This adds the entry for resources for the apache proxy running in
the elasticsearch client and kibana pods. This also fixes an
incorrect enabled flag for resources in the kibana chart
Change-Id: Ifcd33a680167d7debfae2c4d71bdcb693632fce9
This adds required configuration for enabling LDAP through
the apache proxy in the elasticsearch and kibana charts by
default
Change-Id: Iaff8f328ff50944ddad94ec86b1134ca73750176
Move to v0.3.1 of kubernetes-entrypoint which has 2 breaking changes to
pod dependencies, and also adds support for depending on jobs via
labels.
Change-Id: I2bafc2153ddd46b3833b253a2e7950bccbccf8ed
Curator is unable to use environment variables for configuration
values if the configured option contains more than the env
variable. In the case of the http_auth value (which expects
user:password), using ${USER}:${PASS} prevents curator from
successfully authenticating to elasticsearch. This moves to
dynamically define these values in the configmap if the value is
empty
This also updates values for curators actions to target logstash-
indices for its actions
Change-Id: Id5b49171e00847432e4ab0cf4be60005b70c21e3
This ps proposes adding a common template for the image_repo_sync
jobs for consumption by the charts
Change-Id: I48476d1e4fd94bd1b08b13b46983e3d999f8d8ca
This adds the local image registry endpoint to elasticsearch,
fluent-logging and grafana. This endpoint was missing from the
values.yaml in those charts
Change-Id: I30dc1f0cab40ccf8a493e13f407e2f0d37af1eee
The Kibana username and password needs to match the Elasticsearch
username and password, as Kibana requires an authorized elasticsearch
user to make queries against the elasticsearch backend to display
its dashboards and set up the initial .kibana index. This changes
the apache proxy running in front of kibana to consume the
elasticsearch username and password via the elasticsearch secret in
the chart to ensure kibana has proper access
Change-Id: Ife3fd916e8d9a3f8877d01a9048a892f92e412d8
This ps updates Curator with reference actions for deleting and
snapshotting Elasticsearch indices and also modifies Curator
to account for Elasticsearch auth and hostname configuration via
endpoint lookup
Change-Id: Ic68a2506c2ea96fc7269a7bb639ebba9c9b1ef20
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh
Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.
Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.
Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
This reverts the changes made to Elasticsearch, Kibana and fluent
logging charts in https://review.openstack.org/#/c/550229/7.
Specifically, this moves the images back to previous used versions
and makes the required changes to the fluent-logging elasticsearch
template job to include the correct mapping directives for the
elasticsearch template.
This change was made to give more time for evaluating a more
robust solution for switching to the official upstream images that
will not cause intermittent gate failures as seen since 550229 was
merged
Change-Id: I9f70b3412a8edc5cb1d80937b158aa2fe7b1ec82
This PS moves elasticsearch to use the endpoints section and
lookups to set the port it serves on.
Change-Id: I4a73893124b6d988cd1f885cfc3dd62abeb4ae8c
This moves Elasticsearch and Kibana to use the latest version
(6.2.2), as the images we were using are no longer supported with
the 6.x release. There was a change in the doc reference in the
log entries that prevented the previous ES version from indexing
those entries, resulting in a busted gate. Moving Kibana to 6.2.2
was required to match major/minor versions with Elasticsearch
The Elasticsearch version change also required changing config file
locations, changing the entrypoint used for launching the service,
changing the running user for the elasticsearch service, and
updated the ES tests as some of the API responses changed between
versions
This also required updating the elasticsearch template job as the
mapping definition entries changed between versions
Change-Id: Ia4cd9a66851754a1bb8f225c7e24513c43568e93
Curator job in Elasticsearch helm chart has a condition on
api version batch/v2alpha1. Cronjob resource is deprecated
in batch/v2alpha1 from k8s 1.8 and batch/v1beta1 is enabled
by default.
Remove the condition on API version as it is no more required.
Closes-Bug: #1753524
Change-Id: Ia296b3742e655fae508e5d4402e7f3881db31688
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.
Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
The template for elasticsearch-master was missing the clusterrole
and clusterrolebinding. This adds them to bring it in line with
the other templates
Change-Id: I34bc7e889018411b3791c1b7f24d150e1f6a24e5
This PS includes the release name in the cluster role to prevent
colision if the chart is deployed multiple times in the same
cluster.
Change-Id: I7166e5ee25b3d4c89879393c5f84c869585a2681
Adds "helm-toolkit.utils.merge" which is a replacement for the
upstream sprig "merge" function which didn't quite do what we
wanted, specifically it didn't merge slices, it just overrode
one with the other. This PS also updates existing callsites
of the sprig merge with "helm-toolkit.utils.merge".
Change-Id: I456349558d4cf941d1bcb07fc76d0688b0a10782
This adds a chart for an elasticsearch exporter to expose metrics
for prometheus. This also moves the exporter to be included as
part of the chart it's meant to target as opposed to its own
separate chart
Change-Id: I491f4d1efba633827d8a6255218daeb9d427f922
This adds node selectors to all templates in the elasticsearch
chart, as they were previously missed
Change-Id: I34ea5751663b2e993c5f73a78a1f91133919752c
This disables the Elasticsearch snapshot repository backed by
NFS by default as the curator job for snapshots is disabled by
default, and should make no assumption that NFS is deployed by
default
Change-Id: Idc74cfb80fcb4c4741d82c6d0ce63fd90a8c919f
There was a change in the upstream reference httpd image for
apache that changed how modules were built for apache.
This change adds the required fix to accomodate the change.
See isssue here https://github.com/docker-library/httpd/pull/87
The Elasticsearch image tag was updated to accomodate the kernel
versions used in the gate as part of the kernel update playbook
See https://github.com/elastic/elasticsearch/issues/28349#issuecomment-360233779
The openstack-exporter binary was changed to reflect changes made
to the openstack-exporter image
Change-Id: I1deb9e7cde794421dd33fade566c2a9fdb5007e6
Run elasticsearch behind apache as a reverse proxy to supply basic
auth for elasticsearch, as xpack requires a suscription to support
security for elasticsearch
Change-Id: I72d06ed9cd2179ead86ddc67db33c68a1e40c437
This dynamically adds the elasticsearch path.repo configuration
entry if it's not defined. This solves issues arising when the
storage settings are disabled in favor of emptydirs for simpler
ES deployments. If elasticsearch attempts to configure the repo
path with an invalid entry (inaccesible external or shared fs
path), the service will crash.
Change-Id: I089b77104107dfb1f8e6ea2d8a560384718e63f9
This PS brings ElasticSearch inline with other charts by placing the
RBAC roles and bindings in the same template as the pod rc they are
assocated with.
Change-Id: I6d541a18d6750d42d31326f77a9aacb06195ddac
This brings the elasticsearch configmaps, volume and mount names
inline with other charts by naming them after the service.
This also moves the configuration for elasticsearch to the values
file to bring it inline with other charts that do the same
Change-Id: I61f7c740d830a9a0567f8b72a0f815a09407b90c
This provides an example action in the curator config for taking
snapshots of the elasticsearch indexes. As the snapshot action
requires a repository registered with Elasticsearch, this also
adds a PVC for a filesystem repository backed with NFS and a job
for registering the repository with Elasticsearch.
Change-Id: I26b788c58f52844e997bde5002459bddc1bb685e
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:
- cleanup the roles and their binding automatically when the helm
chart is deleted;
- remove the need to separately mount a serviceaccount with secret;
- better handling of namespaces resource restriction.
Co-Authored-By: portdirect <pete@port.direct>
Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
Fixes an issue preventing the elastic curator configuration being
populated via elasticsearch's values.yaml
Change-Id: I74901c1aa99abc56a06ea95ca9ea9d818761d79b
This PS moves the default storage access-mode to ReadWriteOnce, as
the PVC is created inline with the statefulset. So ReadWriteMany will
have no effect, as a volume is created per pod.
Change-Id: I2a6a28832c0b1beedeb3e280572b3717628f7b88
The elasticsearch tests fail because the pods don't have
readiness or liveliness probes in the templates. This adds those
definitions
Change-Id: I4fd25aec5ae02d89ae1b933d8b083a3e9cafc55a
