Commit Graph

22 Commits

Author SHA1 Message Date
Zuul
754758e8a7 Merge "Kube-State-Metrics: Add pod/container security context" 2019-01-05 03:14:11 +00:00
Chris Wedgwood
0c4e37391f 'NOP' cleanup for more consistent white-space use in charts
Where we have the style '{{ ...' we should use the style '... }}'.

Change-Id: Ic3e779e4681370d396f95d3804ca27db5b9d3642
2019-01-03 22:45:49 +00:00
Steve Wilkerson
4d50e6fa7a Kube-State-Metrics: Add pod/container security context
This updates the kube-state-metrics chart to include the pod
security context on the pod template. This changes the pod's
user from root to the nobody user instead

This also adds the container security context to explicitly set
allowPrivilegeEscalation to false

Change-Id: I17748b299a6e7a394cae63a0e713c49fbf68b4eb
2019-01-03 16:08:22 -06:00
Pete Birley
bb3ff98d53 Add release uuid to pods and rc objects
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.

Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
2018-09-13 05:35:35 +00:00
Jean-Philippe Evrard
bf069b2311 Revert "Update OSH Author copyrights to OSF"
This reverts commit 178aa271a4.

Change-Id: I38a52d866527dfff2689b618e055f439bc248c13
2018-08-28 17:25:54 +00:00
Matt McEuen
178aa271a4 Update OSH Author copyrights to OSF
This PS updates the "Openstack-Helm Authors" copyright attribution
to be the "OpenStack Foundation", as decided in the 2018-03-20
team meeting:
http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-03-20-15.00.log.html

No other copyright attributions were changed.

Change-Id: I1137dee2ae5728771835f4b33fcaff60fcc22ca9
2018-08-26 17:17:06 -05:00
Seungkyu Ahn
a430533e6a Quoting node_select_value in Ingress Controller
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.

Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
2018-08-01 02:39:05 +00:00
Steve Wilkerson
cb7bf2c0b3 Add missing readiness probes to openstack-helm-infra charts
This adds missing readiness probes to the following charts in
openstack-helm-infra: elasticsearch, fluent-logging, kibana,
nagios, prometheus-kube-state-metrics, prometheus-node-exporter,
and prometheus-openstack-exporter

Change-Id: I6a2635b08667c31eadb1b05ba848c658935a17e5
2018-06-26 12:25:36 +00:00
Zuul
ccc0da5509 Merge "Kube-State-Metrics: Change default image used" 2018-06-19 17:07:43 +00:00
Zuul
59cf366ad4 Merge "Kube-state-metrics: Update resources in clusterrole" 2018-06-14 16:24:35 +00:00
Steve Wilkerson
5fe73e6e58 Kube-State-Metrics: Change default image used
This changes the default image for kube-state-metrics to use the
bitnami image instead of the coreos image. This allows us to
override the image entrypoint, as the Alpine based image used
previously did not easily allow us to do so. Adding this also
makes creating a common prometheus exporter deployment template
easier, as it reduces the functional differences between exporter
charts and templates

Change-Id: I6c4aac36f563fcb15f52640bc6f9913b45b4358a
2018-06-14 10:04:03 -05:00
Pete Birley
fa629cdbbd Daemonsets: Use current kubernetes daemonset api version
This PS moves to use the current ga version for kubernetes daemonsets,
additionally any remaining deployments that were using the
`extensions/v1beta1` have been updated to `apps/v1`.

Story: 2002205
Task: 21735

Change-Id: If9703162dc472af1e6096bf2b9062802fd5ce8ab
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-13 21:53:18 +00:00
Steve Wilkerson
9325f3d870 Kube-state-metrics: Update resources in clusterrole
This updates the resources and the apigroups in the clusterrole
for kube-state-metrics to reflect the additional collectors that
are included in the image we use

Change-Id: I4b1c1779598e6488e4e1c8def18ad767d5d5fab4
2018-06-12 17:26:01 -05:00
Steve Wilkerson
aaffc4caf0 OSH-Infra: Update labels for chart components
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh

Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
2018-04-13 08:44:33 -05:00
Pete Birley
b9336ca613 Helm-Toolkit: Kubernetes Entrypoint, simplify image dependencies
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.

Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
2018-04-13 08:42:37 -05:00
Steve Wilkerson
1929cdcbef kube-state-metrics: use endpoints section and lookups to set port
This PS moves kube-state-metrics to use the endpoints section and
lookups to set the ports it serves on.

Change-Id: Icb4757a59852e508148ca9f1e682c722e40042c9
2018-03-05 10:39:28 -06:00
Pete Birley
3c101a6324 dependencies: move dynamic common deps under a 'dynamic.common' key
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.

Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
2018-02-24 17:42:10 -05:00
Pete Birley
e0c688d7ee dependencies: move static dependencies under a 'static' key
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.

Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
2018-02-24 17:39:55 -05:00
portdirect
515494ca98 RBAC: Include release name in cluster roles to prevent collision
This PS includes the release name in the cluster role to prevent
colision if the chart is deployed multiple times in the same
cluster.

Change-Id: I7166e5ee25b3d4c89879393c5f84c869585a2681
2018-02-19 13:13:56 -06:00
Sean Eagan
641c79c902 Add deep merge utility to helm-toolkit
Adds "helm-toolkit.utils.merge" which is a replacement for the
upstream sprig "merge" function which didn't quite do what we
wanted, specifically it didn't merge slices, it just overrode
one with the other.  This PS also updates existing callsites
of the sprig merge with "helm-toolkit.utils.merge".

Change-Id: I456349558d4cf941d1bcb07fc76d0688b0a10782
2018-02-13 10:08:50 -06:00
Tin Lam
628fd3007d RBAC: Consolidate serviceaccounts and restrict rbac
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:

- cleanup the roles and their binding automatically when the helm
  chart is deleted;
- remove the need to separately mount a serviceaccount  with secret;
- better handling of namespaces resource restriction.

Co-Authored-By: portdirect <pete@port.direct>

Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
2017-12-19 20:22:57 -05:00
Steve Wilkerson
938bce7370 Include prometheus- prefix for select monitoring charts
This adds the prometheus- prefix to the alertmanager,
kube-state-metrics and node exporter charts to reflect their
intended usage as part of a prometheus centric monitoring solution

This will imply a logical grouping of these components, similar to
their deployment in the osh-infra gates

Change-Id: I4f391a10b64389022f01a94ea3704c110f8f9bb5
2017-12-17 23:22:50 -05:00