This PS moves to use the Helm 2.10 release, which brings in a version
of sprig that supports TLS certificate creation from defined CAs.
Change-Id: I80233f8f31727c80bcd667cfa0d851488da39588
Signed-off-by: Pete Birley <pete@port.direct>
This removes the min_block_duration and max_block_duration flags
from the Prometheus chart, as the suggested best practice is to
use the defaults (2h min, 10% of retention time as max).
This also updates the scrape target configuration for cadvisor to
match the upstream example endpoint for kubernetes versions 1.7.3
and later
Change-Id: I200969d6c4da9d17d0a7d3a34a114ccc5f5ee70f
This updates Fluentd to use the stable v1.2 debian fluentd
image instead of the kolla image. This images comes bundled
with the elasticsearch plugin, and provides more
flexibility in configuring the buffer behavior of the output
plugins
Change-Id: Id446ef1e050f5d9c005c94dae661cf9ae88fffea
This updates the Prometheus version to 2.3.2, which includes a fix
for memory leak issues with the kubernetes client and also adds a
dashboard for evaluating prometheus rule evaluation performance
Change-Id: I7b9e7bee114fa149db3733c0dacfefae36be7fa8
This filters out fluentd's logs for collection, as this can result
in infinite loops as fluentd will try to process the events in its
own logs repeatedly
Change-Id: I85cce909b6917901b964cb5cc479403143c4d211
Changing the chart to accept plain certificates rather than a base64
encoded string. The chart will handle the base64 encoding internally.
Change-Id: I3cd0710652b1b731fa4bcd9e92dd59ce2c436eb6
Using a node selector can not run the fluent-bit or node-exporter
on the master node. So, This PS changes the scheduling to use
either taint/toleration or the node selector.
Change-Id: I0ca80a6e645b7047469288697387f0f5bf111345
This adds authentication to Prometheus with an apache reverse
proxy, similar to elasticsearch, kibana and nagios. This adds an
admin user and password via htpasswd along with adding ldap
support.
This required modifying the grafana chart to configure the
prometheus datasource's basic auth credentials in the data sources
provisioning configuration file by checking whether basic auth is
enabled and injecting the username/password defined in the
corresponding endpoint definition.
This also modifies the nagios chart to use the authenticated
endpoint for prometheus, which is required for nagios to
successfully query the prometheus endpoint for its service
checking mechanism
Change-Id: Ia4ccc3c44a89b2c56594be1f4cc28ac07169bf8c
This PS updates the keysteone endpoints section used in the
webhook authenticator and the prometheus exporter.
Depends-On: https://review.openstack.org/#/c/588651
Change-Id: Ia2df0ec1b783705f7e2ac164a8729d61962e2bc8
Signed-off-by: Pete Birley <pete@port.direct>
This bumps testing of fedora to 28, and allows openstack-infra to
delete fedora-27 nodes.
Change-Id: Idd38b1e4721b7f53e20ccbc665cb16762ba6132b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This fixes two issues with the Ceph dashboards in Grafana: the
first fix addresses an incorrect heading for Utilized Capacity in
the ceph cluster dashboard (was reporting utilized as available),
and the second fix addresses the Pool Usage gauge to accurately
reflect the percentage of the pool used (was incorrectly
multiplying the percentage result by 100 a second time, resulting
in large and inaccurate results)
Change-Id: I024a555cdb82ee181eb414337b84e7ad62717c97
This PS updates the tls secret manifest to allow non-public endpoints
to be specified.
Change-Id: I47606e5c8db87fac07febb114334ded710f56ed5
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ansible roles to update the user used with
the tiller image used for bootstrapping to allow access to approprate
config files used. This is required for use with the current master
tiller image, which no longer deffaults to the root user.
Change-Id: I61f28a2ebeecb22eb66e0394417b0af3a9116483
Signed-off-by: Pete Birley <pete@port.direct>
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.
Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
This PS bumps the version of k8s used in the gates to 1.10.6
Change-Id: I396fe0c0e276d17eb52bfe289a464b7008b8d4d2
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the rabbitmq exporter configurations.
Now, RABBIT_CAPABILITIES env values can not be set because of dummy
values.
After fix values, it needs to upgrade exporter image version because
of string parsing problem in the exporter.
Additional, bert option is added.
https://github.com/kbudde/rabbitmq_exporter
Change-Id: I2a763b6730bcbef1900f7cd4c5a05066bfffadf2
co-authored-by: DaeSeong Kim <powerds0111@gmail.com>
Signed-off-by: Pete Birley <pete@port.direct>
This changes the ordering of the configmap annotations for kibana,
as older versions of helm require the configmap with the values
template definition for the apache proxy to be listed last. This
was addressed in the elasticsearch-client template but missed in
kibana.
This also adds the configmap hash annotations to the nagios chart
as they were previously missing. It also places them in the
correct order as above
Change-Id: I13befe8684d975f310f2723c5172b8a0f9f365d6
This PS moves the RabbitMQ chart to OSH-Infra
Story: 2002204
Task: 585554
Change-Id: Ib94f7ea92aacfd35f0a13672d2a94335335575ad
Signed-off-by: Pete Birley <pete@port.direct>
This proposes defining the apache proxy hosts entirely via values
templates. While complicated on its face, this gives flexibility
by allowing the ability to define the desired authentication
mechanism via values templates. These options can range from
using http basic auth for development purposes to defining more
complex ldap configurations without a need to modify the chart
directly
Change-Id: Ief1b6890444ff90cc9c0ca872087af74836c0771
Signed-off-by: Pete Birley <pete@port.direct>
This deploys the ingress chart in the openstack-helm-infra dev
and multinode gates, which allows for enabling ingresses in the
charts where defined
Change-Id: I055c7b02d9af68f6e3c5eda33d69dd0b8b1b70ca
This fixes the resource trees for the fluent-logging and
openstack-exporter charts to match the other charts. This
also fixes the elasticsearch master template to use the
correct indentation level for the resource template
Change-Id: Ic6ec270a880216daff10d1f22128c6377ebf9933
This updates the default command line flags for Prometheus. It
explicitly sets the HTTP administrative settings to false and
gives a brief explanation of the security concerns associated
with enabling them
This also removes the honor_labels setting where set to false, as
false is the default setting for honor_labels
Change-Id: I69acdbce604864882d642e44c09a5f0b9c454a61
This changes the openstack exporters service user to use the
service domain instead of the default domain
Change-Id: I849814ee96b99e77940904e0d0dfb210a0915560
This PS moves the Memcached chart to OSH-Infra
Story: 2002204
Task: 21727
Change-Id: I47a226ba90a84cddcbf4911af4bf23257827e79e
Signed-off-by: Pete Birley <pete@port.direct>
This PS enables the pod shared pid feature gate in k8s, which allows
the puase container to reap processes when desired.
Change-Id: I01eac64bfa029027465d47c5036119cf5799a100
Signed-off-by: Pete Birley <pete@port.direct>
