35 Commits

Author SHA1 Message Date
Tin Lam
92e68d33ea Add network policy toolkit function
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.

Additionally, implementation is done for some infrastructure charts.

Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
2018-10-15 13:50:50 +00:00
Pete Birley
bb3ff98d53 Add release uuid to pods and rc objects
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.

Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 05:35:35 +00:00
Robert Choi
8a82aa613a Prometheus-alertmanager: modify wrong variables
This PS fixes following things:
- fix wrong variable 'alertmanager_templats' to 'alert_templates'
- remove 'toYaml' function for alert_templates
- create alertmanager config in default location

Change-Id: I4862435441b8a36f9d0ce4ff32667e8412ea3c14
2018-08-10 10:55:58 +09:00
Seungkyu Ahn
a430533e6a Quoting node_select_value in Ingress Controller
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.

Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
2018-08-01 02:39:05 +00:00
Steve Wilkerson
c26a1b53f6 Update TLS secret templates, remove nagios readiness probe
This updates the TLS secret templates to include the backend
service in the dict supplied to the manifest template, as it is
required for the TLS secret to render correctly.

This also removes the readiness probe from the nagios container in
the deployment for the nagios chart, as it wasn't functioning as
intended due to the port not being available for the probe

Change-Id: Iabcfd40c74938e0497d08ffeeebc98ab722fa660
2018-06-27 18:56:45 -05:00
Steve Wilkerson
b823954787 Ingress: Add initial TLS Support for osh-infra public endpoints
Adds support for TLS on overriden fqdns for public endpoints for
the services that have them in openstack-helm-infra. Currently this
implementation is limited, in that it does not provide support for
dynamically loading CAs into the containers, or specifying them manually
via configuration. As a result only well known or CA's added manually
to containers will be recognised.

Change-Id: I4ab4bbe24b6544b64cd365467e8efb2a421ac3f4
2018-06-26 14:47:19 -05:00
Pete Birley
b6a51fb57f Use current kubernetes API version
This PS moves to use the current API version for kubernetes rcs'
that were previously using `apps/v1beta1`.

Story: 2002205
Task: 21735

Change-Id: Icb4e7aa2392da6867427a58926be2da6f424bd56
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-12 17:35:13 -05:00
Steve Wilkerson
de9c46bcfa Charts: Tidy up openstack-helm-infra charts
This moves the charts in openstack-helm-infra closer towards a
standard structure. It addresses multiple deviations, including:
missing resources for init containers, incorrect indents for
disabled resources in some charts, incorrect indents for volumes
and volumemounts added via values, missing resources for some
helm test templates, missing helm-toolkit image functions, and
moving the resource template declarations to be under the image
template declarations

Change-Id: I4834a5d476ef7fc69c5583caacc0229050f20a76
2018-05-21 12:58:22 -07:00
Zuul
9b4252c0f3 Merge "prometheus-alertmanager: yaml indentation fixes" 2018-04-28 17:41:30 +00:00
Sean Eagan
f402171e42 Move to v0.3.1 of kubernetes-entrypoint
Move to v0.3.1 of kubernetes-entrypoint which has 2 breaking changes to
pod dependencies, and also adds support for depending on jobs via
labels.

Change-Id: I2bafc2153ddd46b3833b253a2e7950bccbccf8ed
2018-04-25 12:38:44 -05:00
Steve Wilkerson
e166432a98 Add manifest for image_repo_sync job
This ps proposes adding a common template for the image_repo_sync
jobs for consumption by the charts

Change-Id: I48476d1e4fd94bd1b08b13b46983e3d999f8d8ca
2018-04-19 14:10:08 +00:00
Zuul
49e9084679 Merge "OSH-Infra: Update labels for chart components" 2018-04-18 18:47:08 +00:00
Zuul
626b94e0c8 Merge "Helm-Toolkit: Kubernetes Entrypoint, simplify image dependencies" 2018-04-17 15:11:00 +00:00
Steve Wilkerson
7757400edc OSH-infra: move charts to use ingress manifest in htk
This moves all relevant charts in osh-infra to use the htk manifest
template for ingresses, bringing them in line with the charts in
openstack-helm

Change-Id: Ic9c3cc6f0051fa66b6f88ec2b2725698b36ce824
2018-04-13 15:41:12 -05:00
Chris Wedgwood
fb73a54b94 prometheus-alertmanager: yaml indentation fixes
Change-Id: I2bed45c554b19e6cd8373d88325e33ef4777b0c7
2018-04-13 16:01:31 +00:00
Steve Wilkerson
aaffc4caf0 OSH-Infra: Update labels for chart components
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh

Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
2018-04-13 08:44:33 -05:00
Pete Birley
b9336ca613 Helm-Toolkit: Kubernetes Entrypoint, simplify image dependencies
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.

Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
2018-04-13 08:42:37 -05:00
Sean Eagan
db15b5e30b Support pod dependencies
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.

Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
2018-03-20 10:53:53 -05:00
Zuul
eb3cbf0f95 Merge "yaml cleanup: trim multiline strings" 2018-03-10 07:01:35 +00:00
Chris Wedgwood
3a8c00764c yaml cleanup: trim multiline strings
Change-Id: I7e8f423be2efb84f3116258beca805265ca388f7
2018-03-08 20:18:53 +00:00
Steve Wilkerson
657646b1bd Alertmanager: use endpoints section and lookups to set port
This PS moves alertmanager to use the endpoints section and
lookups to set the ports it serves on.

Change-Id: I62108ca207f615d10d0b4385da204214b9aeae32
2018-03-08 20:01:20 +00:00
Pete Birley
3c101a6324 dependencies: move dynamic common deps under a 'dynamic.common' key
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.

Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
2018-02-24 17:42:10 -05:00
Pete Birley
e0c688d7ee dependencies: move static dependencies under a 'static' key
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.

Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
2018-02-24 17:39:55 -05:00
portdirect
515494ca98 RBAC: Include release name in cluster roles to prevent collision
This PS includes the release name in the cluster role to prevent
colision if the chart is deployed multiple times in the same
cluster.

Change-Id: I7166e5ee25b3d4c89879393c5f84c869585a2681
2018-02-19 13:13:56 -06:00
Sean Eagan
641c79c902 Add deep merge utility to helm-toolkit
Adds "helm-toolkit.utils.merge" which is a replacement for the
upstream sprig "merge" function which didn't quite do what we
wanted, specifically it didn't merge slices, it just overrode
one with the other.  This PS also updates existing callsites
of the sprig merge with "helm-toolkit.utils.merge".

Change-Id: I456349558d4cf941d1bcb07fc76d0688b0a10782
2018-02-13 10:08:50 -06:00
Steve Wilkerson
b15d0ed0d2 Fix alertmanager volumemount
The volume mount name for the permissions init container was
overlooked when the PVC for alertmanager was removed and the
volume renamed. This changes the mount appropriately

Change-Id: I5db6594a3192ec78354e5f3d3d41e96317488664
2018-01-30 19:57:11 -06:00
Steve Wilkerson
977c561a8f Alertmanager: Use volumeclaimtemplate for storage
This removes the pvc in Alertmanager and changes the default
storage_class to readwriteonce.  Now that Alertmanager uses peer
meshing, it's not required for the replicas to share a common
volume claim

Change-Id: I24290264cb0e552a143a56faa753289f073c47b9
2018-01-30 09:32:49 -06:00
portdirect
666f7de6a1 Prometheus-Alertmanager: Fix permisions for PVC
This PS fixes the permisions for the PVC backing
Prometheus-Alertmanager

Change-Id: I8cfb2b999c1f2add9c1647238603c3940ef0bc0a
2018-01-10 13:05:36 -05:00
Steve Wilkerson
9a9796574c Fix alertmanager serviceaccountname reference
Alertmanager's serviceaccountname was hardcoded instead of using
the common definition used in other charts. This simply brings the
chart in line with the others

Change-Id: I81fa6814217f2e422617379d5e3bf3629f660407
2018-01-03 12:08:36 -06:00
portdirect
3b6596c56e Prometheus: Update values to be yaml rather than freeform text
This PS udpates the Prometheus values to use yaml rather than text.

It also consolates all configuration into a single `etc` configmap,
inline with other OSH charts.

Change-Id: I162d4817a2b1b842499ef27d754707f8fce23bf3
2017-12-20 01:49:40 -05:00
Tin Lam
628fd3007d RBAC: Consolidate serviceaccounts and restrict rbac
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:

- cleanup the roles and their binding automatically when the helm
  chart is deleted;
- remove the need to separately mount a serviceaccount  with secret;
- better handling of namespaces resource restriction.

Co-Authored-By: portdirect <pete@port.direct>

Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
2017-12-19 20:22:57 -05:00
Zuul
1545482b8b Merge "Add alert templates via alertmanager's values.yaml file" 2017-12-19 06:16:28 +00:00
Steve Wilkerson
917865ed97 Add alert templates via alertmanager's values.yaml file
This adds the ability to define custom alert template via the
values.yaml file for Alertmanager. This will provide the ability
for an operator to define actions to be taken upon an alert firing
such as sending Slack alerts, email alerts, or any other
organization-specific action

Change-Id: I78a40e43cfeb7391699908a1f73b57846fedbcbb
2017-12-18 11:24:45 -06:00
Steve Wilkerson
9fdbd235be Add peer meshing to Alertmanager
Adds additional flags to Alertmanager for the peer meshing. This
also adds a headless discovery service so each instance can
calculate the DNS names of its mesh peers on startup.

Change-Id: I2ba7f4aec88f73e6bc3ff31117973ebb4e85ceba
2017-12-18 10:15:14 -06:00
Steve Wilkerson
938bce7370 Include prometheus- prefix for select monitoring charts
This adds the prometheus- prefix to the alertmanager,
kube-state-metrics and node exporter charts to reflect their
intended usage as part of a prometheus centric monitoring solution

This will imply a logical grouping of these components, similar to
their deployment in the osh-infra gates

Change-Id: I4f391a10b64389022f01a94ea3704c110f8f9bb5
2017-12-17 23:22:50 -05:00