22 Commits

Author SHA1 Message Date
Roy Tang (rt7380)
85bd731562 Expose Anti-Affinity Weight Setting
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.

Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
2019-05-14 17:04:52 -05:00
RAHUL KHIYANI
0ae22f4c1c prometheus-kube-state-metrics: Fix security context
This PS fixes the application name to holistic manner

Change-Id: Ib68c6fc114962fd53a5fcd2ce9e79bfefd5d94a3
2019-04-22 10:29:33 -05:00
Rahul Khiyani
edb24bd537 prometheus-kube-state-metrics: Add container security context
This adds the container security context to set
readOnlyRootFilesystem to true

Change-Id: I1cc81e2284dbbe94739fd498ccfd3e0ee96dfdbd
2019-03-22 14:02:08 +00:00
Meg Heisler
2d36d5f7ce Add ingress network policy to kube-state-metrics and openstack-exporter
This adds ingress network policies to kube-state-metrics and
openstack-exporter using the helm-toolikit template. It also
add openstack-exporter to the network policy jobs.

Change-Id: I3bfc2f1e8a35c09e577a046ebd52346de95e5745
2019-03-07 14:12:14 -06:00
Steve Wilkerson
4d50e6fa7a Kube-State-Metrics: Add pod/container security context
This updates the kube-state-metrics chart to include the pod
security context on the pod template. This changes the pod's
user from root to the nobody user instead

This also adds the container security context to explicitly set
allowPrivilegeEscalation to false

Change-Id: I17748b299a6e7a394cae63a0e713c49fbf68b4eb
2019-01-03 16:08:22 -06:00
Jean-Philippe Evrard
bf069b2311 Revert "Update OSH Author copyrights to OSF"
This reverts commit 178aa271a44956e86f4e962bf815fa827d93c9af.

Change-Id: I38a52d866527dfff2689b618e055f439bc248c13
2018-08-28 17:25:54 +00:00
Matt McEuen
178aa271a4 Update OSH Author copyrights to OSF
This PS updates the "Openstack-Helm Authors" copyright attribution
to be the "OpenStack Foundation", as decided in the 2018-03-20
team meeting:
http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-03-20-15.00.log.html

No other copyright attributions were changed.

Change-Id: I1137dee2ae5728771835f4b33fcaff60fcc22ca9
2018-08-26 17:17:06 -05:00
Steve Wilkerson
5fe73e6e58 Kube-State-Metrics: Change default image used
This changes the default image for kube-state-metrics to use the
bitnami image instead of the coreos image. This allows us to
override the image entrypoint, as the Alpine based image used
previously did not easily allow us to do so. Adding this also
makes creating a common prometheus exporter deployment template
easier, as it reduces the functional differences between exporter
charts and templates

Change-Id: I6c4aac36f563fcb15f52640bc6f9913b45b4358a
2018-06-14 10:04:03 -05:00
Sean Eagan
f402171e42 Move to v0.3.1 of kubernetes-entrypoint
Move to v0.3.1 of kubernetes-entrypoint which has 2 breaking changes to
pod dependencies, and also adds support for depending on jobs via
labels.

Change-Id: I2bafc2153ddd46b3833b253a2e7950bccbccf8ed
2018-04-25 12:38:44 -05:00
Steve Wilkerson
aaffc4caf0 OSH-Infra: Update labels for chart components
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh

Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
2018-04-13 08:44:33 -05:00
Pete Birley
b9336ca613 Helm-Toolkit: Kubernetes Entrypoint, simplify image dependencies
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.

Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
2018-04-13 08:42:37 -05:00
Sean Eagan
db15b5e30b Support pod dependencies
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.

Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
2018-03-20 10:53:53 -05:00
Steve Wilkerson
1929cdcbef kube-state-metrics: use endpoints section and lookups to set port
This PS moves kube-state-metrics to use the endpoints section and
lookups to set the ports it serves on.

Change-Id: Icb4757a59852e508148ca9f1e682c722e40042c9
2018-03-05 10:39:28 -06:00
Pete Birley
3c101a6324 dependencies: move dynamic common deps under a 'dynamic.common' key
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.

Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
2018-02-24 17:42:10 -05:00
Pete Birley
e0c688d7ee dependencies: move static dependencies under a 'static' key
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.

Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
2018-02-24 17:39:55 -05:00
portdirect
515494ca98 RBAC: Include release name in cluster roles to prevent collision
This PS includes the release name in the cluster role to prevent
colision if the chart is deployed multiple times in the same
cluster.

Change-Id: I7166e5ee25b3d4c89879393c5f84c869585a2681
2018-02-19 13:13:56 -06:00
Siri Kim
d9d2ba547a kube-state-metrics for kubernetes version 1.8
This PS is kube-state-metrics for kubernetes version 1.8.
Using kube-state-metrics:v1.2.0 image makes kube-state-
metric pod work properly. Also, gives authority to list
endpoints, persistentvolumes, and horizontalpodautoscalers
by adding them to clusterrole.

Change-Id: I705b29c321b0162740744afa8573dc6ae75bcc60
2018-01-29 05:45:57 +00:00
Zuul
2675d25f6d Merge "helm-toolkit prometheus service annotation clean up" 2018-01-19 18:35:55 +00:00
Steve Wilkerson
a9320d4acc kube-state-metrics: remove unused replica key
the prometheus-kube-state-metrics/values.yaml file had a key for
prometheus replicas, which was likely a result of copy/paste

Change-Id: Id5b915c3814f9caa313c16dfbca7796e7f8284e2
2018-01-18 09:55:52 -06:00
Steve Wilkerson
9ffc748979 helm-toolkit prometheus service annotation clean up
This adds checks for the fields in the service annotations for
prometheus, similar to the checks made for the pod annotations.
It also moves prometheus annotations under a prometheus: key
under a top-level monitoring tree to allow for other monitoring
mechanisms independent of the endpoints tree

Change-Id: I4be6d6ad8e74e8ca52bd224ceddad785577bf6c7
2018-01-16 20:35:50 +00:00
Tin Lam
628fd3007d RBAC: Consolidate serviceaccounts and restrict rbac
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:

- cleanup the roles and their binding automatically when the helm
  chart is deleted;
- remove the need to separately mount a serviceaccount  with secret;
- better handling of namespaces resource restriction.

Co-Authored-By: portdirect <pete@port.direct>

Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
2017-12-19 20:22:57 -05:00
Steve Wilkerson
938bce7370 Include prometheus- prefix for select monitoring charts
This adds the prometheus- prefix to the alertmanager,
kube-state-metrics and node exporter charts to reflect their
intended usage as part of a prometheus centric monitoring solution

This will imply a logical grouping of these components, similar to
their deployment in the osh-infra gates

Change-Id: I4f391a10b64389022f01a94ea3704c110f8f9bb5
2017-12-17 23:22:50 -05:00