This updates the helm test pod templates in the charts with helm
tests defined. This change includes the addition of:
- Generate test pod cluster roles and role bindings
- Generate service accounts for test pods
- Add node selectors to the test pods
- Add service accounts to the test pods
- Addition of entrypoint container to the test pods
- Indentation fix for rabbitmq test pod template
Change-Id: I9a0dd8a1a87bfe5eaf1362e92b37bc004f9c2cdb
This adds the node selector key and value configuration to the
Curator cron job for Elasticsearch, as it was previously omitted
Change-Id: Id702007fa827a1e1f90dee9b2a855e4197f4567c
This updates the configuration settings used for the log4j2
template for Elasticsearch. The previous settings weren't
compatible with the version of Elasticsearch currently being used
(5.6.4)
Change-Id: Id4b02ad022c46d599ae02ef77bb0f81f7e62c9e4
This ps adds the ability to use the ceph radosgw s3 api for
snapshot repositories. It removes the ability to use a RWM pvc, as
the radosgw solution provides a more robust approach for storing
index snapshots
Change-Id: Ie56ac41ccdc61bfadcac52b400cceb35403e9fae
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
This adds an ingress to the Elasticsearch chart, allowing for the
exposure of the Elasticsearch cluster externally if required.
This also removes the node ports from the data and discovery
services, as these ports should not be used beyond service
discovery by the elasticsearch nodes. It moves the node port for
the client service under the network.elasticsearch key to match
the network tree for the other services
Change-Id: Ia989eff87b8c9f112c697ae309bbb971dc699aa5
This updates the osh-infra charts to use a secret for their
configuration files instead of a configmap, allowing for the
storage of sensitive information
Change-Id: Ia32587162288df0b297c45fd43b55cef381cb064
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.
Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
This proposes defining the apache proxy hosts entirely via values
templates. While complicated on its face, this gives flexibility
by allowing the ability to define the desired authentication
mechanism via values templates. These options can range from
using http basic auth for development purposes to defining more
complex ldap configurations without a need to modify the chart
directly
Change-Id: Ief1b6890444ff90cc9c0ca872087af74836c0771
Signed-off-by: Pete Birley <pete@port.direct>
This fixes the resource trees for the fluent-logging and
openstack-exporter charts to match the other charts. This
also fixes the elasticsearch master template to use the
correct indentation level for the resource template
Change-Id: Ic6ec270a880216daff10d1f22128c6377ebf9933
This adds missing readiness probes to the following charts in
openstack-helm-infra: elasticsearch, fluent-logging, kibana,
nagios, prometheus-kube-state-metrics, prometheus-node-exporter,
and prometheus-openstack-exporter
Change-Id: I6a2635b08667c31eadb1b05ba848c658935a17e5
This updates the ordering of the basic auth providers in the
elasticsearch and nagios chart to check the file provider first
before going out to check the configured ldap server.
Change-Id: I47ff8a1c7b2cefa8425914c5d4d7a76aa8d43216
Signed-off-by: Steve Wilkerson <wilkers.steve@gmail.com>
This PS moves to use the current ga version for kubernetes daemonsets,
additionally any remaining deployments that were using the
`extensions/v1beta1` have been updated to `apps/v1`.
Story: 2002205
Task: 21735
Change-Id: If9703162dc472af1e6096bf2b9062802fd5ce8ab
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves to use the current API version for kubernetes rcs'
that were previously using `apps/v1beta1`.
Story: 2002205
Task: 21735
Change-Id: Icb4e7aa2392da6867427a58926be2da6f424bd56
Signed-off-by: Pete Birley <pete@port.direct>
This ps adds a function for cleaning up the test data used to
verify Elasticsearch is functioning properly. It removes the test
index created and populated with test data to ensure the resulting
elasticsearch cluster is clean and does not contain random data
Change-Id: Ibdeb90e3f3b6307bf16c68469556bef256ed2d78
This moves the charts in openstack-helm-infra closer towards a
standard structure. It addresses multiple deviations, including:
missing resources for init containers, incorrect indents for
disabled resources in some charts, incorrect indents for volumes
and volumemounts added via values, missing resources for some
helm test templates, missing helm-toolkit image functions, and
moving the resource template declarations to be under the image
template declarations
Change-Id: I4834a5d476ef7fc69c5583caacc0229050f20a76
This adds the entry for resources for the apache proxy running in
the elasticsearch client and kibana pods. This also fixes an
incorrect enabled flag for resources in the kibana chart
Change-Id: Ifcd33a680167d7debfae2c4d71bdcb693632fce9
This adds required configuration for enabling LDAP through
the apache proxy in the elasticsearch and kibana charts by
default
Change-Id: Iaff8f328ff50944ddad94ec86b1134ca73750176
Move to v0.3.1 of kubernetes-entrypoint which has 2 breaking changes to
pod dependencies, and also adds support for depending on jobs via
labels.
Change-Id: I2bafc2153ddd46b3833b253a2e7950bccbccf8ed
Curator is unable to use environment variables for configuration
values if the configured option contains more than the env
variable. In the case of the http_auth value (which expects
user:password), using ${USER}:${PASS} prevents curator from
successfully authenticating to elasticsearch. This moves to
dynamically define these values in the configmap if the value is
empty
This also updates values for curators actions to target logstash-
indices for its actions
Change-Id: Id5b49171e00847432e4ab0cf4be60005b70c21e3
This ps proposes adding a common template for the image_repo_sync
jobs for consumption by the charts
Change-Id: I48476d1e4fd94bd1b08b13b46983e3d999f8d8ca
This adds the local image registry endpoint to elasticsearch,
fluent-logging and grafana. This endpoint was missing from the
values.yaml in those charts
Change-Id: I30dc1f0cab40ccf8a493e13f407e2f0d37af1eee
The Kibana username and password needs to match the Elasticsearch
username and password, as Kibana requires an authorized elasticsearch
user to make queries against the elasticsearch backend to display
its dashboards and set up the initial .kibana index. This changes
the apache proxy running in front of kibana to consume the
elasticsearch username and password via the elasticsearch secret in
the chart to ensure kibana has proper access
Change-Id: Ife3fd916e8d9a3f8877d01a9048a892f92e412d8
This ps updates Curator with reference actions for deleting and
snapshotting Elasticsearch indices and also modifies Curator
to account for Elasticsearch auth and hostname configuration via
endpoint lookup
Change-Id: Ic68a2506c2ea96fc7269a7bb639ebba9c9b1ef20
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh
Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.
Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.
Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
This reverts the changes made to Elasticsearch, Kibana and fluent
logging charts in https://review.openstack.org/#/c/550229/7.
Specifically, this moves the images back to previous used versions
and makes the required changes to the fluent-logging elasticsearch
template job to include the correct mapping directives for the
elasticsearch template.
This change was made to give more time for evaluating a more
robust solution for switching to the official upstream images that
will not cause intermittent gate failures as seen since 550229 was
merged
Change-Id: I9f70b3412a8edc5cb1d80937b158aa2fe7b1ec82
This PS moves elasticsearch to use the endpoints section and
lookups to set the port it serves on.
Change-Id: I4a73893124b6d988cd1f885cfc3dd62abeb4ae8c
This moves Elasticsearch and Kibana to use the latest version
(6.2.2), as the images we were using are no longer supported with
the 6.x release. There was a change in the doc reference in the
log entries that prevented the previous ES version from indexing
those entries, resulting in a busted gate. Moving Kibana to 6.2.2
was required to match major/minor versions with Elasticsearch
The Elasticsearch version change also required changing config file
locations, changing the entrypoint used for launching the service,
changing the running user for the elasticsearch service, and
updated the ES tests as some of the API responses changed between
versions
This also required updating the elasticsearch template job as the
mapping definition entries changed between versions
Change-Id: Ia4cd9a66851754a1bb8f225c7e24513c43568e93
Curator job in Elasticsearch helm chart has a condition on
api version batch/v2alpha1. Cronjob resource is deprecated
in batch/v2alpha1 from k8s 1.8 and batch/v1beta1 is enabled
by default.
Remove the condition on API version as it is no more required.
Closes-Bug: #1753524
Change-Id: Ia296b3742e655fae508e5d4402e7f3881db31688
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.
Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
The template for elasticsearch-master was missing the clusterrole
and clusterrolebinding. This adds them to bring it in line with
the other templates
Change-Id: I34bc7e889018411b3791c1b7f24d150e1f6a24e5
This PS includes the release name in the cluster role to prevent
colision if the chart is deployed multiple times in the same
cluster.
Change-Id: I7166e5ee25b3d4c89879393c5f84c869585a2681
