Curator is unable to use environment variables for configuration
values if the configured option contains more than the env
variable. In the case of the http_auth value (which expects
user:password), using ${USER}:${PASS} prevents curator from
successfully authenticating to elasticsearch. This moves to
dynamically define these values in the configmap if the value is
empty
This also updates values for curators actions to target logstash-
indices for its actions
Change-Id: Id5b49171e00847432e4ab0cf4be60005b70c21e3
This adds the local image registry endpoint to elasticsearch,
fluent-logging and grafana. This endpoint was missing from the
values.yaml in those charts
Change-Id: I30dc1f0cab40ccf8a493e13f407e2f0d37af1eee
The Kibana username and password needs to match the Elasticsearch
username and password, as Kibana requires an authorized elasticsearch
user to make queries against the elasticsearch backend to display
its dashboards and set up the initial .kibana index. This changes
the apache proxy running in front of kibana to consume the
elasticsearch username and password via the elasticsearch secret in
the chart to ensure kibana has proper access
Change-Id: Ife3fd916e8d9a3f8877d01a9048a892f92e412d8
This ps updates Curator with reference actions for deleting and
snapshotting Elasticsearch indices and also modifies Curator
to account for Elasticsearch auth and hostname configuration via
endpoint lookup
Change-Id: Ic68a2506c2ea96fc7269a7bb639ebba9c9b1ef20
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh
Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.
Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
This reverts the changes made to Elasticsearch, Kibana and fluent
logging charts in https://review.openstack.org/#/c/550229/7.
Specifically, this moves the images back to previous used versions
and makes the required changes to the fluent-logging elasticsearch
template job to include the correct mapping directives for the
elasticsearch template.
This change was made to give more time for evaluating a more
robust solution for switching to the official upstream images that
will not cause intermittent gate failures as seen since 550229 was
merged
Change-Id: I9f70b3412a8edc5cb1d80937b158aa2fe7b1ec82
This PS moves elasticsearch to use the endpoints section and
lookups to set the port it serves on.
Change-Id: I4a73893124b6d988cd1f885cfc3dd62abeb4ae8c
This moves Elasticsearch and Kibana to use the latest version
(6.2.2), as the images we were using are no longer supported with
the 6.x release. There was a change in the doc reference in the
log entries that prevented the previous ES version from indexing
those entries, resulting in a busted gate. Moving Kibana to 6.2.2
was required to match major/minor versions with Elasticsearch
The Elasticsearch version change also required changing config file
locations, changing the entrypoint used for launching the service,
changing the running user for the elasticsearch service, and
updated the ES tests as some of the API responses changed between
versions
This also required updating the elasticsearch template job as the
mapping definition entries changed between versions
Change-Id: Ia4cd9a66851754a1bb8f225c7e24513c43568e93
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.
Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
This adds a chart for an elasticsearch exporter to expose metrics
for prometheus. This also moves the exporter to be included as
part of the chart it's meant to target as opposed to its own
separate chart
Change-Id: I491f4d1efba633827d8a6255218daeb9d427f922
This disables the Elasticsearch snapshot repository backed by
NFS by default as the curator job for snapshots is disabled by
default, and should make no assumption that NFS is deployed by
default
Change-Id: Idc74cfb80fcb4c4741d82c6d0ce63fd90a8c919f
There was a change in the upstream reference httpd image for
apache that changed how modules were built for apache.
This change adds the required fix to accomodate the change.
See isssue here https://github.com/docker-library/httpd/pull/87
The Elasticsearch image tag was updated to accomodate the kernel
versions used in the gate as part of the kernel update playbook
See https://github.com/elastic/elasticsearch/issues/28349#issuecomment-360233779
The openstack-exporter binary was changed to reflect changes made
to the openstack-exporter image
Change-Id: I1deb9e7cde794421dd33fade566c2a9fdb5007e6
Run elasticsearch behind apache as a reverse proxy to supply basic
auth for elasticsearch, as xpack requires a suscription to support
security for elasticsearch
Change-Id: I72d06ed9cd2179ead86ddc67db33c68a1e40c437
This dynamically adds the elasticsearch path.repo configuration
entry if it's not defined. This solves issues arising when the
storage settings are disabled in favor of emptydirs for simpler
ES deployments. If elasticsearch attempts to configure the repo
path with an invalid entry (inaccesible external or shared fs
path), the service will crash.
Change-Id: I089b77104107dfb1f8e6ea2d8a560384718e63f9
This PS brings ElasticSearch inline with other charts by placing the
RBAC roles and bindings in the same template as the pod rc they are
assocated with.
Change-Id: I6d541a18d6750d42d31326f77a9aacb06195ddac
This brings the elasticsearch configmaps, volume and mount names
inline with other charts by naming them after the service.
This also moves the configuration for elasticsearch to the values
file to bring it inline with other charts that do the same
Change-Id: I61f7c740d830a9a0567f8b72a0f815a09407b90c
This provides an example action in the curator config for taking
snapshots of the elasticsearch indexes. As the snapshot action
requires a repository registered with Elasticsearch, this also
adds a PVC for a filesystem repository backed with NFS and a job
for registering the repository with Elasticsearch.
Change-Id: I26b788c58f52844e997bde5002459bddc1bb685e
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:
- cleanup the roles and their binding automatically when the helm
chart is deleted;
- remove the need to separately mount a serviceaccount with secret;
- better handling of namespaces resource restriction.
Co-Authored-By: portdirect <pete@port.direct>
Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
This PS moves the default storage access-mode to ReadWriteOnce, as
the PVC is created inline with the statefulset. So ReadWriteMany will
have no effect, as a volume is created per pod.
Change-Id: I2a6a28832c0b1beedeb3e280572b3717628f7b88
This moves the Elasticsearch chart to OSH infra, along with rbac
rules for running Elasticsearch. It includes a cronjob for running
ES Curator for cleaning up old indices
Change-Id: I69fcbe8b77de8b594eba5340a6e4340f389ba5bf
