Using a node selector can not run the fluent-bit or node-exporter
on the master node. So, This PS changes the scheduling to use
either taint/toleration or the node selector.
Change-Id: I0ca80a6e645b7047469288697387f0f5bf111345
This PS fixes following things:
- fix wrong variable 'alertmanager_templats' to 'alert_templates'
- remove 'toYaml' function for alert_templates
- create alertmanager config in default location
Change-Id: I4862435441b8a36f9d0ce4ff32667e8412ea3c14
This adds authentication to Prometheus with an apache reverse
proxy, similar to elasticsearch, kibana and nagios. This adds an
admin user and password via htpasswd along with adding ldap
support.
This required modifying the grafana chart to configure the
prometheus datasource's basic auth credentials in the data sources
provisioning configuration file by checking whether basic auth is
enabled and injecting the username/password defined in the
corresponding endpoint definition.
This also modifies the nagios chart to use the authenticated
endpoint for prometheus, which is required for nagios to
successfully query the prometheus endpoint for its service
checking mechanism
Change-Id: Ia4ccc3c44a89b2c56594be1f4cc28ac07169bf8c
This PS updates the keysteone endpoints section used in the
webhook authenticator and the prometheus exporter.
Depends-On: https://review.openstack.org/#/c/588651
Change-Id: Ia2df0ec1b783705f7e2ac164a8729d61962e2bc8
Signed-off-by: Pete Birley <pete@port.direct>
This bumps testing of fedora to 28, and allows openstack-infra to
delete fedora-27 nodes.
Change-Id: Idd38b1e4721b7f53e20ccbc665cb16762ba6132b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This fixes two issues with the Ceph dashboards in Grafana: the
first fix addresses an incorrect heading for Utilized Capacity in
the ceph cluster dashboard (was reporting utilized as available),
and the second fix addresses the Pool Usage gauge to accurately
reflect the percentage of the pool used (was incorrectly
multiplying the percentage result by 100 a second time, resulting
in large and inaccurate results)
Change-Id: I024a555cdb82ee181eb414337b84e7ad62717c97
This PS updates the tls secret manifest to allow non-public endpoints
to be specified.
Change-Id: I47606e5c8db87fac07febb114334ded710f56ed5
Signed-off-by: Pete Birley <pete@port.direct>
This PS updates the ansible roles to update the user used with
the tiller image used for bootstrapping to allow access to approprate
config files used. This is required for use with the current master
tiller image, which no longer deffaults to the root user.
Change-Id: I61f28a2ebeecb22eb66e0394417b0af3a9116483
Signed-off-by: Pete Birley <pete@port.direct>
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.
Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
This PS bumps the version of k8s used in the gates to 1.10.6
Change-Id: I396fe0c0e276d17eb52bfe289a464b7008b8d4d2
Signed-off-by: Pete Birley <pete@port.direct>
This PS fixes the rabbitmq exporter configurations.
Now, RABBIT_CAPABILITIES env values can not be set because of dummy
values.
After fix values, it needs to upgrade exporter image version because
of string parsing problem in the exporter.
Additional, bert option is added.
https://github.com/kbudde/rabbitmq_exporter
Change-Id: I2a763b6730bcbef1900f7cd4c5a05066bfffadf2
co-authored-by: DaeSeong Kim <powerds0111@gmail.com>
Signed-off-by: Pete Birley <pete@port.direct>
This changes the ordering of the configmap annotations for kibana,
as older versions of helm require the configmap with the values
template definition for the apache proxy to be listed last. This
was addressed in the elasticsearch-client template but missed in
kibana.
This also adds the configmap hash annotations to the nagios chart
as they were previously missing. It also places them in the
correct order as above
Change-Id: I13befe8684d975f310f2723c5172b8a0f9f365d6
This PS moves the RabbitMQ chart to OSH-Infra
Story: 2002204
Task: 585554
Change-Id: Ib94f7ea92aacfd35f0a13672d2a94335335575ad
Signed-off-by: Pete Birley <pete@port.direct>
This proposes defining the apache proxy hosts entirely via values
templates. While complicated on its face, this gives flexibility
by allowing the ability to define the desired authentication
mechanism via values templates. These options can range from
using http basic auth for development purposes to defining more
complex ldap configurations without a need to modify the chart
directly
Change-Id: Ief1b6890444ff90cc9c0ca872087af74836c0771
Signed-off-by: Pete Birley <pete@port.direct>
This deploys the ingress chart in the openstack-helm-infra dev
and multinode gates, which allows for enabling ingresses in the
charts where defined
Change-Id: I055c7b02d9af68f6e3c5eda33d69dd0b8b1b70ca
This fixes the resource trees for the fluent-logging and
openstack-exporter charts to match the other charts. This
also fixes the elasticsearch master template to use the
correct indentation level for the resource template
Change-Id: Ic6ec270a880216daff10d1f22128c6377ebf9933
This updates the default command line flags for Prometheus. It
explicitly sets the HTTP administrative settings to false and
gives a brief explanation of the security concerns associated
with enabling them
This also removes the honor_labels setting where set to false, as
false is the default setting for honor_labels
Change-Id: I69acdbce604864882d642e44c09a5f0b9c454a61
This changes the openstack exporters service user to use the
service domain instead of the default domain
Change-Id: I849814ee96b99e77940904e0d0dfb210a0915560
This PS moves the Memcached chart to OSH-Infra
Story: 2002204
Task: 21727
Change-Id: I47a226ba90a84cddcbf4911af4bf23257827e79e
Signed-off-by: Pete Birley <pete@port.direct>
This PS enables the pod shared pid feature gate in k8s, which allows
the puase container to reap processes when desired.
Change-Id: I01eac64bfa029027465d47c5036119cf5799a100
Signed-off-by: Pete Birley <pete@port.direct>
This PS moves the ingress chart to OSH-Infra
Story: 2002204
Task: 21733
Change-Id: I85a46d5907f2ffe293f6fef0f528fdef167a7f0f
Signed-off-by: Pete Birley <pete@port.direct>
This encloses the ldap admin bind password in single quotes
instead of double quotes, which allows for special characters to
be successfully included in the password.
Change-Id: I57649a92595c3fe643f32dd1fb3e7c5b2a0802e7
This PS updates the K8s pod resources function to both include
basic documentation, and also allow null values to be used if
no resource request or limit is desired.
Change-Id: I9dee6af1167a12f0c22b368220ca6343a8c6dc73
Signed-off-by: Pete Birley <pete@port.direct>
This patchset changes the "helm-toolkit.utils.merge" function such that
when merging lists it not only removes duplicates, but also optionally
merges any items which have the same value for the "name" key, when
passing a "merge_same_named" parameter as true.
Change-Id: I5105e3649820b41b0dbd6fb36f776bc5ad38c84d
