7cfaab34 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_db_init }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.db_init }} {{- $serviceAccountName := "grafana-db-init" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-db-init {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index 4cdcfa9aa..3538da559 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_db_session_sync }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.db_session_sync }} {{- $serviceAccountName := "grafana-db-session-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_session_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_session_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-db-session-sync {{ tuple $envAll "grafana_db_session_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-image-repo-sync.yaml b/grafana/templates/job-image-repo-sync.yaml index 9ec1fa8e2..1f59fe879 100644 --- a/grafana/templates/job-image-repo-sync.yaml +++ b/grafana/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "grafana-image-repo-sync" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/grafana/templates/job-prometheus-datasource.yaml b/grafana/templates/job-prometheus-datasource.yaml index 9c923f727..fbea030a5 100644 --- a/grafana/templates/job-prometheus-datasource.yaml +++ b/grafana/templates/job-prometheus-datasource.yaml @@ -17,9 +17,8 @@ limitations under the License. {{- if .Values.manifests.job_datasource }} {{- $envAll := . }} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.register_datasource -}} {{- $serviceAccountName := "grafana-register-datasource" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "register_datasource" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "register_datasource" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: grafana-datasource {{ tuple $envAll "datasource" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -56,6 +55,8 @@ spec: key: GRAFANA_ADMIN_PASSWORD - name: GRAFANA_SERVICE value: {{ tuple "grafana" "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: GRAFANA_PORT + value: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: PROMETHEUS_URL value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} volumeMounts: diff --git a/grafana/templates/service-ingress.yaml b/grafana/templates/service-ingress.yaml index 5dbb337dd..8a1201a27 100644 --- a/grafana/templates/service-ingress.yaml +++ b/grafana/templates/service-ingress.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress }} -{{- $envAll := . }} -{{- if .Values.network.grafana.ingress.public }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "grafana" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.grafana.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "grafana" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/grafana/templates/service.yaml b/grafana/templates/service.yaml index 3255f7ae3..abcf43ecc 100644 --- a/grafana/templates/service.yaml +++ b/grafana/templates/service.yaml @@ -24,7 +24,7 @@ metadata: spec: ports: - name: dashboard - port: {{ .Values.network.grafana.port }} + port: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.grafana.node_port.enabled }} nodePort: {{ .Values.network.grafana.node_port.port }} {{ end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index 8fc333814..cd1a9280f 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -20,7 +20,7 @@ images: tags: grafana: docker.io/grafana/grafana:4.5.2 datasource: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 grafana_db_session_sync: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 image_repo_sync: docker.io/docker:17.07.0 @@ -32,8 +32,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + grafana: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -162,6 +166,7 @@ endpoints: port: grafana: default: 3000 + public: 80 monitoring: name: prometheus namespace: null @@ -221,15 +226,16 @@ dependencies: network: grafana: - port: 3000 node_port: enabled: false port: 30902 ingress: public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / secrets: oslo_db: @@ -10146,3 +10152,607 @@ conf: timezone: browser title: Openstack Main1 version: 2 + nginx_stats: + __inputs: + - name: DS_PROMETHEUS + label: prometheus + description: '' + type: datasource + pluginId: prometheus + pluginName: Prometheus + __requires: + - type: grafana + id: grafana + name: Grafana + version: 4.5.2 + - type: panel + id: graph + name: Graph + version: '' + - type: datasource + id: prometheus + name: Prometheus + version: 1.0.0 + annotations: + list: [] + description: Show stats from the hnlq715/nginx-vts-exporter. + editable: true + gnetId: 2949 + graphTooltip: 0 + hideControls: false + id: + links: [] + refresh: 10s + rows: + - collapse: false + height: 250 + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 7 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 12 + stack: false + steppedLine: false + targets: + - expr: sum(nginx_upstream_responses_total{upstream=~"^$Upstream$"}) by (status_code, + upstream) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ status_code }}.{{ upstream }}" + metric: nginx_upstream_response + refId: A + step: 4 + thresholds: [] + timeFrom: + timeShift: + title: HTTP Response Codes by Upstream + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + - collapse: false + height: 250 + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 6 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_upstream_requests_total{upstream=~"^$Upstream$"}[5m])) + by (upstream) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ upstream}}" + metric: nginx_upstream_requests + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Upstream Requests rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 5 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_upstream_bytes_total{upstream=~"^$Upstream$"}[5m])) by + (direction, upstream) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ direction }}.{{ upstream }}" + metric: nginx_upstream_bytes + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Upstream Bytes Transfer rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + - collapse: false + height: 250px + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 1 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_connections_total[5m])) by (type) + format: time_series + intervalFactor: 2 + legendFormat: "{{ type}}" + metric: nginx_server_connections + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Overall Connections rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 4 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_cache_total{ server_zone=~"$ingress"}[5m])) by (server_zone, + type) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ type }}.{{ server_zone }}" + metric: nginx_server_cache + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Cache Action rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: '0' + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + - collapse: false + height: 250 + panels: + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 3 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_requests_total{ server_zone=~"$ingress" }[5m])) by (server_zone) + format: time_series + interval: '' + intervalFactor: 2 + legendFormat: "{{ server_zone}}" + metric: nginx_server_requests + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Overall Requests rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: short + label: + logBase: 1 + max: + min: + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + - aliasColors: {} + bars: false + dashLength: 10 + dashes: false + datasource: "${DS_PROMETHEUS}" + fill: 1 + id: 2 + legend: + avg: false + current: false + max: false + min: false + show: true + total: false + values: false + lines: true + linewidth: 1 + links: [] + nullPointMode: 'null' + percentage: false + pointradius: 5 + points: false + renderer: flot + seriesOverrides: [] + spaceLength: 10 + span: 6 + stack: false + steppedLine: false + targets: + - expr: sum(irate(nginx_bytes_total{ server_zone=~"$ingress" }[5m])) by (direction, + server_zone) + format: time_series + intervalFactor: 2 + legendFormat: "{{ direction }}.{{ server_zone }}" + metric: nginx_server_bytes + refId: A + step: 10 + thresholds: [] + timeFrom: + timeShift: + title: Overall Bytes Transferred rate + tooltip: + msResolution: false + shared: true + sort: 0 + value_type: individual + type: graph + xaxis: + buckets: + mode: time + name: + show: true + values: [] + yaxes: + - format: bytes + label: + logBase: 1 + max: + min: '0' + show: true + - format: short + label: + logBase: 1 + max: + min: + show: true + repeat: + repeatIteration: + repeatRowId: + showTitle: false + title: Dashboard Row + titleSize: h6 + schemaVersion: 14 + style: dark + tags: + - prometheus + - nginx + templating: + list: + - allValue: ".*" + current: {} + datasource: "${DS_PROMETHEUS}" + hide: 0 + includeAll: false + label: + multi: true + name: Upstream + options: [] + query: label_values(nginx_upstream_bytes_total, upstream) + refresh: 1 + regex: '' + sort: 1 + tagValuesQuery: '' + tags: [] + tagsQuery: '' + type: query + useTags: false + - allValue: + current: {} + datasource: "${DS_PROMETHEUS}" + hide: 0 + includeAll: false + label: + multi: true + name: ingress + options: [] + query: label_values(nginx_bytes_total, server_zone) + refresh: 1 + regex: "/^[^\\*_]+$/" + sort: 1 + tagValuesQuery: '' + tags: [] + tagsQuery: '' + type: query + useTags: false + time: + from: now-1h + to: now + timepicker: + refresh_intervals: + - 5s + - 10s + - 30s + - 1m + - 5m + - 15m + - 30m + - 1h + - 2h + - 1d + time_options: + - 5m + - 15m + - 1h + - 6h + - 12h + - 24h + - 2d + - 7d + - 30d + timezone: browser + title: Nginx Stats + version: 13 diff --git a/helm-toolkit/.gitignore b/helm-toolkit/.gitignore index e1bd7e85a..f5f3a91ab 100644 --- a/helm-toolkit/.gitignore +++ b/helm-toolkit/.gitignore @@ -1,3 +1,3 @@ secrets/* -!secrets/.gitkeep +!secrets/.gitkeep templates/_secrets.tpl diff --git a/helm-toolkit/templates/manifests/_ingress.yaml.tpl b/helm-toolkit/templates/manifests/_ingress.yaml.tpl new file mode 100644 index 000000000..cf98bf504 --- /dev/null +++ b/helm-toolkit/templates/manifests/_ingress.yaml.tpl @@ -0,0 +1,70 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for a services ingress rules. +# It can be used in charts dict created similar to the following: +# {- $ingressOpts := dict "envAll" . "backendServiceType" "key-manager" -} +# { $ingressOpts | include "helm-toolkit.manifests.ingress" } + +{{- define "helm-toolkit.manifests.ingress._host_rules" -}} +{{- $vHost := index . "vHost" -}} +{{- $backendName := index . "backendName" -}} +{{- $backendPort := index . "backendPort" -}} +- host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} + +{{- define "helm-toolkit.manifests.ingress" -}} +{{- $envAll := index . "envAll" -}} +{{- $backendService := index . "backendService" | default "api" -}} +{{- $backendServiceType := index . "backendServiceType" -}} +{{- $backendPort := index . "backendPort" -}} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }} +{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} +spec: + rules: +{{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix)}} +{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }} +{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +{{- end }} +{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }} +{{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }} +{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ printf "%s-%s" $ingressName "fqdn" }} + annotations: + kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "cluster" | quote }} +{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }} +spec: + rules: +{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.yaml b/helm-toolkit/templates/manifests/_job-bootstrap.yaml new file mode 100644 index 000000000..754ff217a --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-bootstrap.yaml @@ -0,0 +1,97 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db creation and user management. +# It can be used in charts dict created similar to the following: +# {- $dbSyncJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" } + +{{- define "helm-toolkit.manifests.job_bootstrap" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.bootstrap -}} +{{- $podVolMounts := index . "podVolMounts" | default false -}} +{{- $podVols := index . "podVols" | default false -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $configFile := index . "configFile" | default (printf "/etc/%s/%s.conf" $serviceName $serviceName ) -}} +{{- $keystoneUser := index . "keystoneUser" | default $serviceName -}} +{{- $openrc := index . "openrc" | default "true" -}} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "bootstrap" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "bootstrap" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: bootstrap + image: {{ $envAll.Values.images.tags.bootstrap }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{- if eq $openrc "true" }} + env: +{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} +{{- end }} + command: + - /tmp/bootstrap.sh + volumeMounts: + - name: bootstrap-sh + mountPath: /tmp/bootstrap.sh + subPath: bootstrap.sh + readOnly: true + - name: etc-service + mountPath: {{ dir $configFile | quote }} + - name: bootstrap-conf + mountPath: {{ $configFile | quote }} + subPath: {{ base $configFile | quote }} + readOnly: true +{{- if $podVolMounts }} +{{ $podVolMounts | toYaml | indent 12 }} +{{- end }} + volumes: + - name: bootstrap-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + - name: etc-service + emptyDir: {} + - name: bootstrap-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- if $podVols }} +{{ $podVols | toYaml | indent 8 }} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl new file mode 100644 index 000000000..753ff8bd2 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.yaml.tpl @@ -0,0 +1,123 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db creation and user management. +# It can be used in charts dict created similar to the following: +# {- $dbToDropJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbToDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" } +# +# If the service does not use olso then the db can be managed with: +# {- $dbToDrop := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.horizon -} +# {- $dbToDropJob := dict "envAll" . "serviceName" "horizon" "dbToDrop" $dbToDrop -} +# { $dbToDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" } + +{{- define "helm-toolkit.manifests.job_db_drop_mysql" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.db_drop -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $dbToDrop := index . "dbToDrop" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} +{{- $dbsToDrop := default (list $dbToDrop) (index . "dbsToDrop") }} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-drop" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-drop" | quote }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $dbToDrop := $dbsToDrop }} +{{ $dbToDropType := default "oslo" $dbToDrop.inputType }} + - name: {{ printf "%s-%s-%d" $serviceNamePretty "db-drop" $key1 | quote }} + image: {{ $envAll.Values.images.tags.db_drop }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_drop | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToDrop.adminSecret | quote }} + key: DB_CONNECTION +{{- if eq $dbToDropType "oslo" }} + - name: OPENSTACK_CONFIG_FILE + value: {{ $dbToDrop.configFile | quote }} + - name: OPENSTACK_CONFIG_DB_SECTION + value: {{ $dbToDrop.configDbSection | quote }} + - name: OPENSTACK_CONFIG_DB_KEY + value: {{ $dbToDrop.configDbKey | quote }} +{{- end }} +{{- if eq $dbToDropType "secret" }} + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToDrop.userSecret | quote }} + key: DB_CONNECTION +{{- end }} + command: + - /tmp/db-drop.py + volumeMounts: + - name: db-drop-sh + mountPath: /tmp/db-drop.py + subPath: db-drop.py + readOnly: true +{{- if eq $dbToDropType "oslo" }} + - name: etc-service + mountPath: {{ dir $dbToDrop.configFile | quote }} + - name: db-drop-conf + mountPath: {{ $dbToDrop.configFile | quote }} + subPath: {{ base $dbToDrop.configFile | quote }} + readOnly: true +{{- end }} +{{- end }} + volumes: + - name: db-drop-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- $local := dict "configMapBinFirst" true -}} +{{- range $key1, $dbToDrop := $dbsToDrop }} +{{- $dbToDropType := default "oslo" $dbToDrop.inputType }} +{{- if and (eq $dbToDropType "oslo") $local.configMapBinFirst }} +{{- $_ := set $local "configMapBinFirst" false }} + - name: etc-service + emptyDir: {} + - name: db-drop-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl new file mode 100644 index 000000000..c325ccf92 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.yaml.tpl @@ -0,0 +1,120 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db creation and user management. +# It can be used in charts dict created similar to the following: +# {- $dbToInitJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbToInitJob | include "helm-toolkit.manifests.job_db_init_mysql" } +# +# If the service does not use olso then the db can be managed with: +# {- $dbToInit := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.horizon -} +# {- $dbToInitJob := dict "envAll" . "serviceName" "horizon" "dbToInit" $dbToInit -} +# { $dbToInitJob | include "helm-toolkit.manifests.job_db_init_mysql" } + +{{- define "helm-toolkit.manifests.job_db_init_mysql" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.db_init -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $dbToInit := index . "dbToInit" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} +{{- $dbsToInit := default (list $dbToInit) (index . "dbsToInit") }} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-init" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-init" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $dbToInit := $dbsToInit }} +{{ $dbToInitType := default "oslo" $dbToInit.inputType }} + - name: {{ printf "%s-%s-%d" $serviceNamePretty "db-init" $key1 | quote }} + image: {{ $envAll.Values.images.tags.db_init }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToInit.adminSecret | quote }} + key: DB_CONNECTION +{{- if eq $dbToInitType "oslo" }} + - name: OPENSTACK_CONFIG_FILE + value: {{ $dbToInit.configFile | quote }} + - name: OPENSTACK_CONFIG_DB_SECTION + value: {{ $dbToInit.configDbSection | quote }} + - name: OPENSTACK_CONFIG_DB_KEY + value: {{ $dbToInit.configDbKey | quote }} +{{- end }} +{{- if eq $dbToInitType "secret" }} + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $dbToInit.userSecret | quote }} + key: DB_CONNECTION +{{- end }} + command: + - /tmp/db-init.py + volumeMounts: + - name: db-init-sh + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true +{{- if eq $dbToInitType "oslo" }} + - name: etc-service + mountPath: {{ dir $dbToInit.configFile | quote }} + - name: db-init-conf + mountPath: {{ $dbToInit.configFile | quote }} + subPath: {{ base $dbToInit.configFile | quote }} + readOnly: true +{{- end }} +{{- end }} + volumes: + - name: db-init-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- $local := dict "configMapBinFirst" true -}} +{{- range $key1, $dbToInit := $dbsToInit }} +{{- $dbToInitType := default "oslo" $dbToInit.inputType }} +{{- if and (eq $dbToInitType "oslo") $local.configMapBinFirst }} +{{- $_ := set $local "configMapBinFirst" false }} + - name: etc-service + emptyDir: {} + - name: db-init-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl new file mode 100644 index 000000000..9ce476268 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl @@ -0,0 +1,94 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db migration and management. +# It can be used in charts dict created similar to the following: +# {- $dbSyncJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" } + +{{- define "helm-toolkit.manifests.job_db_sync" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := $envAll.Values.dependencies.static.db_sync }} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $podVolMounts := index . "podVolMounts" | default false -}} +{{- $podVols := index . "podVols" | default false -}} +{{- $podEnvVars := index . "podEnvVars" | default false -}} +{{- $dbToSync := index . "dbToSync" | default ( dict "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "image" ( index $envAll.Values.images.tags ( printf "%s_db_sync" $serviceName )) ) -}} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-sync" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} + image: {{ $dbToSync.image | quote }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{- if $podEnvVars }} + env: +{{ $podEnvVars | toYaml | indent 12 }} +{{- end }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etc-service + mountPath: {{ dir $dbToSync.configFile | quote }} + - name: db-sync-conf + mountPath: {{ $dbToSync.configFile | quote }} + subPath: {{ base $dbToSync.configFile | quote }} + readOnly: true +{{- if $podVolMounts }} +{{ $podVolMounts | toYaml | indent 12 }} +{{- end }} + volumes: + - name: db-sync-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + - name: etc-service + emptyDir: {} + - name: db-sync-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- if $podVols }} +{{ $podVols | toYaml | indent 8 }} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl new file mode 100644 index 000000000..303816149 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.yaml.tpl @@ -0,0 +1,83 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone service management. +# It can be used in charts dict created similar to the following: +# {- $ksEndpointJob := dict "envAll" . "serviceName" "senlin" "serviceTypes" ( tuple "clustering" ) -} +# { $ksEndpointJob | include "helm-toolkit.manifests.job_ks_endpoints" } + +{{- define "helm-toolkit.manifests.job_ks_endpoints" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $serviceTypes := index . "serviceTypes" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.ks_endpoints -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "ks-endpoints" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "ks-endpoints" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := $serviceTypes }} +{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} + - name: {{ printf "%s-%s-%s" $osServiceType "ks-endpoints" $osServiceEndPoint | quote }} + image: {{ $envAll.Values.images.tags.ks_endpoints }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-endpoints.sh + volumeMounts: + - name: ks-endpoints-sh + mountPath: /tmp/ks-endpoints.sh + subPath: ks-endpoints.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SVC_ENDPOINT + value: {{ $osServiceEndPoint | quote }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType | quote }} + - name: OS_SERVICE_ENDPOINT + value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }} +{{- end }} +{{- end }} + volumes: + - name: ks-endpoints-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl new file mode 100644 index 000000000..9a7c4e932 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-service.yaml.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone service management. +# It can be used in charts dict created similar to the following: +# {- $ksServiceJob := dict "envAll" . "serviceName" "senlin" "serviceTypes" ( tuple "clustering" ) -} +# { $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" } + +{{- define "helm-toolkit.manifests.job_ks_service" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $serviceTypes := index . "serviceTypes" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.ks_service -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "ks-service" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "ks-service" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +{{- range $key1, $osServiceType := $serviceTypes }} + - name: {{ printf "%s-%s" $osServiceType "ks-service-registration" | quote }} + image: {{ $envAll.Values.images.tags.ks_service }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-service.sh + volumeMounts: + - name: ks-service-sh + mountPath: /tmp/ks-service.sh + subPath: ks-service.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: OS_SERVICE_NAME + value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} + - name: OS_SERVICE_TYPE + value: {{ $osServiceType | quote }} +{{- end }} + volumes: + - name: ks-service-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl new file mode 100644 index 000000000..c4908637c --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -0,0 +1,83 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone user management. +# It can be used in charts dict created similar to the following: +# {- $ksUserJob := dict "envAll" . "serviceName" "senlin" } +# { $ksUserJob | include "helm-toolkit.manifests.job_ks_user" } + +{{- define "helm-toolkit.manifests.job_ks_user" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.ks_user -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceUser := index . "serviceUser" | default $serviceName -}} +{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "ks-user" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceUserPretty "ks-user" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName | quote }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ks-user + image: {{ $envAll.Values.images.tags.ks_user }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: {{ $serviceName | quote }} +{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLES + {{- $serviceOsRoles := index $envAll.Values.endpoints.identity.auth $serviceUser "role" }} + {{- if kindIs "slice" $serviceOsRoles }} + value: {{ include "helm-toolkit.utils.joinListWithComma" $serviceOsRoles | quote }} + {{- else }} + value: {{ $serviceOsRoles | quote }} + {{- end }} + volumes: + - name: ks-user-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl new file mode 100644 index 000000000..bbbde4f8b --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -0,0 +1,74 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.manifests.job_rabbit_init" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := index . "dependencies" | default $envAll.Values.dependencies.static.rabbit_init -}} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $serviceUser := index . "serviceUser" | default $serviceName -}} +{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "rabbit-init" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceUserPretty "rabbit-init" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "rabbit-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName | quote }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: rabbit-init + image: {{ $envAll.Values.images.tags.rabbit_init | quote }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.rabbit_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/rabbit-init.sh + volumeMounts: + - name: rabbit-init-sh + mountPath: /tmp/rabbit-init.sh + subPath: rabbit-init.sh + readOnly: true + env: + - name: RABBITMQ_ADMIN_CONNECTION + valueFrom: + secretKeyRef: + name: {{ $envAll.Values.secrets.oslo_messaging.admin }} + key: RABBITMQ_CONNECTION + - name: RABBITMQ_USER_CONNECTION + valueFrom: + secretKeyRef: + name: {{ index $envAll.Values.secrets.oslo_messaging $serviceName }} + key: RABBITMQ_CONNECTION + volumes: + - name: rabbit-init-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + +{{- end -}} diff --git a/helm-toolkit/templates/manifests/_service-ingress.tpl b/helm-toolkit/templates/manifests/_service-ingress.tpl new file mode 100644 index 000000000..29be3f43b --- /dev/null +++ b/helm-toolkit/templates/manifests/_service-ingress.tpl @@ -0,0 +1,40 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for a services ingress rules. +# It can be used in charts dict created similar to the following: +# {- $serviceIngressOpts := dict "envAll" . "backendServiceType" "key-manager" -} +# { $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" } + +{{- define "helm-toolkit.manifests.service_ingress" -}} +{{- $envAll := index . "envAll" -}} +{{- $backendServiceType := index . "backendServiceType" -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- if index $envAll.Values.endpoints $backendServiceType }} +{{- if index $envAll.Values.endpoints $backendServiceType "ip" }} +{{- if index $envAll.Values.endpoints $backendServiceType "ip" "ingress" }} + clusterIP: {{ (index $envAll.Values.endpoints $backendServiceType "ip" "ingress") }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/helm-toolkit/templates/scripts/_ks-user.sh.tpl b/helm-toolkit/templates/scripts/_ks-user.sh.tpl index 1b61371bd..72b81fc71 100644 --- a/helm-toolkit/templates/scripts/_ks-user.sh.tpl +++ b/helm-toolkit/templates/scripts/_ks-user.sh.tpl @@ -76,6 +76,10 @@ openstack user set --password="${SERVICE_OS_PASSWORD}" "${USER_ID}" openstack user show "${USER_ID}" function ks_assign_user_role () { + # Get user role + USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${SERVICE_OS_ROLE}"); + # Manage user role assignment openstack role add \ --user="${USER_ID}" \ @@ -92,9 +96,10 @@ function ks_assign_user_role () { } # Manage user service role -export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ - "${SERVICE_OS_ROLE}"); -ks_assign_user_role +IFS=',' +for SERVICE_OS_ROLE in ${SERVICE_OS_ROLES}; do + ks_assign_user_role +done # Manage user member role : ${MEMBER_OS_ROLE:="_member_"} diff --git a/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl new file mode 100644 index 000000000..6c45dba44 --- /dev/null +++ b/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl @@ -0,0 +1,67 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.scripts.rabbit_init" }} +#!/bin/bash +set -ex + +# Extract connection details +RABBIT_HOSTNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \ + | awk -F'[:/]' '{print $1}'` +RABBIT_PORT=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \ + | awk -F'[:/]' '{print $2}'` + +# Extract Admin User creadential +RABBITMQ_ADMIN_USERNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $4}'` +RABBITMQ_ADMIN_PASSWORD=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $5}'` + +# Extract User creadential +RABBITMQ_USERNAME=`echo $RABBITMQ_USER_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $4}'` +RABBITMQ_PASSWORD=`echo $RABBITMQ_USER_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $5}'` + +# Using admin creadential, list current rabbitmq users +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \ + list users + +# if user already exist, credentials will be overwritten +# Using admin creadential, adding new admin rabbitmq user" +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \ + declare user name=$RABBITMQ_USERNAME password=$RABBITMQ_PASSWORD \ + tags="administrator" + +# Declare permissions for new user +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_ADMIN_USERNAME --password=$RABBITMQ_ADMIN_PASSWORD \ + declare permission vhost="/" user=$RABBITMQ_USERNAME \ + configure=".*" write=".*" read=".*" + +# Using new user creadential, list current rabbitmq users +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_USERNAME --password=$RABBITMQ_PASSWORD \ + list users + +# Using new user creadential, list permissions +rabbitmqadmin --host=$RABBIT_HOSTNAME --port=$RABBIT_PORT \ + --username=$RABBITMQ_USERNAME --password=$RABBITMQ_PASSWORD \ + list permissions + +{{- end }} diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl index 5da4a0fbf..76e6bb3c4 100644 --- a/helm-toolkit/templates/scripts/_rally_test.sh.tpl +++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl @@ -19,19 +19,45 @@ limitations under the License. set -ex {{- $rallyTests := index . 0 }} -: ${RALLY_ENV_NAME:="openstack-helm"} +: "${RALLY_ENV_NAME:="openstack-helm"}" + rally-manage db create -rally deployment create --fromenv --name ${RALLY_ENV_NAME} -rally deployment use ${RALLY_ENV_NAME} +cat > /tmp/rally-config.json << EOF +{ + "type": "ExistingCloud", + "auth_url": "${OS_AUTH_URL}", + "region_name": "${OS_REGION_NAME}", + "endpoint_type": "public", + "admin": { + "username": "${OS_USERNAME}", + "password": "${OS_PASSWORD}", + "project_name": "${OS_PROJECT_NAME}", + "user_domain_name": "${OS_USER_DOMAIN_NAME}", + "project_domain_name": "${OS_PROJECT_DOMAIN_NAME}" + }, + "users": [ + { + "username": "${SERVICE_OS_USERNAME}", + "password": "${SERVICE_OS_PASSWORD}", + "project_name": "${SERVICE_OS_PROJECT_NAME}", + "user_domain_name": "${SERVICE_OS_USER_DOMAIN_NAME}", + "project_domain_name": "${SERVICE_OS_PROJECT_DOMAIN_NAME}" + } + ] +} +EOF +rally deployment create --file /tmp/rally-config.json --name "${RALLY_ENV_NAME}" +rm -f /tmp/rally-config.json +rally deployment use "${RALLY_ENV_NAME}" rally deployment check {{- if $rallyTests.run_tempest }} -rally verify create-verifier --name ${RALLY_ENV_NAME}-tempest --type tempest -SERVICE_TYPE=$(rally deployment check | grep ${RALLY_ENV_NAME} | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n') -rally verify start --pattern tempest.api.$SERVICE_TYPE* -rally verify delete-verifier --id ${RALLY_ENV_NAME}-tempest --force +rally verify create-verifier --name "${RALLY_ENV_NAME}-tempest" --type tempest +SERVICE_TYPE="$(rally deployment check | grep "${RALLY_ENV_NAME}" | awk -F \| '{print $3}' | tr -d ' ' | tr -d '\n')" +rally verify start --pattern "tempest.api.${SERVICE_TYPE}*" +rally verify delete-verifier --id "${RALLY_ENV_NAME}-tempest" --force {{- end }} rally task validate /etc/rally/rally_tests.yaml rally task start /etc/rally/rally_tests.yaml -rally deployment destroy --deployment ${RALLY_ENV_NAME} +rally deployment destroy --deployment "${RALLY_ENV_NAME}" rally task sla-check {{- end }} diff --git a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl index 669daf02e..41915a78a 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl @@ -16,8 +16,18 @@ limitations under the License. {{- define "helm-toolkit.snippets.kubernetes_entrypoint_init_container" -}} {{- $envAll := index . 0 -}} -{{- $deps := index . 1 -}} +{{- $component := index . 1 -}} {{- $mounts := index . 2 -}} + +{{- $_ := set $envAll.Values "__kubernetes_entrypoint_init_container" dict -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" dict -}} +{{- if and ($envAll.Values.images.local_registry.active) (ne $component "image_repo_sync") -}} +{{- $_ := include "helm-toolkit.utils.merge" ( tuple $envAll.Values.__kubernetes_entrypoint_init_container.deps ( index $envAll.Values.dependencies.static $component ) $envAll.Values.dependencies.dynamic.common.local_image_registry ) -}} +{{- else -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" ( index $envAll.Values.dependencies.static $component ) -}} +{{- end -}} +{{- $deps := $envAll.Values.__kubernetes_entrypoint_init_container.deps }} + - name: init {{ tuple $envAll "dep_check" | include "helm-toolkit.snippets.image" | indent 2 }} env: @@ -33,14 +43,18 @@ limitations under the License. fieldPath: metadata.namespace - name: INTERFACE_NAME value: eth0 + - name: PATH + value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ - name: DEPENDENCY_SERVICE value: "{{ tuple $deps.services $envAll | include "helm-toolkit.utils.comma_joined_service_list" }}" - name: DEPENDENCY_JOBS - value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}" + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.jobs }}" - name: DEPENDENCY_DAEMONSET - value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.daemonset }}" + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.daemonset }}" - name: DEPENDENCY_CONTAINER - value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.container }}" + value: "{{ include "helm-toolkit.utils.joinListWithComma" $deps.container }}" + - name: DEPENDENCY_POD + value: {{ if $deps.pod }}{{ toJson $deps.pod | quote }}{{ else }}""{{ end }} - name: COMMAND value: "echo done" command: diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl index 1284b36c9..f9f48ef7b 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl @@ -57,7 +57,7 @@ rules: {{ if eq $v "jobs" }} - jobs {{- end -}} - {{ if or (eq $v "daemonsets") (eq $v "jobs") }} + {{ if or (eq $v "pods") (eq $v "daemonsets") (eq $v "jobs") }} - pods {{- end -}} {{ if eq $v "services" }} diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl index 73bc903b9..e0a234f15 100644 --- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl @@ -16,11 +16,21 @@ limitations under the License. {{- define "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" -}} {{- $envAll := index . 0 -}} -{{- $deps := index . 1 -}} +{{- $component := index . 1 -}} {{- $saName := index . 2 -}} {{- $saNamespace := $envAll.Release.Namespace }} {{- $randomKey := randAlphaNum 32 }} {{- $allNamespace := dict $randomKey "" }} + +{{- $_ := set $envAll.Values "__kubernetes_entrypoint_init_container" dict -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" dict -}} +{{- if and ($envAll.Values.images.local_registry.active) (ne $component "image_repo_sync") -}} +{{- $_ := include "helm-toolkit.utils.merge" ( tuple $envAll.Values.__kubernetes_entrypoint_init_container.deps ( index $envAll.Values.dependencies.static $component ) $envAll.Values.dependencies.dynamic.common.local_image_registry ) -}} +{{- else -}} +{{- $_ := set $envAll.Values.__kubernetes_entrypoint_init_container "deps" ( index $envAll.Values.dependencies.static $component ) -}} +{{- end -}} +{{- $deps := $envAll.Values.__kubernetes_entrypoint_init_container.deps }} + --- apiVersion: v1 kind: ServiceAccount @@ -40,6 +50,8 @@ metadata: {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "jobs," ((index $allNamespace $saNamespace) | default "")) }} {{- else if and (eq $k "daemonset") $v }} {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }} +{{- else if and (eq $k "pod") $v }} +{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }} {{- end -}} {{- end -}} {{- $_ := unset $allNamespace $randomKey }} diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl new file mode 100644 index 000000000..448b60f81 --- /dev/null +++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl @@ -0,0 +1,271 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.daemonset_overrides" }} + {{- $daemonset := index . 0 }} + {{- $daemonset_yaml := index . 1 }} + {{- $configmap_include := index . 2 }} + {{- $configmap_name := index . 3 }} + {{- $context := index . 4 }} + {{- $_ := unset $context ".Files" }} + {{- $_ := set $context.Values "__daemonset_yaml" $daemonset_yaml }} + {{- $daemonset_root_name := printf (print $context.Chart.Name "_" $daemonset) }} + {{- $_ := set $context.Values "__daemonset_list" list }} + {{- $_ := set $context.Values "__default" dict }} + {{- if hasKey $context.Values.conf "overrides" }} + {{- range $key, $val := $context.Values.conf.overrides }} + + {{- if eq $key $daemonset_root_name }} + {{- range $type, $type_data := . }} + + {{- if eq $type "hosts" }} + {{- range $host_data := . }} + {{/* dictionary that will contain all info needed to generate this + iteration of the daemonset */}} + {{- $current_dict := dict }} + + {{/* set daemonset name */}} + {{- $_ := set $current_dict "name" $host_data.name }} + + {{/* apply overrides */}} + {{- $override_conf_copy := $host_data.conf }} + {{- $root_conf_copy := omit $context.Values.conf "overrides" }} + {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} + {{- $root_conf_copy2 := dict "conf" $merged_dict }} + {{- $context_values := omit $context.Values "conf" }} + {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $current_dict "nodeData" $root_conf_copy4 }} + + {{/* Schedule to this host explicitly. */}} + {{- $nodeSelector_dict := dict }} + + {{- $_ := set $nodeSelector_dict "key" "kubernetes.io/hostname" }} + {{- $_ := set $nodeSelector_dict "operator" "In" }} + + {{- $values_list := list $host_data.name }} + {{- $_ := set $nodeSelector_dict "values" $values_list }} + + {{- $list_aggregate := list $nodeSelector_dict }} + {{- $_ := set $current_dict "matchExpressions" $list_aggregate }} + + {{/* store completed daemonset entry/info into global list */}} + {{- $list_aggregate := append $context.Values.__daemonset_list $current_dict }} + {{- $_ := set $context.Values "__daemonset_list" $list_aggregate }} + + {{- end }} + {{- end }} + + {{- if eq $type "labels" }} + {{- $_ := set $context.Values "__label_list" . }} + {{- range $label_data := . }} + {{/* dictionary that will contain all info needed to generate this + iteration of the daemonset. */}} + {{- $_ := set $context.Values "__current_label" dict }} + + {{/* set daemonset name */}} + {{- $_ := set $context.Values.__current_label "name" $label_data.label.key }} + + {{/* apply overrides */}} + {{- $override_conf_copy := $label_data.conf }} + {{- $root_conf_copy := omit $context.Values.conf "overrides" }} + {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} + {{- $root_conf_copy2 := dict "conf" $merged_dict }} + {{- $context_values := omit $context.Values "conf" }} + {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }} + + {{/* Schedule to the provided label value(s) */}} + {{- $label_dict := omit $label_data.label "NULL" }} + {{- $_ := set $label_dict "operator" "In" }} + {{- $list_aggregate := list $label_dict }} + {{- $_ := set $context.Values.__current_label "matchExpressions" $list_aggregate }} + + {{/* Do not schedule to other specified labels, with higher + precedence as the list position increases. Last defined label + is highest priority. */}} + {{- $other_labels := without $context.Values.__label_list $label_data }} + {{- range $label_data2 := $other_labels }} + {{- $label_dict := omit $label_data2.label "NULL" }} + + {{- $_ := set $label_dict "operator" "NotIn" }} + + {{- $list_aggregate := append $context.Values.__current_label.matchExpressions $label_dict }} + {{- $_ := set $context.Values.__current_label "matchExpressions" $list_aggregate }} + {{- end }} + {{- $_ := set $context.Values "__label_list" $other_labels }} + + {{/* Do not schedule to any other specified hosts */}} + {{- range $type, $type_data := $val }} + {{- if eq $type "hosts" }} + {{- range $host_data := . }} + {{- $label_dict := dict }} + + {{- $_ := set $label_dict "key" "kubernetes.io/hostname" }} + {{- $_ := set $label_dict "operator" "NotIn" }} + + {{- $values_list := list $host_data.name }} + {{- $_ := set $label_dict "values" $values_list }} + + {{- $list_aggregate := append $context.Values.__current_label.matchExpressions $label_dict }} + {{- $_ := set $context.Values.__current_label "matchExpressions" $list_aggregate }} + {{- end }} + {{- end }} + {{- end }} + + {{/* store completed daemonset entry/info into global list */}} + {{- $list_aggregate := append $context.Values.__daemonset_list $context.Values.__current_label }} + {{- $_ := set $context.Values "__daemonset_list" $list_aggregate }} + {{- $_ := unset $context.Values "__current_label" }} + + {{- end }} + {{- end }} + {{- end }} + + {{/* scheduler exceptions for the default daemonset */}} + {{- $_ := set $context.Values.__default "matchExpressions" list }} + + {{- range $type, $type_data := . }} + {{/* Do not schedule to other specified labels */}} + {{- if eq $type "labels" }} + {{- range $label_data := . }} + {{- $default_dict := omit $label_data.label "NULL" }} + + {{- $_ := set $default_dict "operator" "NotIn" }} + + {{- $list_aggregate := append $context.Values.__default.matchExpressions $default_dict }} + {{- $_ := set $context.Values.__default "matchExpressions" $list_aggregate }} + {{- end }} + {{- end }} + {{/* Do not schedule to other specified hosts */}} + {{- if eq $type "hosts" }} + {{- range $host_data := . }} + {{- $default_dict := dict }} + + {{- $_ := set $default_dict "key" "kubernetes.io/hostname" }} + {{- $_ := set $default_dict "operator" "NotIn" }} + + {{- $values_list := list $host_data.name }} + {{- $_ := set $default_dict "values" $values_list }} + + {{- $list_aggregate := append $context.Values.__default.matchExpressions $default_dict }} + {{- $_ := set $context.Values.__default "matchExpressions" $list_aggregate }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + + {{/* generate the default daemonset */}} + + {{/* set name */}} + {{- $_ := set $context.Values.__default "name" "default" }} + + {{/* no overrides apply, so copy as-is */}} + {{- $root_conf_copy1 := omit $context.Values.conf "overrides" }} + {{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }} + {{- $context_values := omit $context.Values "conf" }} + {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }} + + {{/* add to global list */}} + {{- $list_aggregate := append $context.Values.__daemonset_list $context.Values.__default }} + {{- $_ := set $context.Values "__daemonset_list" $list_aggregate }} + + {{- $_ := set $context.Values "__last_configmap_name" $configmap_name }} + {{- range $current_dict := $context.Values.__daemonset_list }} + + {{- $context_novalues := omit $context "Values" }} + {{- $merged_dict := merge $current_dict.nodeData $context_novalues }} + {{- $_ := set $current_dict "nodeData" $merged_dict }} + + {{/* name needs to be a DNS-1123 compliant name. Ensure lower case */}} + {{- $name_format1 := printf (print $daemonset_root_name "-" $current_dict.name) | lower }} + {{/* labels may contain underscores which would be invalid here, so we replace them with dashes + there may be other valid label names which would make for an invalid DNS-1123 name + but these will be easier to handle in future with sprig regex* functions + (not availabile in helm 2.5.1) */}} + {{- $name_format2 := $name_format1 | replace "_" "-" }} + {{/* To account for the case where the same label is defined multiple times in overrides + (but with different label values), we add a sha of the scheduling data to ensure + name uniqueness */}} + {{- $_ := set $current_dict "dns_1123_name" dict }} + {{- if hasKey $current_dict "matchExpressions" }} + {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }} + {{- else }} + {{- $_ := set $current_dict "dns_1123_name" $name_format2 }} + {{- end }} + + {{/* set daemonset metadata name */}} + {{- if not $context.Values.__daemonset_yaml.metadata }}{{- $_ := set $context.Values.__daemonset_yaml "metadata" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }} + {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }} + + {{/* set container name + assume not more than one container is defined */}} + {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }} + {{- $_ := set $container "name" $current_dict.dns_1123_name }} + {{- $cont_list := list $container }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }} + + {{/* cross-reference configmap name to container volume definitions */}} + {{- $_ := set $context.Values "__volume_list" list }} + {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }} + {{- $_ := set $context.Values "__volume" $current_volume }} + {{- if hasKey $context.Values.__volume "configMap" }} + {{- if eq $context.Values.__volume.configMap.name $context.Values.__last_configmap_name }} + {{- $_ := set $context.Values.__volume.configMap "name" $current_dict.dns_1123_name }} + {{- end }} + {{- end }} + {{- $updated_list := append $context.Values.__volume_list $context.Values.__volume }} + {{- $_ := set $context.Values "__volume_list" $updated_list }} + {{- end }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "volumes" $context.Values.__volume_list }} + + + {{/* populate scheduling restrictions */}} + {{- if hasKey $current_dict "matchExpressions" }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "spec" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec.affinity }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "affinity" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec.affinity "nodeAffinity" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity "requiredDuringSchedulingIgnoredDuringExecution" dict }}{{- end }} + {{- $match_exprs := dict }} + {{- $_ := set $match_exprs "matchExpressions" $current_dict.matchExpressions }} + {{- $appended_match_expr := list $match_exprs }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution "nodeSelectorTerms" $appended_match_expr }} + {{- end }} + + {{/* input value hash for current set of values overrides */}} + {{- if not $context.Values.__daemonset_yaml.spec }}{{- $_ := set $context.Values.__daemonset_yaml "spec" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template }}{{- $_ := set $context.Values.__daemonset_yaml.spec "template" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }} + {{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }} + {{- $values_hash := $cmap | quote | sha256sum }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }} + + {{/* generate configmap */}} +--- +{{ $cmap }} + {{/* generate daemonset yaml */}} +--- +{{ $context.Values.__daemonset_yaml | toYaml }} + {{- $_ := set $context.Values "__last_configmap_name" $current_dict.dns_1123_name }} + {{- end }} +{{- end }} diff --git a/helm-toolkit/templates/utils/_dependency_resolver.tpl b/helm-toolkit/templates/utils/_dependency_resolver.tpl new file mode 100644 index 000000000..b1b3bd4e5 --- /dev/null +++ b/helm-toolkit/templates/utils/_dependency_resolver.tpl @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.dependency_resolver" }} +{{- $envAll := index . "envAll" -}} +{{- $dependencyMixinParam := index . "dependencyMixinParam" -}} +{{- $dependencyKey := index . "dependencyKey" -}} +{{- if $dependencyMixinParam -}} +{{- $_ := set $envAll.Values "pod_dependency" dict -}} +{{- if kindIs "string" $dependencyMixinParam }} +{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency ( index $envAll.Values.dependencies.static $dependencyKey ) ( index $envAll.Values.dependencies.dynamic.targeted $dependencyMixinParam $dependencyKey ) ) -}} +{{- else if kindIs "slice" $dependencyMixinParam }} +{{- range $k, $v := $dependencyMixinParam -}} +{{- if not $envAll.Values.__deps }}{{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }}{{- end }} +{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}} +{{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}} +{{- end }} +{{- end }} +{{- else -}} +{{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}} +{{- end -}} +{{ $envAll.Values.pod_dependency | toYaml }} +{{- end }} diff --git a/helm-toolkit/templates/utils/_joinListWithSpace.tpl b/helm-toolkit/templates/utils/_joinListWithSpace.tpl new file mode 100644 index 000000000..5875a7cb1 --- /dev/null +++ b/helm-toolkit/templates/utils/_joinListWithSpace.tpl @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "helm-toolkit.utils.joinListWithSpace" -}} +{{- $local := dict "first" true -}} +{{- range $k, $v := . -}}{{- if not $local.first -}}{{- " " -}}{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_to_kv_list.tpl b/helm-toolkit/templates/utils/_to_kv_list.tpl new file mode 100644 index 000000000..6f29dc65d --- /dev/null +++ b/helm-toolkit/templates/utils/_to_kv_list.tpl @@ -0,0 +1,42 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function returns key value pair in the INI format (key = value) +# as needed by openstack config files +# +# Sample key value pair format: +# conf: +# libvirt: +# log_level: 3 +# Usage: +# { include "helm-toolkit.utils.to_kv_list" .Values.conf.libvirt } +# returns: log_level = 3 + +{{- define "helm-toolkit.utils.to_kv_list" -}} +{{- range $key, $value := . -}} +{{- if kindIs "slice" $value }} +{{ $key }} = {{ include "helm-toolkit.utils.joinListWithComma" $value | quote }} +{{- else if kindIs "string" $value }} +{{- if regexMatch "^[0-9]+$" $value }} +{{ $key }} = {{ $value }} +{{- else }} +{{ $key }} = {{ $value | quote }} +{{- end }} +{{- else }} +{{ $key }} = {{ $value }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/utils/_values_template_renderer.tpl b/helm-toolkit/templates/utils/_values_template_renderer.tpl new file mode 100644 index 000000000..4cc5471ed --- /dev/null +++ b/helm-toolkit/templates/utils/_values_template_renderer.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright 2018 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +This function renders out configuration sections into a format suitable for +incorporation into a config-map. This allows various forms of input to be +rendered out as appropriate, as illustrated in the following example: + +With the input: + + conf: + some: + config_to_render: | + #We can use all of gotpl here: eg macros, ranges etc. + Listen 0.0.0.0:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + config_to_complete: + #here we can fill out params, but things need to be valid yaml as input + '{{ .Release.Name }}': '{{ printf "%s-%s" .Release.Namespace "namespace" }}' + static_config: + #this is just passed though as yaml to the configmap + foo: bar + +And the template: + + {{- $envAll := . }} + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: application-etc + data: + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.some.config_to_render "key" "config_to_render.conf") | indent 2 }} + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.some.config_to_complete "key" "config_to_complete.yaml") | indent 2 }} + {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.some.static_config "key" "static_config.yaml") | indent 2 }} + +The rendered output will match: + + apiVersion: v1 + kind: ConfigMap + metadata: + name: application-etc + data: + config_to_render.conf: | + #We can use all of gotpl here: eg macros, ranges etc. + Listen 0.0.0.0:80 + + config_to_complete.yaml: | + 'RELEASE-NAME': 'default-namespace' + + static_config.yaml: | + foo: bar + +*/}} + +{{- define "helm-toolkit.snippets.values_template_renderer" -}} +{{- $envAll := index . "envAll" -}} +{{- $template := index . "template" -}} +{{- $key := index . "key" -}} +{{- with $envAll -}} +{{- $templateRendered := tpl ( $template | toYaml ) . }} +{{- if hasPrefix "|\n" $templateRendered }} +{{ $key }}: {{ $templateRendered }} +{{- else }} +{{ $key }}: | +{{ $templateRendered | indent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kibana/templates/configmap-bin.yaml b/kibana/templates/configmap-bin.yaml index eb53b820f..61cadcdba 100644 --- a/kibana/templates/configmap-bin.yaml +++ b/kibana/templates/configmap-bin.yaml @@ -26,6 +26,6 @@ data: {{ tuple "bin/_apache.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} kibana.sh: | {{ tuple "bin/_kibana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/kibana/templates/configmap-etc.yaml b/kibana/templates/configmap-etc.yaml index 5b9800b92..09cf679ce 100644 --- a/kibana/templates/configmap-etc.yaml +++ b/kibana/templates/configmap-etc.yaml @@ -22,10 +22,10 @@ kind: ConfigMap metadata: name: kibana-etc data: - httpd.conf: |+ + httpd.conf: | {{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - kibana-host.conf: |+ + kibana-host.conf: | {{- tuple .Values.conf.apache.host "etc/_kibana-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} - kibana.yml: |+ + kibana.yml: | {{ toYaml .Values.conf.kibana | indent 4 }} {{- end }} diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index c9eb05191..25cc722a7 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -17,15 +17,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} {{- $esUserSecret := .Values.secrets.elasticsearch.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.kibana .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.kibana -}} -{{- end -}} {{- $serviceAccountName := "kibana" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "kibana" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -48,7 +42,7 @@ spec: nodeSelector: {{ .Values.labels.kibana.node_selector_key }}: {{ .Values.labels.kibana.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "kibana" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: apache-proxy {{ tuple $envAll "apache_proxy" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -58,7 +52,7 @@ spec: - start ports: - name: http - containerPort: 80 + containerPort: {{ tuple "kibana" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: KIBANA_PORT value: {{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} @@ -97,7 +91,7 @@ spec: - start ports: - name: kibana - containerPort: {{ .Values.network.kibana.port }} + containerPort: {{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} env: - name: ELASTICSEARCH_URL value: {{ tuple "elasticsearch" "default" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} diff --git a/kibana/templates/ingress-kibana.yaml b/kibana/templates/ingress-kibana.yaml index 0454f73bf..66db94ce9 100644 --- a/kibana/templates/ingress-kibana.yaml +++ b/kibana/templates/ingress-kibana.yaml @@ -14,47 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress_kibana }} -{{- $envAll := . }} -{{- if .Values.network.kibana.ingress.public }} -{{- $backendServiceType := "kibana" }} -{{- $backendPort := "http" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.kibana.ingress.proxy_body_size }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.kibana.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "kibana" "backendServiceType" "kibana" "backendPort" "http" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/kibana/templates/job-image-repo-sync.yaml b/kibana/templates/job-image-repo-sync.yaml index b1e3adeb5..57c6f6b7a 100644 --- a/kibana/templates/job-image-repo-sync.yaml +++ b/kibana/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kibana-image-repo-sync" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/kibana/templates/service-ingress-kibana.yaml b/kibana/templates/service-ingress-kibana.yaml index 6c2fb838b..c78fc3a4f 100644 --- a/kibana/templates/service-ingress-kibana.yaml +++ b/kibana/templates/service-ingress-kibana.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress_kibana }} -{{- if .Values.network.kibana.ingress.public }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "kibana" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.kibana.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "kibana" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/kibana/templates/service.yaml b/kibana/templates/service.yaml index e2fd36cea..61ffab1e8 100644 --- a/kibana/templates/service.yaml +++ b/kibana/templates/service.yaml @@ -23,7 +23,7 @@ metadata: spec: ports: - name: http - port: 80 + port: {{ tuple "kibana" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.kibana.node_port.enabled }} nodePort: {{ .Values.network.kibana.node_port.port }} {{ end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index dd534f4a1..c6e4cbd9a 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -16,12 +16,15 @@ labels: kibana: node_selector_key: openstack-control-plane node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: apache_proxy: docker.io/httpd:2.4 - kibana: docker.elastic.co/kibana/kibana:6.2.2 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + kibana: docker.io/kibana:5.6.4 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -169,12 +172,18 @@ endpoints: port: kibana: default: 5601 + http: + default: 80 network: kibana: ingress: public: true - proxy_body_size: 1024M + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30905 @@ -184,9 +193,9 @@ manifests: configmap_bin: true configmap_etc: true deployment: true - ingress_kibana: true + ingress: true job_image_repo_sync: true secret_elasticsearch: true secret_admin: true service: true - service_ingress_kibana: true + service_ingress: true diff --git a/kube-dns/templates/configmap-bin.yaml b/kube-dns/templates/configmap-bin.yaml index 961d54d8a..d7d5f6aad 100644 --- a/kube-dns/templates/configmap-bin.yaml +++ b/kube-dns/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: kube-dns-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index b3d7c218e..d702a64c5 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -16,12 +16,6 @@ limitations under the License. {{- if .Values.manifests.deployment_kube_dns }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.kube_dns .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.kube_dns -}} -{{- end -}} --- apiVersion: extensions/v1beta1 kind: Deployment diff --git a/kube-dns/templates/job-image-repo-sync.yaml b/kube-dns/templates/job-image-repo-sync.yaml index 27a40e6a0..81078c9c1 100644 --- a/kube-dns/templates/job-image-repo-sync.yaml +++ b/kube-dns/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kube-dns-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/kube-dns/values.yaml b/kube-dns/values.yaml index c365a769d..fff1ad953 100644 --- a/kube-dns/values.yaml +++ b/kube-dns/values.yaml @@ -15,15 +15,16 @@ # https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled images: tags: kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml new file mode 100644 index 000000000..194bdda23 --- /dev/null +++ b/nagios/Chart.yaml @@ -0,0 +1,22 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +description: OpenStack-Helm Nagios +name: nagios +version: 0.1.0 +home: https://www.nagios.org +sources: + - https://git.openstack.org/cgit/openstack/openstack-helm-addons +maintainers: + - name: OpenStack-Helm Authors diff --git a/nagios/requirements.yaml b/nagios/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/nagios/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/nagios/templates/_helpers.tpl b/nagios/templates/_helpers.tpl new file mode 100644 index 000000000..c689b0bbe --- /dev/null +++ b/nagios/templates/_helpers.tpl @@ -0,0 +1,41 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function defines commands, hosts, hostgroups, and services for nagios by +# consuming yaml trees to define the fields for these objects + +{{- define "nagios.object_definition" -}} +{{- $type := index . 0 }} +{{- $objects := index . 1 }} +{{- range $object := $objects }} +{{ range $config := $object }} +define {{ $type }} { +{{- range $key, $value := $config}} + {{ $key }} {{ $value }} +{{- end }} +} +{{end -}} +{{- end -}} +{{- end -}} + +{{- define "nagios.to_nagios_conf" -}} +{{- range $key, $value := . -}} +{{ if eq $key "cfg_file" }} +{{ range $file := $value -}} +{{ $key }}={{ $file }} +{{ end }} +{{- else }} +{{ $key }}={{ $value }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/nagios/templates/configmap-bin.yaml b/nagios/templates/configmap-bin.yaml new file mode 100644 index 000000000..5761d1a8d --- /dev/null +++ b/nagios/templates/configmap-bin.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nagios-bin +data: + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/nagios/templates/configmap-etc.yaml b/nagios/templates/configmap-etc.yaml new file mode 100644 index 000000000..75c9fa1f9 --- /dev/null +++ b/nagios/templates/configmap-etc.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nagios-etc +data: + nagios.cfg: |+ +{{ include "nagios.to_nagios_conf" .Values.conf.nagios.config | indent 4 }} + nagios_objects.cfg: |+ +{{- tuple "host" .Values.conf.nagios.hosts | include "nagios.object_definition" | indent 4 }} +{{- tuple "hostgroup" .Values.conf.nagios.host_groups | include "nagios.object_definition" | indent 4 }} +{{- tuple "command" .Values.conf.nagios.commands | include "nagios.object_definition" | indent 4 }} +{{- tuple "service" .Values.conf.nagios.services | include "nagios.object_definition" | indent 4 }} +{{- end }} diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml new file mode 100644 index 000000000..3a68572ae --- /dev/null +++ b/nagios/templates/deployment.yaml @@ -0,0 +1,102 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment }} +{{- $envAll := . }} + +{{- $serviceAccountName := "nagios" }} +{{ tuple $envAll "nagios" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $serviceAccountName }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nagios +spec: + replicas: {{ .Values.pod.replicas.nagios }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "nagios" "monitoring" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.nagios.node_selector_key }}: {{ .Values.labels.nagios.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.nagios.timeout | default "30" }} + initContainers: +{{ tuple $envAll "nagios" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: nagios +{{ tuple $envAll "nagios" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.nagios | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: metrics + containerPort: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: + - name: PROMETHEUS_SERVICE + value: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + volumeMounts: + - name: nagios-etc + mountPath: /opt/nagios/etc/nagios.cfg + subPath: nagios.cfg + readOnly: true + - name: nagios-etc + mountPath: /opt/nagios/etc/nagios_objects.cfg + subPath: nagios_objects.cfg + readOnly: true + volumes: + - name: nagios-etc + configMap: + name: nagios-etc + defaultMode: 0444 +{{- end }} diff --git a/nagios/templates/etc/_nagios.cfg.tpl b/nagios/templates/etc/_nagios.cfg.tpl new file mode 100644 index 000000000..c51fb6d4c --- /dev/null +++ b/nagios/templates/etc/_nagios.cfg.tpl @@ -0,0 +1,3 @@ +# Nagios Configuration File + +{{ .Values.conf.nagios.cfg }} diff --git a/nagios/templates/ingress-nagios.yaml b/nagios/templates/ingress-nagios.yaml new file mode 100644 index 000000000..89b6c1ba2 --- /dev/null +++ b/nagios/templates/ingress-nagios.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress .Values.network.nagios.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "nagios" "backendServiceType" "nagios" "backendPort" "metrics" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/nagios/templates/job-image-repo-sync.yaml b/nagios/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..61087759e --- /dev/null +++ b/nagios/templates/job-image-repo-sync.yaml @@ -0,0 +1,68 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} + +{{- $serviceAccountName := "nagios-image-repo-sync" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: nagios-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "nagios" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: nagios-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: nagios-bin + configMap: + name: nagios-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} diff --git a/nagios/templates/service-ingress-nagios.yaml b/nagios/templates/service-ingress-nagios.yaml new file mode 100644 index 000000000..c0b52cf17 --- /dev/null +++ b/nagios/templates/service-ingress-nagios.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress .Values.network.nagios.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "nagios" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/nagios/templates/service.yaml b/nagios/templates/service.yaml new file mode 100644 index 000000000..e878871fe --- /dev/null +++ b/nagios/templates/service.yaml @@ -0,0 +1,36 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "nagios" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: metrics + port: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ if .Values.network.nagios.node_port.enabled }} + nodePort: {{ .Values.network.nagios.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "nagios" "monitoring" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.nagios.node_port.enabled }} + type: NodePort + {{ end }} +{{- end }} diff --git a/nagios/values.yaml b/nagios/values.yaml new file mode 100644 index 000000000..458b0160e --- /dev/null +++ b/nagios/values.yaml @@ -0,0 +1,293 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for nagios. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +images: + tags: + nagios: docker.io/srwilkers/prometheus-nagios:v0.1.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +labels: + nagios: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +dependencies: + dynamic: + common: + jobs: + - nagios-image-repo-sync + services: + - service: local_image_registry + endpoint: node + static: + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + nagios: + services: null + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + monitoring: + name: prometheus + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + api: + default: 9090 + public: 80 + nagios: + name: nagios + namespace: null + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + nagios: + default: 25 + +network: + nagios: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + node_port: + enabled: false + port: 30925 + +pod: + lifecycle: + upgrades: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + termination_grace_period: + nagios: + timeout: 30 + replicas: + nagios: 3 + resources: + enabled: false + nagios: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "100m" + jobs: + image_repo_sync: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "100m" + +manifests: + configmap_bin: true + configmap_etc: true + deployment: true + ingress: true + job_image_repo_sync: true + service: true + service_ingress: true + +conf: + nagios: + hosts: + - prometheus: + use: linux-server + host_name: prometheus + alias: "Prometheus Monitoring" + address: $PROMETHEUS_SERVICE + hostgroups: monitoring + host_groups: + - monitoring: + hostgroup_name: monitoring + alias: "Monitoring Instances" + members: prometheus + commands: + - check_prometheus: + command_name: check_prometheus + command_line: "$USER1$/check_prometheus_metric.sh -H $HOSTADDRESS$ -q '$ARG1$' -w $ARG2$ -c $ARG3$ -n $ARG4$ -m $ARG5$" + - check_prometheus_nan_ok: + command_name: check_prometheus_nan_ok + command_line: "$USER1$/check_prometheus_metric.sh -H $HOSTADDRESS$ -q '$ARG1$' -w $ARG2$ -c $ARG3$ -n $ARG4$ -m $ARG5$ -O" + - check_prometheus_extra_info: + command_name: check_prometheus_extra_info + command_line: "$USER1$/check_prometheus_metric.sh -H $HOSTADDRESS$ -q '$ARG1$' -w $ARG2$ -c $ARG3$ -n $ARG4$ -m $ARG5$ -i -t vector" + services: + - check_prometheus_replicas: + use: generic-service + host_name: prometheus + service_description: "Check Prometheus replicas" + check_command: check_prometheus_extra_info!kube_statefulset_status_replicas{namespace="openstack",statefulset="prometheus"}!3!2!prometheus_replicas!lt + check_interval: 1 + - check_alertmanager_replicas: + use: generic-service + host_name: prometheus + service_description: "Check Alertmanager replicas" + check_command: check_prometheus_extra_info!kube_statefulset_status_replicas{namespace="openstack",statefulset="alertmanager"}!3!2!alertmanager_replicas!lt + check_interval: 1 + config: + log_file: /opt/nagios/var/nagios.log + cfg_file: + - /opt/nagios/etc/nagios_objects.cfg + - /opt/nagios/etc/objects/commands.cfg + - /opt/nagios/etc/objects/contacts.cfg + - /opt/nagios/etc/objects/timeperiods.cfg + - /opt/nagios/etc/objects/templates.cfg + object_cache_file: /opt/nagios/var/objects.cache + precached_object_file: /opt/nagios/var/objects.precache + resource_file: /opt/nagios/etc/resource.cfg + status_file: /opt/nagios/var/status.dat + status_update_interval: 10 + nagios_user: nagios + nagios_group: nagios + check_external_commands: 1 + command_file: /opt/nagios/var/rw/nagios.cmd + lock_file: /opt/nagios/var/nagios.lock + temp_file: /opt/nagios/var/nagios.tmp + temp_path: /tmp + event_broker_options: -1 + log_rotation_method: d + log_archive_path: /opt/nagios/var/archives + use_syslog: 1 + log_service_retries: 1 + log_host_retries: 1 + log_event_handlers: 1 + log_initial_states: 0 + log_current_states: 1 + log_external_commands: 1 + log_passive_checks: 1 + service_inter_check_delay_method: s + max_service_check_spread: 30 + service_interleave_factor: s + host_inter_check_delay_method: s + max_host_check_spread: 30 + max_concurrent_checks: 0 + check_result_reaper_frequency: 10 + max_check_result_reaper_time: 30 + check_result_path: /opt/nagios/var/spool/checkresults + max_check_result_file_age: 3600 + cached_host_check_horizon: 15 + cached_service_check_horizon: 15 + enable_predictive_host_dependency_checks: 1 + enable_predictive_service_dependency_checks: 1 + soft_state_dependencies: 0 + auto_reschedule_checks: 0 + auto_rescheduling_interval: 30 + auto_rescheduling_window: 180 + service_check_timeout: 60 + host_check_timeout: 30 + event_handler_timeout: 30 + notification_timeout: 30 + ocsp_timeout: 5 + perfdata_timeout: 5 + retain_state_information: 1 + state_retention_file: /opt/nagios/var/retention.dat + retention_update_interval: 60 + use_retained_program_state: 1 + use_retained_scheduling_info: 1 + retained_host_attribute_mask: 0 + retained_service_attribute_mask: 0 + retained_process_host_attribute_mask: 0 + retained_process_service_attribute_mask: 0 + retained_contact_host_attribute_mask: 0 + retained_contact_service_attribute_mask: 0 + interval_length: 60 + check_for_updates: 1 + bare_update_check: 0 + use_aggressive_host_checking: 0 + execute_service_checks: 1 + accept_passive_service_checks: 1 + execute_host_checks: 1 + accept_passive_host_checks: 1 + enable_notifications: 1 + enable_event_handlers: 1 + process_performance_data: 0 + obsess_over_services: 0 + obsess_over_hosts: 0 + translate_passive_host_checks: 0 + passive_host_checks_are_soft: 0 + check_for_orphaned_services: 1 + check_for_orphaned_hosts: 1 + check_service_freshness: 1 + service_freshness_check_interval: 60 + check_host_freshness: 0 + host_freshness_check_interval: 60 + additional_freshness_latency: 15 + enable_flap_detection: 1 + low_service_flap_threshold: 5.0 + high_service_flap_threshold: 20.0 + low_host_flap_threshold: 5.0 + high_host_flap_threshold: 20.0 + date_format: us + use_regexp_matching: 0 + use_true_regexp_matching: 0 + daemon_dumps_core: 0 + use_large_installation_tweaks: 0 + enable_environment_macros: 0 + debug_level: 0 + debug_verbosity: 1 + debug_file: /opt/nagios/var/nagios.debug + max_debug_file_size: 1000000 + allow_empty_hostgroup_assignment: 0 diff --git a/nfs-provisioner/templates/configmap-bin.yaml b/nfs-provisioner/templates/configmap-bin.yaml index 37e65dcfc..351993b2e 100644 --- a/nfs-provisioner/templates/configmap-bin.yaml +++ b/nfs-provisioner/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: nfs-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/nfs-provisioner/templates/deployment.yaml b/nfs-provisioner/templates/deployment.yaml index 428727f8b..a642d589d 100644 --- a/nfs-provisioner/templates/deployment.yaml +++ b/nfs-provisioner/templates/deployment.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.nfs .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.nfs -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "nfs-provisioner"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "nfs" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -114,9 +108,9 @@ spec: affinity: {{ tuple $envAll "nfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.nfs.node_selector_key }}: {{ .Values.labels.nfs.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "nfs" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: nfs-provisioner {{ tuple $envAll "nfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/nfs-provisioner/templates/job-image-repo-sync.yaml b/nfs-provisioner/templates/job-image-repo-sync.yaml index 6d3b1b7c3..f409b89ff 100644 --- a/nfs-provisioner/templates/job-image-repo-sync.yaml +++ b/nfs-provisioner/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "nfs-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/nfs-provisioner/values.yaml b/nfs-provisioner/values.yaml index e3b988226..b05819fff 100644 --- a/nfs-provisioner/values.yaml +++ b/nfs-provisioner/values.yaml @@ -47,7 +47,7 @@ pod: images: tags: nfs_provisioner: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.8 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -69,8 +69,12 @@ storage: size: 10Gi labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + nfs: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled storageclass: #NOTE(portdirect): Unless explicity set the provisioner name will be generated diff --git a/playbooks/osh-infra-build.retry b/playbooks/osh-infra-build.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-build.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-build.yaml b/playbooks/osh-infra-build.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-build.yaml rename to playbooks/osh-infra-build.yaml diff --git a/tools/gate/playbooks/osh-infra-collect-logs.yaml b/playbooks/osh-infra-collect-logs.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-collect-logs.yaml rename to playbooks/osh-infra-collect-logs.yaml diff --git a/playbooks/osh-infra-deploy-charts.retry b/playbooks/osh-infra-deploy-charts.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-deploy-charts.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-deploy-charts.yaml b/playbooks/osh-infra-deploy-charts.yaml similarity index 95% rename from tools/gate/playbooks/osh-infra-deploy-charts.yaml rename to playbooks/osh-infra-deploy-charts.yaml index b991e9e46..6e0303cd4 100644 --- a/tools/gate/playbooks/osh-infra-deploy-charts.yaml +++ b/playbooks/osh-infra-deploy-charts.yaml @@ -26,7 +26,7 @@ - hosts: primary vars_files: - vars.yaml - - ../chart-deploys/default.yaml + - ../tools/gate/chart-deploys/default.yaml vars: work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}" logs_dir: "/tmp/logs" diff --git a/tools/gate/playbooks/osh-infra-deploy-docker.yaml b/playbooks/osh-infra-deploy-docker.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-deploy-docker.yaml rename to playbooks/osh-infra-deploy-docker.yaml diff --git a/playbooks/osh-infra-deploy-k8s.retry b/playbooks/osh-infra-deploy-k8s.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-deploy-k8s.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-deploy-k8s.yaml b/playbooks/osh-infra-deploy-k8s.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-deploy-k8s.yaml rename to playbooks/osh-infra-deploy-k8s.yaml diff --git a/tools/gate/playbooks/osh-infra-docker.yaml b/playbooks/osh-infra-docker.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-docker.yaml rename to playbooks/osh-infra-docker.yaml diff --git a/tools/gate/playbooks/osh-infra-pull-images.yaml b/playbooks/osh-infra-pull-images.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-pull-images.yaml rename to playbooks/osh-infra-pull-images.yaml diff --git a/tools/gate/playbooks/osh-infra-upgrade-host.yaml b/playbooks/osh-infra-upgrade-host.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-upgrade-host.yaml rename to playbooks/osh-infra-upgrade-host.yaml diff --git a/playbooks/roles b/playbooks/roles new file mode 120000 index 000000000..d8c4472ca --- /dev/null +++ b/playbooks/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/tools/gate/playbooks/vars.yaml b/playbooks/vars.yaml similarity index 96% rename from tools/gate/playbooks/vars.yaml rename to playbooks/vars.yaml index 43ff187bb..184c1d8f9 100644 --- a/tools/gate/playbooks/vars.yaml +++ b/playbooks/vars.yaml @@ -17,6 +17,11 @@ version: helm: v2.7.2 cni: v0.6.0 +proxy: + http: null + https: null + noproxy: null + docker: insecure_registries: [] diff --git a/tools/gate/playbooks/zuul-linter.yaml b/playbooks/zuul-linter.yaml similarity index 100% rename from tools/gate/playbooks/zuul-linter.yaml rename to playbooks/zuul-linter.yaml diff --git a/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl b/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl index a6e08849d..26f6a9183 100644 --- a/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl +++ b/prometheus-alertmanager/templates/bin/_alertmanager.sh.tpl @@ -31,7 +31,7 @@ function generate_peers () { final_pod_suffix=$(( {{ .Values.pod.replicas.alertmanager }}-1 )) for pod_suffix in `seq 0 "$final_pod_suffix"` do - echo -mesh.peer={{ .Release.Name }}-$pod_suffix.$DISCOVERY_SVC:6783 + echo -mesh.peer={{ .Release.Name }}-$pod_suffix.$DISCOVERY_SVC:$MESH_PORT done } diff --git a/prometheus-alertmanager/templates/configmap-bin.yaml b/prometheus-alertmanager/templates/configmap-bin.yaml index 5ccd918c7..e60b2977f 100644 --- a/prometheus-alertmanager/templates/configmap-bin.yaml +++ b/prometheus-alertmanager/templates/configmap-bin.yaml @@ -24,6 +24,6 @@ metadata: data: alertmanager.sh: | {{ tuple "bin/_alertmanager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus-alertmanager/templates/configmap-etc.yaml b/prometheus-alertmanager/templates/configmap-etc.yaml index 177b0fb91..00517a079 100644 --- a/prometheus-alertmanager/templates/configmap-etc.yaml +++ b/prometheus-alertmanager/templates/configmap-etc.yaml @@ -22,8 +22,8 @@ kind: ConfigMap metadata: name: alertmanager-etc data: - alertmanager.yml: |+ + alertmanager.yml: | {{ toYaml .Values.conf.alertmanager | indent 4 }} - alert-templates.tmpl: |+ + alert-templates.tmpl: | {{ toYaml .Values.conf.alert_templates | indent 4 }} {{- end }} diff --git a/prometheus-alertmanager/templates/ingress-alertmanager.yaml b/prometheus-alertmanager/templates/ingress-alertmanager.yaml index 490aa780c..41ca10f34 100644 --- a/prometheus-alertmanager/templates/ingress-alertmanager.yaml +++ b/prometheus-alertmanager/templates/ingress-alertmanager.yaml @@ -14,47 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress }} -{{- $envAll := . }} -{{- if .Values.network.alertmanager.ingress.public }} -{{- $backendServiceType := "alerts" }} -{{- $backendPort := "alerts-api" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.alertmanager.ingress.proxy_body_size }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.alertmanager.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "alertmanager" "backendServiceType" "alerts" "backendPort" "alerts-api" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/prometheus-alertmanager/templates/job-image-repo-sync.yaml b/prometheus-alertmanager/templates/job-image-repo-sync.yaml index ab9c87021..25ced0bd6 100644 --- a/prometheus-alertmanager/templates/job-image-repo-sync.yaml +++ b/prometheus-alertmanager/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "alertmanager-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-alertmanager/templates/service-discovery.yaml b/prometheus-alertmanager/templates/service-discovery.yaml index ba82edf58..9485f3666 100644 --- a/prometheus-alertmanager/templates/service-discovery.yaml +++ b/prometheus-alertmanager/templates/service-discovery.yaml @@ -26,7 +26,7 @@ spec: clusterIP: None ports: - name: peer-mesh - port: {{ .Values.network.alertmanager.mesh_port }} + port: {{ tuple "alerts" "internal" "mesh" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "alertmanager" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml b/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml index 826f0e5f0..809cf5aeb 100644 --- a/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml +++ b/prometheus-alertmanager/templates/service-ingress-alertmanager.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress }} -{{- $envAll := . }} -{{- if .Values.network.alertmanager.ingress.public }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "alerts" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.alertmanager.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "alerts" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/prometheus-alertmanager/templates/service.yaml b/prometheus-alertmanager/templates/service.yaml index fb17dfca3..9667ac26e 100644 --- a/prometheus-alertmanager/templates/service.yaml +++ b/prometheus-alertmanager/templates/service.yaml @@ -27,7 +27,7 @@ spec: {{ if .Values.network.alertmanager.node_port.enabled }} nodePort: {{ .Values.network.alertmanager.node_port.port }} {{ end }} - port: {{ .Values.network.alertmanager.port }} + port: {{ tuple "alerts" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "alertmanager" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ if .Values.network.alertmanager.node_port.enabled }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index 0cb683180..39d198a88 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -16,18 +16,12 @@ limitations under the License. {{- if .Values.manifests.statefulset }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.alertmanager .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.alertmanager -}} -{{- end -}} {{- $mounts_alertmanager := .Values.pod.mounts.alertmanager.alertmanager }} {{- $mounts_alertmanager_init := .Values.pod.mounts.alertmanager.init_container }} {{- $serviceAccountName := "alertmanager"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "alertmanager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: StatefulSet @@ -48,10 +42,10 @@ spec: affinity: {{ tuple $envAll "alertmanager" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.alertmanager.node_selector_key }}: {{ .Values.labels.alertmanager.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.alertmanager.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "alertmanager" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: alertmanager-perms {{ tuple $envAll "alertmanager" | include "helm-toolkit.snippets.image" | indent 10 }} securityContext: @@ -81,15 +75,17 @@ spec: env: - name: DISCOVERY_SVC value: {{ tuple "alerts" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + - name: MESH_PORT + value: {{ tuple "alerts" "internal" "mesh" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} ports: - name: alerts-api - containerPort: {{ .Values.network.alertmanager.port }} + containerPort: {{ tuple "alerts" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - name: peer-mesh - containerPort: {{ .Values.network.alertmanager.mesh_port }} + containerPort: {{ tuple "alerts" "internal" "mesh" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /#/status - port: {{ .Values.network.alertmanager.port }} + port: {{ tuple "alerts" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml index 2df5acca7..2806cc036 100644 --- a/prometheus-alertmanager/values.yaml +++ b/prometheus-alertmanager/values.yaml @@ -20,7 +20,7 @@ images: tags: alertmanager: docker.io/prom/alertmanager:v0.11.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -30,8 +30,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + alertmanager: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -129,12 +133,14 @@ network: alertmanager: ingress: public: true - proxy_body_size: 1024M + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30903 - port: 9093 - mesh_port: 6783 storage: enabled: true diff --git a/prometheus-kube-state-metrics/templates/configmap-bin.yaml b/prometheus-kube-state-metrics/templates/configmap-bin.yaml index c360c8f58..83217621d 100644 --- a/prometheus-kube-state-metrics/templates/configmap-bin.yaml +++ b/prometheus-kube-state-metrics/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: kube-metrics-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index 89b1a7de7..98d710b56 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.kube_state_metrics .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.kube_state_metrics -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "kube-state-metrics"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "kube_state_metrics" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole @@ -98,15 +92,15 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.kube_state_metrics.node_selector_key }}: {{ .Values.labels.kube_state_metrics.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.kube_state_metrics.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "kube_state_metrics" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: kube-state-metrics {{ tuple $envAll "kube_state_metrics" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.kube_state_metrics | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ports: - name: metrics - containerPort: {{ .Values.network.kube_state_metrics.port }} + containerPort: {{ tuple "kube_state_metrics" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- end }} diff --git a/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml b/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml index 06d296077..f9e463c8d 100644 --- a/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml +++ b/prometheus-kube-state-metrics/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kube-metrics-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-kube-state-metrics/templates/service-controller-manager.yaml b/prometheus-kube-state-metrics/templates/service-controller-manager.yaml index b9a08b9b2..65ee4d35e 100644 --- a/prometheus-kube-state-metrics/templates/service-controller-manager.yaml +++ b/prometheus-kube-state-metrics/templates/service-controller-manager.yaml @@ -35,7 +35,7 @@ spec: clusterIP: None ports: - name: http-metrics - port: 10252 - targetPort: 10252 + port: {{ tuple "kube_controller_manager" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "kube_controller_manager" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP {{- end }} diff --git a/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml b/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml index bfc16a204..7bb2e8981 100644 --- a/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml +++ b/prometheus-kube-state-metrics/templates/service-kube-state-metrics.yaml @@ -31,8 +31,8 @@ metadata: spec: ports: - name: http - port: {{ .Values.network.kube_state_metrics.port }} - targetPort: 8080 + port: {{ tuple "kube_state_metrics" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "kube_state_metrics" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} selector: {{ tuple $envAll "kube-state-metrics" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{- end }} diff --git a/prometheus-kube-state-metrics/templates/service-scheduler.yaml b/prometheus-kube-state-metrics/templates/service-scheduler.yaml index ef396a7e1..73b66ac79 100644 --- a/prometheus-kube-state-metrics/templates/service-scheduler.yaml +++ b/prometheus-kube-state-metrics/templates/service-scheduler.yaml @@ -35,7 +35,7 @@ spec: clusterIP: None ports: - name: http-metrics - port: 10251 - targetPort: 10251 + port: {{ tuple "kube_scheduler" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "kube_scheduler" "internal" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP {{- end }} diff --git a/prometheus-kube-state-metrics/values.yaml b/prometheus-kube-state-metrics/values.yaml index 22e07cfde..2448cfa78 100644 --- a/prometheus-kube-state-metrics/values.yaml +++ b/prometheus-kube-state-metrics/values.yaml @@ -19,7 +19,7 @@ images: tags: kube_state_metrics: quay.io/coreos/kube-state-metrics:v1.2.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -29,8 +29,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + kube_state_metrics: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -87,6 +91,8 @@ dependencies: services: - endpoint: internal service: local_image_registry + kube_state_metrics: + services: null endpoints: cluster_domain_suffix: cluster.local @@ -120,11 +126,17 @@ endpoints: default: 'http' path: default: /metrics + port: + metrics: + default: 10251 kube_controller_manager: scheme: default: 'http' path: default: /metrics + port: + metrics: + default: 10252 monitoring: prometheus: @@ -136,10 +148,6 @@ monitoring: kube_controller_manager: scrape: true -network: - kube_state_metrics: - port: 8080 - manifests: configmap_bin: true deployment: true diff --git a/prometheus-node-exporter/templates/configmap-bin.yaml b/prometheus-node-exporter/templates/configmap-bin.yaml index 9ffae3c66..1578a02fa 100644 --- a/prometheus-node-exporter/templates/configmap-bin.yaml +++ b/prometheus-node-exporter/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: node-exporter-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index b9658aacd..0c2b2af6e 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.node_exporter .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.node_exporter -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "node-exporter"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "node_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding @@ -54,14 +48,21 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.node_exporter.node_selector_key }}: {{ .Values.labels.node_exporter.node_selector_value }} hostNetwork: true hostPID: true initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "node_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: node-exporter {{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} + args: + - --collector.ntp + - --collector.ntp.server={{ .Values.conf.ntp_server_ip }} + - --collector.meminfo_numa + - --collector.bonding + - --collector.megacli + - --collector.mountstats ports: - name: metrics containerPort: {{ .Values.network.node_exporter.port }} diff --git a/prometheus-node-exporter/templates/job-image-repo-sync.yaml b/prometheus-node-exporter/templates/job-image-repo-sync.yaml index 7392f4bed..1f8813abd 100644 --- a/prometheus-node-exporter/templates/job-image-repo-sync.yaml +++ b/prometheus-node-exporter/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "node-exporter-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-node-exporter/values.yaml b/prometheus-node-exporter/values.yaml index a35df2226..436483297 100644 --- a/prometheus-node-exporter/values.yaml +++ b/prometheus-node-exporter/values.yaml @@ -19,7 +19,7 @@ images: tags: node_exporter: docker.io/prom/node-exporter:v0.15.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -29,8 +29,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + node_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -138,3 +142,6 @@ manifests: daemonset: true job_image_repo_sync: true service: true + +conf: + ntp_server_ip: 127.0.0.1 diff --git a/prometheus-openstack-exporter/templates/configmap-bin.yaml b/prometheus-openstack-exporter/templates/configmap-bin.yaml index 1df9ef260..01447fa88 100644 --- a/prometheus-openstack-exporter/templates/configmap-bin.yaml +++ b/prometheus-openstack-exporter/templates/configmap-bin.yaml @@ -22,9 +22,9 @@ kind: ConfigMap metadata: name: prometheus-openstack-exporter-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - ks-user.sh: |+ + ks-user.sh: | {{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} prometheus-openstack-exporter.sh: | {{ tuple "bin/_prometheus-openstack-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 4a0e57028..9f7576cd0 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -17,15 +17,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} {{- $ksUserSecret := .Values.secrets.identity.user }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.prometheus_openstack_exporter .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.prometheus_openstack_exporter -}} -{{- end -}} {{- $serviceAccountName := "prometheus-openstack-exporter" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus_openstack_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -41,10 +35,10 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.openstack_exporter.node_selector_key }}: {{ .Values.labels.openstack_exporter.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_openstack_exporter.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus_openstack_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: openstack-metrics-exporter {{ tuple $envAll "prometheus_openstack_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml b/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml index ab71d7b63..20cde3f1d 100644 --- a/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml +++ b/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml @@ -17,11 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "prometheus-openstack-exporter-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} - +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -36,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 937f98424..2528e0cb9 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -16,10 +16,9 @@ limitations under the License. {{- if .Values.manifests.job_ks_user }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.static.ks_user }} {{- $serviceAccountName := "prometheus-openstack-exporter-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "ks_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -34,9 +33,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: prometheus-openstack-exporter-ks-user {{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml index 0983b36e9..acfa49955 100644 --- a/prometheus-openstack-exporter/values.yaml +++ b/prometheus-openstack-exporter/values.yaml @@ -19,7 +19,7 @@ images: tags: prometheus_openstack_exporter: docker.io/rakeshpatnaik/prometheus-openstack-exporter:v0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 pull_policy: IfNotPresent @@ -30,8 +30,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + openstack_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: diff --git a/prometheus/templates/_helpers.tpl b/prometheus/templates/_helpers.tpl new file mode 100644 index 000000000..549762388 --- /dev/null +++ b/prometheus/templates/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function generates the command line flags passed to Prometheus at time of +# execution. This allows the Prometheus service configuration to be flexible, as +# the only way to define Prometheus's configuration is via command line flags. +# The yaml definition for these flags uses the full yaml path as the key, and +# replaces underscores with hyphens to match the syntax required for the flags +# generated (This is required due to Go's yaml parsing capabilities). +# For example: +# +# conf: +# prometheus: +# command_line_flags: +# storage.tsdb.max_block_duration: 2h +# +# Will generate the following flag: +# --storage.tsdb.max-block-duration=2h +# +# Prometheus's command flags can be found by either running 'prometheus -h' or +# 'prometheus --help-man' + +{{- define "prometheus.utils.command_line_flags" -}} +{{- range $flag, $value := . }} +{{- $flag := $flag | replace "_" "-" -}} +{{- if eq $flag "web.enable-admin-api" -}} +{{- if $value -}} +{{- printf "--%s" $flag }} +{{- end -}} +{{- else -}} +{{- $value := $value | toString }} +{{- printf "--%s=%s " $flag $value }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/prometheus/templates/bin/_prometheus.sh.tpl b/prometheus/templates/bin/_prometheus.sh.tpl index ad0d75c1e..bbdf28038 100644 --- a/prometheus/templates/bin/_prometheus.sh.tpl +++ b/prometheus/templates/bin/_prometheus.sh.tpl @@ -20,18 +20,8 @@ set -ex COMMAND="${@:-start}" function start () { - exec /bin/prometheus \ - --config.file=/etc/config/prometheus.yml \ - --log.level={{ .Values.conf.prometheus.log.level | quote }} \ - --query.max-concurrency={{ .Values.conf.prometheus.query.max_concurrency }} \ - --storage.tsdb.path={{ .Values.conf.prometheus.storage.tsdb.path }} \ - --storage.tsdb.retention={{ .Values.conf.prometheus.storage.tsdb.retention }} \ - --storage.tsdb.min-block-duration={{ .Values.conf.prometheus.storage.tsdb.min_block_duration }} \ - --storage.tsdb.max-block-duration={{ .Values.conf.prometheus.storage.tsdb.max_block_duration }} \ - {{ if .Values.conf.prometheus.web_admin_api.enabled }} - --web.enable-admin-api \ - {{ end }} - --query.timeout={{ .Values.conf.prometheus.query.timeout }} +{{ $flags := include "prometheus.utils.command_line_flags" .Values.conf.prometheus.command_line_flags }} + exec /bin/prometheus --config.file=/etc/config/prometheus.yml {{ $flags }} } function stop () { diff --git a/prometheus/templates/configmap-bin.yaml b/prometheus/templates/configmap-bin.yaml index 8aaf24e49..08b81e265 100644 --- a/prometheus/templates/configmap-bin.yaml +++ b/prometheus/templates/configmap-bin.yaml @@ -26,6 +26,6 @@ data: {{ tuple "bin/_prometheus.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} helm-tests.sh: | {{ tuple "bin/_helm-tests.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/prometheus/templates/configmap-etc.yaml b/prometheus/templates/configmap-etc.yaml index eaa0dee29..0f203faea 100644 --- a/prometheus/templates/configmap-etc.yaml +++ b/prometheus/templates/configmap-etc.yaml @@ -16,16 +16,28 @@ limitations under the License. {{- if .Values.manifests.configmap_etc }} {{- $envAll := . }} + +{{- if empty $envAll.Values.conf.prometheus.scrape_configs.rule_files -}} +{{- $_ := set $envAll.Values "__rule_files" ( list ) }} +{{- $rulesKeys := keys $envAll.Values.conf.prometheus.rules -}} +{{- range $rule := $rulesKeys }} +{{- $rulesFile := printf "/etc/config/rules/%s.rules" $rule }} +{{- $__rule_files := append $envAll.Values.__rule_files $rulesFile }} +{{- $_ := set $envAll.Values "__rule_files" $__rule_files }} +{{ end }} +{{- set .Values.conf.prometheus.scrape_configs "rule_files" $envAll.Values.__rule_files | quote | trunc 0 -}} +{{- end -}} + --- apiVersion: v1 kind: ConfigMap metadata: name: prometheus-etc data: - prometheus.yml: |+ + prometheus.yml: | {{ toYaml .Values.conf.prometheus.scrape_configs | indent 4 }} {{ range $key, $value := .Values.conf.prometheus.rules }} - {{ $key }}.rules: |+ + {{ $key }}.rules: | {{ toYaml $value | indent 4 }} {{ end }} {{- end }} diff --git a/prometheus/templates/ingress-prometheus.yaml b/prometheus/templates/ingress-prometheus.yaml index 6a62a94ec..ae2e9ad42 100644 --- a/prometheus/templates/ingress-prometheus.yaml +++ b/prometheus/templates/ingress-prometheus.yaml @@ -14,47 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress_prometheus }} -{{- $envAll := . }} -{{- if .Values.network.prometheus.ingress.public }} -{{- $backendServiceType := "monitoring" }} -{{- $backendPort := "prom-metrics" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.prometheus.ingress.proxy_body_size }} -spec: - rules: -{{ if ne $hostNameNamespaced $hostNameFull }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- else }} -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress .Values.network.prometheus.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendService" "prometheus" "backendServiceType" "monitoring" "backendPort" "prom-metrics" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/prometheus/templates/job-image-repo-sync.yaml b/prometheus/templates/job-image-repo-sync.yaml index b239dfb71..302501cd2 100644 --- a/prometheus/templates/job-image-repo-sync.yaml +++ b/prometheus/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "prometheus-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/prometheus/templates/service-ingress-prometheus.yaml b/prometheus/templates/service-ingress-prometheus.yaml index 62bc2511b..57781c64a 100644 --- a/prometheus/templates/service-ingress-prometheus.yaml +++ b/prometheus/templates/service-ingress-prometheus.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress_prometheus }} -{{- if .Values.network.prometheus.ingress.public }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "monitoring" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress .Values.network.prometheus.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "monitoring" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/prometheus/templates/service.yaml b/prometheus/templates/service.yaml index 34e2e6772..5789727ee 100644 --- a/prometheus/templates/service.yaml +++ b/prometheus/templates/service.yaml @@ -31,7 +31,7 @@ metadata: spec: ports: - name: prom-metrics - port: {{ .Values.network.prometheus.port }} + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{ if .Values.network.prometheus.node_port.enabled }} nodePort: {{ .Values.network.prometheus.node_port.port }} {{ end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index df3e8ef8b..6e697d3da 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -16,18 +16,12 @@ limitations under the License. {{- if .Values.manifests.statefulset_prometheus }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.prometheus .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.prometheus -}} -{{- end -}} {{- $mounts_prometheus := .Values.pod.mounts.prometheus.prometheus }} {{- $mounts_prometheus_init := .Values.pod.mounts.prometheus.init_container }} {{- $serviceAccountName := printf "%s-%s" .Release.Name "prometheus"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "prometheus" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole @@ -89,10 +83,10 @@ spec: affinity: {{ tuple $envAll "prometheus" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.prometheus.node_selector_key }}: {{ .Values.labels.prometheus.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus.timeout | default "30" }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "prometheus" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: prometheus-perms {{ tuple $envAll "prometheus" | include "helm-toolkit.snippets.image" | indent 10 }} securityContext: @@ -121,11 +115,11 @@ spec: {{ tuple $envAll $envAll.Values.pod.resources.prometheus | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ports: - name: prom-metrics - containerPort: {{ .Values.network.prometheus.port }} + containerPort: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} readinessProbe: httpGet: path: /status - port: {{ .Values.network.prometheus.port }} + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: diff --git a/prometheus/values.yaml b/prometheus/values.yaml index 86fbf458b..0e73d90f8 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -21,7 +21,7 @@ images: tags: prometheus: docker.io/prom/prometheus:v2.0.0 helm_tests: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -31,8 +31,12 @@ images: - image_repo_sync labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + prometheus: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled pod: affinity: @@ -156,11 +160,14 @@ network: prometheus: ingress: public: true - proxy_body_size: 1024M + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30900 - port: 9090 storage: enabled: true @@ -174,40 +181,30 @@ storage: manifests: configmap_bin: true configmap_etc: true - ingress_prometheus: true + ingress: true helm_tests: true job_image_repo_sync: true - service_ingress_prometheus: true + service_ingress: true service: true statefulset_prometheus: true conf: prometheus: - storage: - tsdb: - path: /var/lib/prometheus/data - retention: 7d - min_block_duration: 2h - max_block_duration: 6h - log: - format: logger:stdout?json=true - level: info - query: - max_concurrency: 20 - timeout: 2m - web_admin_api: - enabled: false + # Consumed by a prometheus helper function to generate the command line flags + # for configuring the prometheus service + command_line_flags: + log.level: info + query.max_concurrency: 20 + query.timeout: 2m + storage.tsdb.path: /var/lib/prometheus/data + storage.tsdb.retention: 7d + storage.tsdb.min_block_duration: 2h + storage.tsdb.max_block_duration: 2h + web.enable_admin_api: false scrape_configs: global: scrape_interval: 60s evaluation_interval: 60s - rule_files: - - /etc/config/rules/alertmanager.rules - - /etc/config/rules/etcd3.rules - - /etc/config/rules/kubernetes.rules - - /etc/config/rules/kube_apiserver.rules - - /etc/config/rules/kube_controller_manager.rules - - /etc/config/rules/kubelet.rules scrape_configs: - job_name: kubelet scheme: https diff --git a/redis/templates/configmap-bin.yaml b/redis/templates/configmap-bin.yaml index 50ee33613..76bb0a0ad 100644 --- a/redis/templates/configmap-bin.yaml +++ b/redis/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: redis-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/redis/templates/deployment.yaml b/redis/templates/deployment.yaml index 8066abf41..349912ce5 100644 --- a/redis/templates/deployment.yaml +++ b/redis/templates/deployment.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.redis .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.redis -}} -{{- end -}} {{- $serviceAccountName := "redis"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "redis" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: Deployment @@ -42,9 +36,9 @@ spec: affinity: {{ tuple $envAll "redis" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.redis.node_selector_key }}: {{ .Values.labels.redis.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "redis" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: redis {{ tuple $envAll "redis" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/redis/templates/job-image-repo-sync.yaml b/redis/templates/job-image-repo-sync.yaml index 282b24845..63fe5ed0b 100644 --- a/redis/templates/job-image-repo-sync.yaml +++ b/redis/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "redis-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/redis/values.yaml b/redis/values.yaml index 388edee75..081d0e72b 100644 --- a/redis/values.yaml +++ b/redis/values.yaml @@ -20,7 +20,7 @@ images: tags: redis: docker.io/redis:4.0.1 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: @@ -65,8 +65,12 @@ pod: cpu: "2000m" labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + redis: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled network: port: 6379 diff --git a/registry/templates/configmap-bin.yaml b/registry/templates/configmap-bin.yaml index 92a86a406..0f43eef89 100644 --- a/registry/templates/configmap-bin.yaml +++ b/registry/templates/configmap-bin.yaml @@ -22,10 +22,10 @@ kind: ConfigMap metadata: name: registry-bin data: - bootstrap.sh: |+ + bootstrap.sh: | {{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - registry.sh: |+ + registry.sh: | {{ tuple "bin/_registry.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - registry-proxy.sh: |+ + registry-proxy.sh: | {{ tuple "bin/_registry-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/registry/templates/configmap-etc.yaml b/registry/templates/configmap-etc.yaml index fe6ee325a..dc39a97cc 100644 --- a/registry/templates/configmap-etc.yaml +++ b/registry/templates/configmap-etc.yaml @@ -31,8 +31,8 @@ kind: ConfigMap metadata: name: registry-etc data: - config.yml: |+ + config.yml: | {{ toYaml .Values.conf.registry | indent 4 }} - default.conf: |+ + default.conf: | {{ tuple "etc/_default.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index 290b4f456..7c63e2d1f 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.daemonset_registry_proxy }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.registry_proxy .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.registry_proxy -}} -{{- end -}} {{- $serviceAccountName := "docker-registry-proxy"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "registry_proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: DaemonSet @@ -41,11 +35,11 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.registry.node_selector_key }}: {{ .Values.labels.registry.node_selector_value }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "registry_proxy" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: registry-proxy {{ tuple $envAll "registry_proxy" | include "helm-toolkit.snippets.image" | indent 8 }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 79dc540e3..f8d6dac3e 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment_registry }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.registry .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.registry -}} -{{- end -}} {{- $serviceAccountName := "docker-registry"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "registry" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: Deployment @@ -45,9 +39,9 @@ spec: affinity: {{ tuple $envAll "docker" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.registry.node_selector_key }}: {{ .Values.labels.registry.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "registry" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: registry {{ tuple $envAll "registry" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 01ba345e0..da5b9161c 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -17,15 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_bootstrap }} {{- $envAll := . }} {{- if .Values.bootstrap.enabled }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.bootstrap .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.bootstrap -}} -{{- end -}} {{- $serviceAccountName := "docker-bootstrap"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -40,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: docker-bootstrap {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/registry/values.yaml b/registry/values.yaml index 04423c182..0bbbe2d9a 100644 --- a/registry/values.yaml +++ b/registry/values.yaml @@ -18,8 +18,12 @@ # name: value labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + registry: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled release_group: null @@ -28,7 +32,7 @@ images: registry: docker.io/registry:2 registry_proxy: gcr.io/google_containers/kube-registry-proxy:0.4 bootstrap: docker.io/docker:17.07.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 pull_policy: "IfNotPresent" local_registry: active: false @@ -117,7 +121,7 @@ bootstrap: script: docker info preload_images: - - quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + - quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 dependencies: static: diff --git a/tools/gate/playbooks/build-helm-packages/tasks/main.yaml b/roles/build-helm-packages/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/build-helm-packages/tasks/main.yaml rename to roles/build-helm-packages/tasks/main.yaml diff --git a/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml b/roles/build-helm-packages/tasks/setup-helm-serve.yaml similarity index 100% rename from tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml rename to roles/build-helm-packages/tasks/setup-helm-serve.yaml diff --git a/tools/gate/playbooks/build-helm-packages/templates/helm-serve.service.j2 b/roles/build-helm-packages/templates/helm-serve.service.j2 similarity index 100% rename from tools/gate/playbooks/build-helm-packages/templates/helm-serve.service.j2 rename to roles/build-helm-packages/templates/helm-serve.service.j2 diff --git a/tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml b/roles/build-images/tasks/kubeadm-aio.yaml similarity index 69% rename from tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml rename to roles/build-images/tasks/kubeadm-aio.yaml index d56c54bca..ed3ed149b 100644 --- a/tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml +++ b/roles/build-images/tasks/kubeadm-aio.yaml @@ -35,7 +35,8 @@ # CNI_VERSION: "{{ version.cni }}" # HELM_VERSION: "{{ version.helm }}" # CHARTS: "calico,flannel,tiller,kube-dns" - - name: Kubeadm-AIO image build path + - name: Kubeadm-AIO image build path with proxy + when: proxy.http is defined and (proxy.http | trim != "") shell: |- set -e docker build \ @@ -47,7 +48,27 @@ --build-arg CNI_VERSION="{{ version.cni }}" \ --build-arg HELM_VERSION="{{ version.helm }}" \ --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ + --build-arg HTTP_PROXY="{{ proxy.http }}" \ + --build-arg HTTPS_PROXY="{{ proxy.https }}" \ + --build-arg NO_PROXY="{{ proxy.noproxy }}" \ . args: chdir: "{{ kubeadm_aio_path.stdout }}/" executable: /bin/bash + - name: Kubeadm-AIO image build path + when: proxy.http is undefined or (proxy.http | trim == "") + shell: |- + set -e + docker build \ + --network host \ + --force-rm \ + --tag "{{ images.kubernetes.kubeadm_aio }}" \ + --file tools/images/kubeadm-aio/Dockerfile \ + --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ + --build-arg CNI_VERSION="{{ version.cni }}" \ + --build-arg HELM_VERSION="{{ version.helm }}" \ + --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ + . + args: + chdir: "{{ kubeadm_aio_path.stdout }}/" + executable: /bin/bash \ No newline at end of file diff --git a/tools/gate/playbooks/build-images/tasks/main.yaml b/roles/build-images/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/build-images/tasks/main.yaml rename to roles/build-images/tasks/main.yaml diff --git a/tools/gate/playbooks/clean-host/tasks/main.yaml b/roles/clean-host/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/clean-host/tasks/main.yaml rename to roles/clean-host/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml similarity index 100% rename from tools/gate/playbooks/deploy-docker/tasks/deploy-ansible-docker-support.yaml rename to roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml diff --git a/tools/gate/playbooks/deploy-docker/tasks/main.yaml b/roles/deploy-docker/tasks/main.yaml similarity index 67% rename from tools/gate/playbooks/deploy-docker/tasks/main.yaml rename to roles/deploy-docker/tasks/main.yaml index f0d7e0cf5..48aa29be0 100644 --- a/tools/gate/playbooks/deploy-docker/tasks/main.yaml +++ b/roles/deploy-docker/tasks/main.yaml @@ -38,6 +38,32 @@ dest: /etc/systemd/system/docker.service mode: 0640 +# NOTE: (lamt) Setting up the proxy before installing docker +- name: ensure docker.service.d directory exists + when: proxy.http is defined and (proxy.http | trim != "") + file: + path: /etc/systemd/system/docker.service.d + state: directory + +- name: proxy | moving proxy systemd unit into place + when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") ) + template: + src: http-proxy.conf.j2 + dest: /etc/systemd/system/docker.service.d/http-proxy.conf + mode: 0640 + +- name: centos | add docker-ce repository + when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) + get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + +- name: fedora | add docker-ce repository + when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) + get_url: + url: https://download.docker.com/linux/fedora/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + - name: deploy docker packages when: need_docker | failed include_role: @@ -48,7 +74,7 @@ deb: - docker.io rpm: - - docker-latest + - docker-ce - name: if docker insecure registry is defined set_fact: diff --git a/tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 b/roles/deploy-docker/templates/centos-docker.service.j2 similarity index 64% rename from tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 rename to roles/deploy-docker/templates/centos-docker.service.j2 index dfac46188..ba9540e2d 100644 --- a/tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 +++ b/roles/deploy-docker/templates/centos-docker.service.j2 @@ -1,8 +1,8 @@ [Unit] Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=network.target -Wants=docker-latest-storage-setup.service +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target [Service] Type=notify @@ -10,13 +10,11 @@ NotifyAccess=all Environment=GOTRACEBACK=crash Environment=DOCKER_HTTP_HOST_COMPAT=1 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin -ExecStart=/usr/bin/dockerd-latest \ - --add-runtime docker-runc=/usr/libexec/docker/docker-runc-latest \ - --default-runtime=docker-runc \ +ExecStart=/usr/bin/dockerd \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ - -g /var/lib/docker \ - --storage-driver=overlay \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy \ + --data-root=/var/lib/docker \ + --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false ExecReload=/bin/kill -s HUP $MAINPID diff --git a/roles/deploy-docker/templates/daemon.json.j2 b/roles/deploy-docker/templates/daemon.json.j2 new file mode 100644 index 000000000..824f84849 --- /dev/null +++ b/roles/deploy-docker/templates/daemon.json.j2 @@ -0,0 +1,3 @@ +{ + "insecure-registries" : [{{ docker_insecure_registries }}] +} diff --git a/tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 b/roles/deploy-docker/templates/fedora-docker.service.j2 similarity index 55% rename from tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 rename to roles/deploy-docker/templates/fedora-docker.service.j2 index c6ba16b7d..e471b92f3 100644 --- a/tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 +++ b/roles/deploy-docker/templates/fedora-docker.service.j2 @@ -1,20 +1,19 @@ [Unit] Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=network.target docker-latest-containerd.service -Wants=docker-latest-storage-setup.service -Requires=docker-latest-containerd.service +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target [Service] Type=notify Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/dockerd-latest \ - --add-runtime oci=/usr/libexec/docker/docker-runc-latest \ - --default-runtime=oci \ - --containerd /run/containerd.sock \ +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ - -g /var/lib/docker \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy \ + --data-root=/var/lib/docker \ --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false diff --git a/roles/deploy-docker/templates/http-proxy.conf.j2 b/roles/deploy-docker/templates/http-proxy.conf.j2 new file mode 100644 index 000000000..90d8e1d53 --- /dev/null +++ b/roles/deploy-docker/templates/http-proxy.conf.j2 @@ -0,0 +1,4 @@ +[Service] +Environment="HTTP_PROXY={{ proxy.http }}" +Environment="HTTPS_PROXY={{ proxy.https }}" +Environment="NO_PROXY={{ proxy.noproxy }}" diff --git a/tools/gate/playbooks/deploy-docker/templates/ubuntu-docker.service.j2 b/roles/deploy-docker/templates/ubuntu-docker.service.j2 similarity index 100% rename from tools/gate/playbooks/deploy-docker/templates/ubuntu-docker.service.j2 rename to roles/deploy-docker/templates/ubuntu-docker.service.j2 diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml rename to roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml rename to roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml b/roles/deploy-helm-packages/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml rename to roles/deploy-helm-packages/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml b/roles/deploy-helm-packages/tasks/util-chart-group.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml rename to roles/deploy-helm-packages/tasks/util-chart-group.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml rename to roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-test.yaml b/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-test.yaml rename to roles/deploy-helm-packages/tasks/util-common-helm-test.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml rename to roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml similarity index 97% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml rename to roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml index 75338d2ba..afd5d371e 100644 --- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml +++ b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml @@ -16,7 +16,7 @@ vars: kubeadm_aio_action: clean-host block: - - name: "kubeadm-aio perfoming action: {{ kubeadm_aio_action }}" + - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}" become: true become_user: root docker_container: diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml rename to roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/main.yaml b/roles/deploy-kubeadm-aio-common/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/main.yaml rename to roles/deploy-kubeadm-aio-common/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml similarity index 97% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml rename to roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml index c184190ce..a634cd45f 100644 --- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml +++ b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml @@ -17,7 +17,7 @@ kubeadm_aio_action: null kubeadm_kubelet_labels: "" block: - - name: "perfoming {{ kubeadm_aio_action }} action" + - name: "performing {{ kubeadm_aio_action }} action" become: true become_user: root docker_container: diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-master/tasks/main.yaml b/roles/deploy-kubeadm-aio-master/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-master/tasks/main.yaml rename to roles/deploy-kubeadm-aio-master/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml b/roles/deploy-kubeadm-aio-node/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml rename to roles/deploy-kubeadm-aio-node/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml rename to roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml rename to roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml diff --git a/tools/gate/playbooks/deploy-package/tasks/dist.yaml b/roles/deploy-package/tasks/dist.yaml similarity index 100% rename from tools/gate/playbooks/deploy-package/tasks/dist.yaml rename to roles/deploy-package/tasks/dist.yaml diff --git a/tools/gate/playbooks/deploy-package/tasks/pip.yaml b/roles/deploy-package/tasks/pip.yaml similarity index 86% rename from tools/gate/playbooks/deploy-package/tasks/pip.yaml rename to roles/deploy-package/tasks/pip.yaml index f0c60206d..429bb50b3 100644 --- a/tools/gate/playbooks/deploy-package/tasks/pip.yaml +++ b/roles/deploy-package/tasks/pip.yaml @@ -15,6 +15,10 @@ - name: managing pip packages become: true become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" vars: state: present pip: diff --git a/tools/gate/playbooks/deploy-python-pip/tasks/main.yaml b/roles/deploy-python-pip/tasks/main.yaml similarity index 92% rename from tools/gate/playbooks/deploy-python-pip/tasks/main.yaml rename to roles/deploy-python-pip/tasks/main.yaml index 19cf5af98..a48868a54 100644 --- a/tools/gate/playbooks/deploy-python-pip/tasks/main.yaml +++ b/roles/deploy-python-pip/tasks/main.yaml @@ -39,6 +39,10 @@ - name: ensuring pip is the latest version become: true become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" pip: name: pip state: latest diff --git a/tools/gate/playbooks/deploy-python/tasks/main.yaml b/roles/deploy-python/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-python/tasks/main.yaml rename to roles/deploy-python/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-yq/tasks/main.yaml b/roles/deploy-yq/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-yq/tasks/main.yaml rename to roles/deploy-yq/tasks/main.yaml diff --git a/tools/gate/playbooks/describe-kubernetes-objects/tasks/main.yaml b/roles/describe-kubernetes-objects/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/describe-kubernetes-objects/tasks/main.yaml rename to roles/describe-kubernetes-objects/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-host-logs/tasks/main.yaml b/roles/gather-host-logs/tasks/main.yaml similarity index 95% rename from tools/gate/playbooks/gather-host-logs/tasks/main.yaml rename to roles/gather-host-logs/tasks/main.yaml index b4739b8e1..29f028e35 100644 --- a/tools/gate/playbooks/gather-host-logs/tasks/main.yaml +++ b/roles/gather-host-logs/tasks/main.yaml @@ -26,6 +26,7 @@ mount > {{ logs_dir }}/system/mount.txt docker images > {{ logs_dir }}/system/docker-images.txt brctl show > {{ logs_dir }}/system/brctl-show.txt + ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt args: executable: /bin/bash ignore_errors: True diff --git a/tools/gate/playbooks/gather-pod-logs/tasks/main.yaml b/roles/gather-pod-logs/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-pod-logs/tasks/main.yaml rename to roles/gather-pod-logs/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-prom-metrics/tasks/main.yaml b/roles/gather-prom-metrics/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-prom-metrics/tasks/main.yaml rename to roles/gather-prom-metrics/tasks/main.yaml diff --git a/tools/gate/playbooks/helm-release-status/tasks/main.yaml b/roles/helm-release-status/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/helm-release-status/tasks/main.yaml rename to roles/helm-release-status/tasks/main.yaml diff --git a/tools/gate/playbooks/pull-images/tasks/main.yaml b/roles/pull-images/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/pull-images/tasks/main.yaml rename to roles/pull-images/tasks/main.yaml diff --git a/tools/gate/playbooks/setup-firewall/tasks/main.yaml b/roles/setup-firewall/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/setup-firewall/tasks/main.yaml rename to roles/setup-firewall/tasks/main.yaml diff --git a/tools/gate/playbooks/upgrade-host/tasks/main.yaml b/roles/upgrade-host/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/upgrade-host/tasks/main.yaml rename to roles/upgrade-host/tasks/main.yaml diff --git a/tiller/templates/configmap-bin.yaml b/tiller/templates/configmap-bin.yaml index 540a978e9..2872fa982 100644 --- a/tiller/templates/configmap-bin.yaml +++ b/tiller/templates/configmap-bin.yaml @@ -22,6 +22,6 @@ kind: ConfigMap metadata: name: tiller-bin data: - image-repo-sync.sh: |+ + image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- end }} diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml index f6917394d..dc9b863f9 100644 --- a/tiller/templates/deployment-tiller.yaml +++ b/tiller/templates/deployment-tiller.yaml @@ -16,15 +16,9 @@ limitations under the License. {{- if .Values.manifests.deployment_tiller }} {{- $envAll := . }} -{{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" dict -}} -{{- $_ := include "helm-toolkit.utils.merge" (tuple .Values.pod_dependency .Values.dependencies.static.tiller .Values.dependencies.dynamic.common.local_image_registry) -}} -{{- else -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.tiller -}} -{{- end -}} {{- $serviceAccountName := printf "%s-%s" .Release.Name "tiller" }} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "tiller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -64,7 +58,7 @@ spec: name: tiller spec: initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "tiller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - env: - name: TILLER_NAMESPACE diff --git a/tiller/templates/job-image-repo-sync.yaml b/tiller/templates/job-image-repo-sync.yaml index 6f2400fa5..359a5d276 100644 --- a/tiller/templates/job-image-repo-sync.yaml +++ b/tiller/templates/job-image-repo-sync.yaml @@ -17,10 +17,9 @@ limitations under the License. {{- if .Values.manifests.job_image_repo_sync }} {{- $envAll := . }} {{- if .Values.images.local_registry.active -}} -{{- $_ := set .Values "pod_dependency" .Values.dependencies.static.image_repo_sync -}} {{- $serviceAccountName := "kube-dns-image-repo-sync"}} -{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "image_repo_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: image-repo-sync {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} diff --git a/tiller/values.yaml b/tiller/values.yaml index 8c577ee89..1203b3959 100644 --- a/tiller/values.yaml +++ b/tiller/values.yaml @@ -18,15 +18,16 @@ # name: value labels: - node_selector_key: openstack-control-plane - node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled release_group: null images: tags: tiller: gcr.io/kubernetes-helm/tiller:v2.7.2 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.0 image_repo_sync: docker.io/docker:17.07.0 pull_policy: IfNotPresent local_registry: diff --git a/tools/gate/chart-deploys/default.yaml b/tools/gate/chart-deploys/default.yaml index 75edaa183..3d6215da2 100644 --- a/tools/gate/chart-deploys/default.yaml +++ b/tools/gate/chart-deploys/default.yaml @@ -24,6 +24,7 @@ chart_groups: timeout: 600 charts: - prometheus + - nagios - prometheus_node_exporter - prometheus_kube_state_metrics - prometheus_alertmanager @@ -136,6 +137,16 @@ charts: ingress: public: false + nagios: + chart_name: nagios + release: nagios + namespace: openstack + values: + network: + nagios: + ingress: + public: false + prometheus_openstack_exporter: chart_name: prometheus-openstack-exporter release: prometheus-openstack-exporter diff --git a/tools/gate/devel/start.sh b/tools/gate/devel/start.sh index 9105b7c40..56a2a2340 100755 --- a/tools/gate/devel/start.sh +++ b/tools/gate/devel/start.sh @@ -94,7 +94,7 @@ function dump_logs () { trap 'dump_logs "$?"' ERR for PLAYBOOK in ${PLAYBOOKS}; do - ansible-playbook ${WORK_DIR}/tools/gate/playbooks/${PLAYBOOK}.yaml \ + ansible-playbook ${WORK_DIR}/playbooks/${PLAYBOOK}.yaml \ -i ${INVENTORY} \ --extra-vars=@${VARS} \ --extra-vars "work_dir=${WORK_DIR}" diff --git a/tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 b/tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 deleted file mode 100644 index 9e120371d..000000000 --- a/tools/gate/playbooks/deploy-docker/templates/daemon.json.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{ - "insecure-registries" : [{{ docker_insecure_registries }}] -} diff --git a/tools/images/kubeadm-aio/Dockerfile b/tools/images/kubeadm-aio/Dockerfile index df3d885a3..8f2caefe9 100644 --- a/tools/images/kubeadm-aio/Dockerfile +++ b/tools/images/kubeadm-aio/Dockerfile @@ -28,6 +28,18 @@ ENV HELM_VERSION ${HELM_VERSION} ARG CHARTS="calico,flannel,tiller,kube-dns" ENV CHARTS ${CHARTS} +ARG HTTP_PROXY="" +ENV HTTP_PROXY ${HTTP_PROXY} +ENV http_proxy ${HTTP_PROXY} + +ARG HTTPS_PROXY="" +ENV HTTPS_PROXY ${HTTPS_PROXY} +ENV https_proxy ${HTTPS_PROXY} + +ARG NO_PROXY="127.0.0.1,localhost,.svc.cluster.local" +ENV NO_PROXY ${NO_PROXY} +ENV no_proxy ${NO_PROXY} + ENV container="docker" \ DEBIAN_FRONTEND="noninteractive" \ CNI_BIN_DIR="/opt/cni/bin" diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml index 3e35cc774..c472ec29b 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml @@ -63,7 +63,7 @@ environment: KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - name: kubeadm | cni | calico - command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600 + command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set conf.node.IP_AUTODETECTION_METHOD="can-reach={% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --wait --timeout=600 environment: HELM_HOST: 'localhost:44134' - name: kubeadm | cni | calico diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 index 690a0a53d..1881eac1e 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 @@ -31,7 +31,6 @@ token: {{ kubeadm_bootstrap_token }} tokenTTL: 24h0m0s selfHosted: {{ k8s.selfHosted }} apiServerExtraArgs: - runtime-config: "batch/v2alpha1=true" service-node-port-range: "1024-65535" controllerManagerExtraArgs: address: "0.0.0.0" diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml index ff500c552..efaf2a87e 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml @@ -1,7 +1,9 @@ - - - name: "installing python {{ package }}" become: true become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" pip: name: "{{ package }}"