This updates the kube-state-metrics chart to include the pod
security context on the pod template. This changes the pod's
user from root to the nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: I17748b299a6e7a394cae63a0e713c49fbf68b4eb
This PS adds the ability to attach a release uuid to pods and rc
objects as desired. A follow up ps will add the ability to add arbitary
annotations to the same objects.
Change-Id: Iceedba457a03387f6fc44eb763a00fd57f9d84a5
Signed-off-by: Pete Birley <pete@port.direct>
In most cases, the ingress controller's nodeSelector key and value
are "node-role.kubernetes.io/ingress" and "true".
Using quote to treat the nodeSelector value as a string.
Change-Id: Ie1745629b90795e4d888d85f35565e6d6350e09b
This adds missing readiness probes to the following charts in
openstack-helm-infra: elasticsearch, fluent-logging, kibana,
nagios, prometheus-kube-state-metrics, prometheus-node-exporter,
and prometheus-openstack-exporter
Change-Id: I6a2635b08667c31eadb1b05ba848c658935a17e5
This changes the default image for kube-state-metrics to use the
bitnami image instead of the coreos image. This allows us to
override the image entrypoint, as the Alpine based image used
previously did not easily allow us to do so. Adding this also
makes creating a common prometheus exporter deployment template
easier, as it reduces the functional differences between exporter
charts and templates
Change-Id: I6c4aac36f563fcb15f52640bc6f9913b45b4358a
This PS moves to use the current ga version for kubernetes daemonsets,
additionally any remaining deployments that were using the
`extensions/v1beta1` have been updated to `apps/v1`.
Story: 2002205
Task: 21735
Change-Id: If9703162dc472af1e6096bf2b9062802fd5ce8ab
Signed-off-by: Pete Birley <pete@port.direct>
This updates the resources and the apigroups in the clusterrole
for kube-state-metrics to reflect the additional collectors that
are included in the image we use
Change-Id: I4b1c1779598e6488e4e1c8def18ad767d5d5fab4
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh
Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
This PS simplify the logic for dyanmicly merging the image management
depenencies into pod deps when active.
Change-Id: I0cf6c93173bc5fbce697ac15be8697d3b1326d0a
This PS moves kube-state-metrics to use the endpoints section and
lookups to set the ports it serves on.
Change-Id: Icb4757a59852e508148ca9f1e682c722e40042c9
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.
Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
This PS includes the release name in the cluster role to prevent
colision if the chart is deployed multiple times in the same
cluster.
Change-Id: I7166e5ee25b3d4c89879393c5f84c869585a2681
Adds "helm-toolkit.utils.merge" which is a replacement for the
upstream sprig "merge" function which didn't quite do what we
wanted, specifically it didn't merge slices, it just overrode
one with the other. This PS also updates existing callsites
of the sprig merge with "helm-toolkit.utils.merge".
Change-Id: I456349558d4cf941d1bcb07fc76d0688b0a10782
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:
- cleanup the roles and their binding automatically when the helm
chart is deleted;
- remove the need to separately mount a serviceaccount with secret;
- better handling of namespaces resource restriction.
Co-Authored-By: portdirect <pete@port.direct>
Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
This adds the prometheus- prefix to the alertmanager,
kube-state-metrics and node exporter charts to reflect their
intended usage as part of a prometheus centric monitoring solution
This will imply a logical grouping of these components, similar to
their deployment in the osh-infra gates
Change-Id: I4f391a10b64389022f01a94ea3704c110f8f9bb5