diff --git a/falco/Chart.yaml b/falco/Chart.yaml index d8bf526a5..17bb12012 100644 --- a/falco/Chart.yaml +++ b/falco/Chart.yaml @@ -13,7 +13,7 @@ --- apiVersion: v1 name: falco -version: 0.1.2 +version: 0.1.3 appVersion: 0.11.1 description: Sysdig Falco keywords: diff --git a/falco/values.yaml b/falco/values.yaml index 07c168d2f..2041fa385 100644 --- a/falco/values.yaml +++ b/falco/values.yaml @@ -969,8 +969,6 @@ conf: http_server_binaries, db_server_binaries, nosql_server_binaries, mail_binaries, fluentd, flanneld, splunkd, consul, smbd, runsv, PM2 ] - - macro: parent_java_running_zookeeper - condition: (proc.pname=java and proc.pcmdline contains org.apache.zookeeper.server) - macro: parent_java_running_kafka condition: (proc.pname=java and proc.pcmdline contains kafka.Kafka) - macro: parent_java_running_elasticsearch @@ -1006,7 +1004,6 @@ conf: - macro: protected_shell_spawner condition: > (proc.aname in (protected_shell_spawning_binaries) - or parent_java_running_zookeeper or parent_java_running_kafka or parent_java_running_elasticsearch or parent_java_running_activemq diff --git a/releasenotes/notes/falco.yaml b/releasenotes/notes/falco.yaml index ae6df6748..b99a3c68a 100644 --- a/releasenotes/notes/falco.yaml +++ b/releasenotes/notes/falco.yaml @@ -3,4 +3,5 @@ falco: - 0.1.0 Initial Chart - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.2 Update to container image repo k8s.gcr.io + - 0.1.3 Remove zookeeper residue ... diff --git a/tools/deployment/common/zookeeper.sh b/tools/deployment/common/zookeeper.sh deleted file mode 100755 index 46a0f2c9e..000000000 --- a/tools/deployment/common/zookeeper.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -set -xe - -#NOTE: Lint and package chart -make zookeeper - -#NOTE: Deploy command -helm upgrade --install zookeeper ./zookeeper \ - --namespace=osh-infra - -#NOTE: Wait for deploy -./tools/deployment/common/wait-for-pods.sh osh-infra - -#NOTE: Validate Deployment info -helm status zookeeper - -#NOTE: Sleep for 60 seconds to allow leader election to complete -sleep 60 - -#NOTE: Create arbitrary znode -ZOO_POD=$(kubectl -n osh-infra get pods -l='application=zookeeper,component=server' --output=jsonpath='{.items[0].metadata.name}') -kubectl exec $ZOO_POD -n osh-infra -- bash bin/zkCli.sh -server localhost:2181 create /OSHZnode “osh-infra_is_awesome” - -#NOTE: Sleep for 10 seconds to ensure replication across members -sleep 10 - -#NOTE: Query separate zookeeper instance for presence of znode -ZOO_POD=$(kubectl -n osh-infra get pods -l='application=zookeeper,component=server' --output=jsonpath='{.items[2].metadata.name}') -kubectl exec $ZOO_POD -n osh-infra -- bash bin/zkCli.sh -server localhost:2181 stat /OSHZnode diff --git a/tools/deployment/multinode/160-zookeeper.sh b/tools/deployment/multinode/160-zookeeper.sh deleted file mode 120000 index 69bcd4139..000000000 --- a/tools/deployment/multinode/160-zookeeper.sh +++ /dev/null @@ -1 +0,0 @@ -../common/zookeeper.sh \ No newline at end of file diff --git a/zookeeper/Chart.yaml b/zookeeper/Chart.yaml deleted file mode 100644 index 446da046f..000000000 --- a/zookeeper/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -apiVersion: v1 -appVersion: v3.5.5 -description: OpenStack-Helm Zookeeper -name: zookeeper -version: 0.1.1 -home: https://zookeeper.apache.org/ -sources: - - https://github.com/apache/zookeeper - - https://opendev.org/openstack/openstack-helm-infra -maintainers: - - name: OpenStack-Helm Authors -... diff --git a/zookeeper/requirements.yaml b/zookeeper/requirements.yaml deleted file mode 100644 index 19b0d6992..000000000 --- a/zookeeper/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -dependencies: - - name: helm-toolkit - repository: http://localhost:8879/charts - version: ">= 0.1.0" -... diff --git a/zookeeper/templates/bin/_generate-myid.sh.tpl b/zookeeper/templates/bin/_generate-myid.sh.tpl deleted file mode 100644 index 56a658390..000000000 --- a/zookeeper/templates/bin/_generate-myid.sh.tpl +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -HOST=$(hostname) -ID_FILE="$ZOO_DATA_DIR/myid" - -if [[ $HOST =~ (.*)-([0-9]+)$ ]]; then - NAME=${BASH_REMATCH[1]} - ORD=${BASH_REMATCH[2]} - MY_ID=$((ORD+1)) - echo $MY_ID > $ID_FILE -else - echo "Failed to extract ordinal from hostname $HOST" - exit 1 -fi diff --git a/zookeeper/templates/bin/_zookeeper-probe.sh.tpl b/zookeeper/templates/bin/_zookeeper-probe.sh.tpl deleted file mode 100644 index a2f5a3aa5..000000000 --- a/zookeeper/templates/bin/_zookeeper-probe.sh.tpl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -echo ruok | nc 127.0.0.1 ${ZOO_CLIENT_PORT} diff --git a/zookeeper/templates/bin/_zookeeper.sh.tpl b/zookeeper/templates/bin/_zookeeper.sh.tpl deleted file mode 100644 index 500b032fb..000000000 --- a/zookeeper/templates/bin/_zookeeper.sh.tpl +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -COMMAND="${@:-start}" - -function stop () { - kill -TERM 1 -} - -$COMMAND diff --git a/zookeeper/templates/configmap-bin.yaml b/zookeeper/templates/configmap-bin.yaml deleted file mode 100644 index cbe037fe7..000000000 --- a/zookeeper/templates/configmap-bin.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_bin }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: zookeeper-bin -data: - zookeeper.sh: | -{{ tuple "bin/_zookeeper.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - generate-myid.sh: | -{{ tuple "bin/_generate-myid.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - zookeeper-liveness.sh: | -{{ tuple "bin/_zookeeper-probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - zookeeper-readiness.sh: | -{{ tuple "bin/_zookeeper-probe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - image-repo-sync.sh: | -{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} -{{- end }} diff --git a/zookeeper/templates/configmap-etc.yaml b/zookeeper/templates/configmap-etc.yaml deleted file mode 100644 index c168ecbed..000000000 --- a/zookeeper/templates/configmap-etc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_etc }} -{{- $envAll := . }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: zookeeper-etc -type: Opaque -data: -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.zookeeper.template "key" "zoo.cfg" "format" "Secret") | indent 2 }} -{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.zookeeper.jaas.template "key" "jaas.conf" "format" "Secret") | indent 2 }} -{{- end }} diff --git a/zookeeper/templates/ingress-zookeeper.yaml b/zookeeper/templates/ingress-zookeeper.yaml deleted file mode 100644 index 62fe2dc96..000000000 --- a/zookeeper/templates/ingress-zookeeper.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.ingress .Values.network.zookeeper.ingress.public }} -{{- $ingressOpts := dict "envAll" . "backendService" "zookeeper" "backendServiceType" "zookeeper" "backendPort" "client" -}} -{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} -{{- end }} diff --git a/zookeeper/templates/job-image-repo-sync.yaml b/zookeeper/templates/job-image-repo-sync.yaml deleted file mode 100644 index 8f7dab44d..000000000 --- a/zookeeper/templates/job-image-repo-sync.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} -{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "zookeeper" -}} -{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} -{{- end }} diff --git a/zookeeper/templates/network_policy.yaml b/zookeeper/templates/network_policy.yaml deleted file mode 100644 index d8b0bf3d2..000000000 --- a/zookeeper/templates/network_policy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. */}} - -{{- if .Values.manifests.network_policy -}} -{{- $netpol_opts := dict "envAll" . "name" "application" "label" "zookeeper" -}} -{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} -{{- end -}} diff --git a/zookeeper/templates/secret-ingress-tls.yaml b/zookeeper/templates/secret-ingress-tls.yaml deleted file mode 100644 index 971c09c58..000000000 --- a/zookeeper/templates/secret-ingress-tls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_ingress_tls }} -{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "zookeeper" "backendService" "zookeeper" ) }} -{{- end }} diff --git a/zookeeper/templates/secret-zookeeper.yaml b/zookeeper/templates/secret-zookeeper.yaml deleted file mode 100644 index f233ca49b..000000000 --- a/zookeeper/templates/secret-zookeeper.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.secret_zookeeper }} -{{- $envAll := . }} -{{- $secretName := index $envAll.Values.secrets.zookeeper.admin }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} -type: Opaque -data: - ZOOKEEPER_ADMIN_USERNAME: {{ .Values.endpoints.zookeeper.auth.admin.username | b64enc }} - ZOOKEEPER_ADMIN_PASSWORD: {{ .Values.endpoints.zookeeper.auth.admin.password | b64enc }} -{{- end }} diff --git a/zookeeper/templates/service-discovery.yaml b/zookeeper/templates/service-discovery.yaml deleted file mode 100644 index 8bd4880dc..000000000 --- a/zookeeper/templates/service-discovery.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service_discovery }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "zookeeper" "discovery" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - labels: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - ports: - - name: client - targetPort: client - port: {{ tuple "zookeeper" "internal" "client" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: election - targetPort: election - port: {{ tuple "zookeeper" "internal" "election" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: server - targetPort: server - port: {{ tuple "zookeeper" "internal" "server" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - clusterIP: None - selector: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -{{- end }} diff --git a/zookeeper/templates/service-ingress-zookeeper.yaml b/zookeeper/templates/service-ingress-zookeeper.yaml deleted file mode 100644 index 1aa73452c..000000000 --- a/zookeeper/templates/service-ingress-zookeeper.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.service_ingress .Values.network.zookeeper.ingress.public }} -{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "zookeeper" -}} -{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} -{{- end }} diff --git a/zookeeper/templates/service.yaml b/zookeeper/templates/service.yaml deleted file mode 100644 index 5b46d1ea5..000000000 --- a/zookeeper/templates/service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.service }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "zookeeper" "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - labels: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - ports: - - name: client - port: {{ tuple "zookeeper" "internal" "client" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - {{ if .Values.network.zookeeper.node_port.enabled }} - nodePort: {{ .Values.network.zookeeper.node_port.port }} - {{ end }} -{{- if .Values.monitoring.prometheus.zookeeper.scrape }} - - name: zoo-exporter - port: {{ tuple "zookeeper" "internal" "zookeeper_exporter" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -{{- end }} -{{- if .Values.monitoring.prometheus.jmx.scrape }} - - name: jmx-exporter - port: {{ tuple "zookeeper" "internal" "jmx_exporter" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -{{- end }} - selector: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - {{ if .Values.network.zookeeper.node_port.enabled }} - type: NodePort - {{ end }} -{{- end }} diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml deleted file mode 100644 index 21a00cb96..000000000 --- a/zookeeper/templates/statefulset.yaml +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.statefulset }} -{{- $envAll := . }} - -{{- $mounts_zookeeper := .Values.pod.mounts.zookeeper.zookeeper }} -{{- $mounts_zookeeper_init := .Values.pod.mounts.zookeeper.init_container }} - -{{- $zookeeperUserSecret := .Values.secrets.zookeeper.admin }} - -{{- $serviceAccountName := printf "%s-%s" .Release.Name "zookeeper" }} -{{ tuple $envAll "zookeeper" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ $serviceAccountName }} -rules: - - apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - nonResourceURLs: - - "/metrics" - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ $serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ $serviceAccountName }} - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: zookeeper - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} - labels: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - serviceName: {{ tuple "zookeeper" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - replicas: {{ .Values.pod.replicas.zookeeper }} - podManagementPolicy: Parallel - selector: - matchLabels: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} - template: - metadata: - labels: -{{ tuple $envAll "zookeeper" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} - configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - spec: -{{ dict "envAll" $envAll "application" "zookeeper" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} - serviceAccountName: {{ $serviceAccountName }} - affinity: -{{ tuple $envAll "zookeeper" "zookeeper" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ .Values.labels.zookeeper.node_selector_key }}: {{ .Values.labels.zookeeper.node_selector_value | quote }} - terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.zookeeper.timeout | default "30" }} - initContainers: -{{ tuple $envAll "zookeeper" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - - name: zookeeper-perms -{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} - command: - - chown - - -R - - "zookeeper:" - - {{ .Values.conf.zookeeper.config.data_directory }} - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: data - mountPath: {{ .Values.conf.zookeeper.config.data_directory }} - - name: zookeeper-id -{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} - command: - - /tmp/generate-myid.sh - env: - - name: ZOO_DATA_DIR - value: "{{ .Values.conf.zookeeper.config.data_directory }}" - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: zookeeper-bin - mountPath: /tmp/generate-myid.sh - subPath: generate-myid.sh - readOnly: true - - name: data - mountPath: {{ .Values.conf.zookeeper.config.data_directory }} - containers: - - name: zookeeper -{{ tuple $envAll "zookeeper" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.zookeeper | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "zookeeper" "container" "zookeeper" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} - lifecycle: - preStop: - exec: - command: - - /tmp/zookeeper.sh - - stop - ports: - - name: client - containerPort: {{ tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: election - containerPort: {{ tuple "zookeeper" "internal" "election" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: server - containerPort: {{ tuple "zookeeper" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - env: - - name: ZOO_DATA_DIR - value: "{{ .Values.conf.zookeeper.config.data_directory }}" - - name: ZOO_CLIENT_PORT - value: "{{ tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" - - name: SERVER_JVMFLAGS - value: {{ include "helm-toolkit.utils.joinListWithSpace" .Values.conf.zookeeper.jvm_options | quote }} - readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 - exec: - command: - - /tmp/zookeeper-readiness.sh - livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 - exec: - command: - - /tmp/zookeeper-liveness.sh - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: etczookeeper - mountPath: /etc/zookeeper - - name: zookeeper-etc - mountPath: /conf/zoo.cfg - subPath: zoo.cfg - - name: zookeeper-etc - mountPath: /conf/jaas.conf - subPath: jaas.conf - - name: zookeeper-bin - mountPath: /tmp/zookeeper.sh - subPath: zookeeper.sh - readOnly: true - - name: zookeeper-bin - mountPath: /tmp/zookeeper-liveness.sh - subPath: zookeeper-liveness.sh - readOnly: true - - name: zookeeper-bin - mountPath: /tmp/zookeeper-readiness.sh - subPath: zookeeper-readiness.sh - readOnly: true - - name: data - mountPath: {{ .Values.conf.zookeeper.config.data_directory }} -{{ if $mounts_zookeeper.volumeMounts }}{{ toYaml $mounts_zookeeper.volumeMounts | indent 12 }}{{ end }} - volumes: - - name: pod-tmp - emptyDir: {} - - name: etczookeeper - emptyDir: {} - - name: zookeeper-etc - secret: - secretName: zookeeper-etc - defaultMode: 0444 - - name: zookeeper-bin - configMap: - name: zookeeper-bin - defaultMode: 0555 -{{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} -{{- if not .Values.storage.enabled }} - - name: data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: {{ .Values.storage.pvc.access_mode }} - resources: - requests: - storage: {{ .Values.storage.requests.storage }} - storageClassName: {{ .Values.storage.storage_class }} -{{- end }} -{{- end }} diff --git a/zookeeper/values.yaml b/zookeeper/values.yaml deleted file mode 100644 index d04ef5475..000000000 --- a/zookeeper/values.yaml +++ /dev/null @@ -1,271 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for zookeeper. -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into your templates. -# name: value - ---- -images: - tags: - zookeeper: docker.io/zookeeper:3.5.5 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: IfNotPresent - local_registry: - active: false - exclude: - - dep_check - - image_repo_sync - -labels: - zookeeper: - node_selector_key: openstack-control-plane - node_selector_value: enabled - job: - node_selector_key: openstack-control-plane - node_selector_value: enabled - -pod: - security_context: - zookeeper: - pod: - runAsUser: 1000 - fsGroup: 1000 - container: - zookeeper_perms: - runAsUser: 0 - fsGroup: 1000 - readOnlyRootFilesystem: false - zookeeper: - runAsUser: 1000 - fsGroup: 1000 - affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname - weight: - default: 10 - mounts: - zookeeper: - zookeeper: - init_container: null - replicas: - zookeeper: 3 - lifecycle: - upgrades: - statefulsets: - pod_replacement_strategy: RollingUpdate - termination_grace_period: - zookeeper: - timeout: 30 - resources: - enabled: false - zookeeper: - limits: - memory: "1024Mi" - cpu: "2000m" - requests: - memory: "128Mi" - cpu: "500m" - jobs: - image_repo_sync: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "2000m" - -endpoints: - cluster_domain_suffix: cluster.local - local_image_registry: - name: docker-registry - namespace: docker-registry - hosts: - default: localhost - internal: docker-registry - node: localhost - host_fqdn_override: - default: null - port: - registry: - node: 5000 - zookeeper: - name: zookeeper - namespace: null - auth: - admin: - username: admin - password: changeme - hosts: - default: zookeeper-int - discovery: zookeeper-discovery - public: zookeeper - host_fqdn_override: - default: null - # NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public - # endpoints using the following format: - # public: - # host: null - # tls: - # crt: null - # key: null - path: - default: null - scheme: - default: 'http' - port: - client: - default: 2181 - election: - default: 3888 - server: - default: 2888 - jmx_exporter: - default: 9404 - zookeeper_exporter: - default: 9141 - kafka: - auth: - admin: - username: admin - password: changeme - -dependencies: - dynamic: - common: - local_image_registry: - jobs: - - zookeeper-image-repo-sync - services: - - endpoint: node - service: local_image_registry - static: - image_repo_sync: - services: - - endpoint: internal - service: local_image_registry - zookeeper: - services: null - -monitoring: - prometheus: - enabled: true - zookeeper: - scrape: true - jmx: - scrape: true - -network: - zookeeper: - ingress: - public: true - classes: - namespace: "nginx" - cluster: "nginx-cluster" - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/affinity: cookie - nginx.ingress.kubernetes.io/session-cookie-name: kube-ingress-session-zookeeper - nginx.ingress.kubernetes.io/session-cookie-hash: sha1 - nginx.ingress.kubernetes.io/session-cookie-expires: "600" - nginx.ingress.kubernetes.io/session-cookie-max-age: "600" - node_port: - enabled: false - port: 30981 - -network_policy: - zookeeper: - ingress: - - {} - egress: - - {} - -secrets: - tls: - zookeeper: - zookeeper: - public: zookeeper-tls-public - zookeeper: - admin: zookeeper-admin-creds - -storage: - enabled: true - pvc: - name: zookeeper-pvc - access_mode: ["ReadWriteOnce"] - requests: - storage: 5Gi - storage_class: general - -manifests: - configmap_bin: true - configmap_etc: true - ingress: true - job_image_repo_sync: true - network_policy: false - secret_ingress_tls: true - secret_kafka: true - secret_zookeeper: true - service_discovery: true - service_ingress: true - service: true - statefulset: true - -conf: - zookeeper: - config: - data_directory: /var/lib/zookeeper/data - data_log_directory: /var/lib/zookeeper/data/datalog - log_directory: /var/lib/zookeeper/data/logs - template: | - {{- $domain := tuple "zookeeper" "discovery" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} - {{- $electionPort := tuple "zookeeper" "internal" "election" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - {{- $clientPort := tuple "zookeeper" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - {{- $serverPort := tuple "zookeeper" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - tickTime=2000 - dataDir={{ .Values.conf.zookeeper.config.data_directory }} - dataLogDir={{ .Values.conf.zookeeper.config.data_log_directory }} - logDir={{ .Values.conf.zookeeper.config.log_directory }} - electionPort={{ $electionPort }} - serverPort={{ $serverPort }} - maxClientCnxns=10 - initLimit=15 - syncLimit=5 - {{- range $podInt := until ( atoi (print .Values.pod.replicas.zookeeper ) ) }} - {{- $ensembleCount := add $podInt 1 }} - server.{{$ensembleCount}}=zookeeper-{{$podInt}}.{{$domain}}:{{$serverPort}}:{{$electionPort}}:participant;{{$clientPort}} - {{- end }} - authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider - jaasLoginRenew=3600000 - requireClientAuthScheme=sasl - jaas: - template: | - {{- $admin := .Values.endpoints.kafka.auth.admin }} - Server { - org.apache.zookeeper.server.auth.DigestLoginModule required - user_{{ $admin.username }}={{ $admin.password | quote }} - {{- printf ";" }} - }; - Client { - org.apache.zookeeper.server.auth.DigestLoginModule required - username={{ $admin.username | quote }} - password={{ $admin.password | quote }} - {{- printf ";" }} - }; - jvm_options: - - -Djava.security.auth.login.config=/conf/jaas.conf -... diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 9070c19e1..9cb348b3c 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -88,7 +88,6 @@ - ./tools/deployment/multinode/125-fluentbit.sh - ./tools/deployment/multinode/130-fluentd.sh - ./tools/deployment/multinode/140-kibana.sh - - ./tools/deployment/multinode/160-zookeeper.sh - ./tools/deployment/multinode/170-postgresql.sh - ./tools/deployment/multinode/600-grafana-selenium.sh || true - ./tools/deployment/multinode/610-nagios-selenium.sh || true