From 122dcef6295e1b62c113476737c29b8b031fbe85 Mon Sep 17 00:00:00 2001 From: "Lo, Chi (cl566n)" Date: Thu, 19 Aug 2021 08:38:05 -0700 Subject: [PATCH] Remove Kibana indices before pod start up The ps removes kibana indices from elasticsearch when a pod comes up. It also removes the source code in values.yaml for the flush job since it is not needed at this point. Change-Id: Icb0376fed4872308b26e608d5be0fbac504d802d --- kibana/Chart.yaml | 2 +- .../bin/_create_kibana_index_patterns.sh.tpl | 17 +++++++++++ kibana/templates/bin/_kibana.sh.tpl | 4 +++ .../job-register-kibana-indexes.yaml | 29 ++++++++++++++++++ kibana/values.yaml | 30 +------------------ releasenotes/notes/kibana.yaml | 1 + 6 files changed, 53 insertions(+), 30 deletions(-) diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml index 02e84a0e5..f6b3f1ecd 100644 --- a/kibana/Chart.yaml +++ b/kibana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.1.0 description: OpenStack-Helm Kibana name: kibana -version: 0.1.5 +version: 0.1.6 home: https://www.elastic.co/products/kibana sources: - https://github.com/elastic/kibana diff --git a/kibana/templates/bin/_create_kibana_index_patterns.sh.tpl b/kibana/templates/bin/_create_kibana_index_patterns.sh.tpl index 2520b939b..59c0616e9 100644 --- a/kibana/templates/bin/_create_kibana_index_patterns.sh.tpl +++ b/kibana/templates/bin/_create_kibana_index_patterns.sh.tpl @@ -14,6 +14,23 @@ limitations under the License. */}} set -ex +{{- if .Values.manifests.wait_for_kibana_pods_readiness }} +echo "Waiting for all Kibana pods to become Ready" +count=1 +# Wait up to 30 minutes for all Kibana pods to become Ready. This does not necessarily mean +# Kibana pods will take up to 30 minutes to come up. This script will wait up to 30 minutes +# instead of going into an infinite loop to wait. This timed out value should be reduced once +# Kibana startup is enhanced. +while [[ $(kubectl get pods -n {{ .Release.Namespace }} -l application=kibana,component=dashboard -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') =~ "False" ]]; do + sleep 30 + if [[ $count -eq 60 ]]; then + echo "Timed out waiting for all Kibana pods to become Ready, proceed to create index patterns." + break + fi + ((count++)) +done +{{- end }} + {{- range $objectType, $indices := .Values.conf.create_kibana_indexes.indexes }} {{- range $indices }} curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ diff --git a/kibana/templates/bin/_kibana.sh.tpl b/kibana/templates/bin/_kibana.sh.tpl index 1172813cf..90f7f8e3a 100644 --- a/kibana/templates/bin/_kibana.sh.tpl +++ b/kibana/templates/bin/_kibana.sh.tpl @@ -17,6 +17,10 @@ set -e COMMAND="${@:-start}" function start () { + + curl --cacert /etc/elasticsearch/certs/ca.crt -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ + -XDELETE "${ELASTICSEARCH_HOSTS}/.kibana*" + exec /usr/share/kibana/bin/kibana \ --elasticsearch.hosts="${ELASTICSEARCH_HOSTS}" \ --elasticsearch.username="${ELASTICSEARCH_USERNAME}" \ diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index ba13c4378..3597ae78a 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -22,6 +22,9 @@ apiVersion: batch/v1 kind: Job metadata: name: register-kibana-indexes + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation spec: template: metadata: @@ -81,4 +84,30 @@ spec: configMap: name: kibana-bin defaultMode: 0755 +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $serviceAccountName }} +rules: + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $envAll.Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $serviceAccountName }} + apiGroup: rbac.authorization.k8s.io {{- end }} diff --git a/kibana/values.yaml b/kibana/values.yaml index 779850943..2f9a47b1a 100644 --- a/kibana/values.yaml +++ b/kibana/values.yaml @@ -26,7 +26,6 @@ images: dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 image_repo_sync: docker.io/library/docker:17.07.0 register_kibana_indexes: docker.io/openstackhelm/heat:newton-ubuntu_xenial - flush_kibana_metadata: docker.io/openstackhelm/heat:newton-ubuntu_xenial pull_policy: IfNotPresent local_registry: active: false @@ -54,13 +53,6 @@ pod: register_kibana_indexes: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - flush_kibana_metadata: - pod: - runAsUser: 1000 - container: - flush_kibana_metadata: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true affinity: anti: type: @@ -110,13 +102,6 @@ pod: limits: memory: "1024Mi" cpu: "2000m" - flush_kibana_metadata: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" probes: kibana: kibana: @@ -160,26 +145,13 @@ dependencies: - endpoint: internal service: local_image_registry kibana: - jobs: - - flush-kibana-metadata services: - endpoint: internal service: elasticsearch register_kibana_indexes: - jobs: - - flush-kibana-metadata services: - endpoint: internal service: kibana - flush_kibana_metadata: - services: - - endpoint: internal - service: elasticsearch - -jobs: - flush_kibana_metadata: - backoffLimit: 6 - activeDeadlineSeconds: 600 conf: httpd: | @@ -424,5 +396,5 @@ manifests: service: true service_ingress: true job_register_kibana_indexes: true - job_flush_kibana_metadata: true + wait_for_kibana_pods_readiness: false ... diff --git a/releasenotes/notes/kibana.yaml b/releasenotes/notes/kibana.yaml index 0e4659aee..ec8310813 100644 --- a/releasenotes/notes/kibana.yaml +++ b/releasenotes/notes/kibana.yaml @@ -6,4 +6,5 @@ kibana: - 0.1.3 Enable TLS with Elasticsearch - 0.1.4 Enable TLS for Kibana ingress path - 0.1.5 Use full image ref for docker official images + - 0.1.6 Remove Kibana indices before pod start up ...