starlingx
/
monitor-armada-app
Code Issues Proposed changes
monitor-armada-app/monitor-helm/files/0009-add-curator-as-of-2019...

398 lines
17 KiB
Diff
Raw Blame History

From 21cd4d9720064f89843551e7da4c1e0528b6cbf5 Mon Sep 17 00:00:00 2001
From: Kevin Smith <kevin.smith@windriver.com>
Date: Thu, 10 Oct 2019 15:43:20 -0400
Subject: [PATCH 1/1] add curator as of 2019-10-10
---
stable/elasticsearch-curator/Chart.yaml | 6 +--
stable/elasticsearch-curator/OWNERS | 6 +--
stable/elasticsearch-curator/README.md | 34 ++++++++++---
.../ci/initcontainer-values.yaml | 9 ++++
.../elasticsearch-curator/templates/_helpers.tpl | 22 +++++++++
.../elasticsearch-curator/templates/cronjob.yaml | 10 ++++
stable/elasticsearch-curator/templates/psp.yml | 35 +++++++++++++
stable/elasticsearch-curator/templates/role.yaml | 23 +++++++++
.../templates/rolebinding.yaml | 21 ++++++++
.../templates/serviceaccount.yaml | 12 +++++
stable/elasticsearch-curator/values.yaml | 57 ++++++++++++++++++++--
11 files changed, 218 insertions(+), 17 deletions(-)
create mode 100644 stable/elasticsearch-curator/ci/initcontainer-values.yaml
create mode 100644 stable/elasticsearch-curator/templates/psp.yml
create mode 100644 stable/elasticsearch-curator/templates/role.yaml
create mode 100644 stable/elasticsearch-curator/templates/rolebinding.yaml
create mode 100644 stable/elasticsearch-curator/templates/serviceaccount.yaml
diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml
index 24a37ce..7a8e0a7 100644
--- a/stable/elasticsearch-curator/Chart.yaml
+++ b/stable/elasticsearch-curator/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "5.5.4"
description: A Helm chart for Elasticsearch Curator
name: elasticsearch-curator
-version: 1.3.2
+version: 2.0.2
home: https://github.com/elastic/curator
keywords:
- curator
@@ -12,7 +12,7 @@ sources:
- https://github.com/kubernetes/charts/elasticsearch-curator
- https://github.com/pires/docker-elasticsearch-curator
maintainers:
- - name: tmestdagh
- email: mestdagh.tom@gmail.com
+ - name: desaintmartin
+ email: cedric.dsm@gmail.com
- name: gianrubio
email: gianrubio@gmail.com
diff --git a/stable/elasticsearch-curator/OWNERS b/stable/elasticsearch-curator/OWNERS
index d8c0ba0..89df1c0 100644
--- a/stable/elasticsearch-curator/OWNERS
+++ b/stable/elasticsearch-curator/OWNERS
@@ -1,6 +1,6 @@
approvers:
- - tmestdagh
+ - desaintmartin
- gianrubio
reviewers:
- - tmestdagh
- - gianrubio
\ No newline at end of file
+ - desaintmartin
+ - gianrubio
diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md
index 0a9f311..2057b85 100644
--- a/stable/elasticsearch-curator/README.md
+++ b/stable/elasticsearch-curator/README.md
@@ -23,6 +23,17 @@ To install the chart, use the following:
$ helm install stable/elasticsearch-curator
```
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 2.0.0
+
+v2.0.0 uses docker image from `elasticsearch-curator` author, which differs in its way to install curator.
+
+If you have a hardcoded `command` value, please update it to follow the new `curator` executable path: `/curator/curator` (which is not in PATH).
+
## Configuration
The following table lists the configurable parameters of the docker-registry chart and
@@ -31,8 +42,8 @@ their default values.
| Parameter | Description | Default |
| :----------------------------------- | :---------------------------------------------------------- | :------------------------------------------- |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
-| `image.repository` | Container image to use | `quay.io/pires/docker-elasticsearch-curator` |
-| `image.tag` | Container image tag to deploy | `5.5.4` |
+| `image.repository` | Container image to use | `untergeek/curator` |
+| `image.tag` | Container image tag to deploy | `5.7.6` |
| `hooks` | Whether to run job on selected hooks | `{ "install": false, "upgrade": false }` |
| `cronjob.schedule` | Schedule for the CronJob | `0 1 * * *` |
| `cronjob.annotations` | Annotations to add to the cronjob | {} |
@@ -43,15 +54,22 @@ their default values.
| `dryrun` | Run Curator in dry-run mode | `false` |
| `env` | Environment variables to add to the cronjob container | {} |
| `envFromSecrets` | Environment variables from secrets to the cronjob container | {} |
-| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
-| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
-| `command` | Command to execute | ["curator"] |
-| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
-| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
+| `envFromSecrets.*.from.secret` | - `secretKeyRef.name` used for environment variable | |
+| `envFromSecrets.*.from.key` | - `secretKeyRef.key` used for environment variable | |
+| `command` | Command to execute | ["/curator/curator"] |
+| `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml |
+| `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml |
| `resources` | Resource requests and limits | {} |
| `priorityClassName` | priorityClassName | `nil` |
| `extraVolumeMounts` | Mount extra volume(s), | |
| `extraVolumes` | Extra volumes | |
-| `securityContext` | Configure PodSecurityContext |
+| `extraInitContainers` | Init containers to add to the cronjob container | {} |
+| `securityContext` | Configure PodSecurityContext | `false` |
+| `rbac.enabled` | Enable RBAC resources | `false` |
+| `psp.create` | Create pod security policy resources | `false` |
+| `serviceAccount.create` | Create a default serviceaccount for elasticsearch curator | `true` |
+| `serviceAccount.name` | Name for elasticsearch curator serviceaccount | `""` |
+
+
Specify each parameter using the `--set key=value[,key=value]` argument to
`helm install`.
diff --git a/stable/elasticsearch-curator/ci/initcontainer-values.yaml b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
new file mode 100644
index 0000000..578becf
--- /dev/null
+++ b/stable/elasticsearch-curator/ci/initcontainer-values.yaml
@@ -0,0 +1,9 @@
+extraInitContainers:
+ test:
+ image: alpine:latest
+ command:
+ - "/bin/sh"
+ - "-c"
+ args:
+ - |
+ true
diff --git a/stable/elasticsearch-curator/templates/_helpers.tpl b/stable/elasticsearch-curator/templates/_helpers.tpl
index c786fb5..8018c5d 100644
--- a/stable/elasticsearch-curator/templates/_helpers.tpl
+++ b/stable/elasticsearch-curator/templates/_helpers.tpl
@@ -12,6 +12,17 @@ Return the appropriate apiVersion for cronjob APIs.
{{- end -}}
{{/*
+Return the appropriate apiVersion for podsecuritypolicy.
+*/}}
+{{- define "podsecuritypolicy.apiVersion" -}}
+{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "policy/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
Expand the name of the chart.
*/}}
{{- define "elasticsearch-curator.name" -}}
@@ -42,3 +53,14 @@ Create chart name and version as used by the chart label.
{{- define "elasticsearch-curator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch-curator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "elasticsearch-curator.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml
index d0388f4..37274f6 100644
--- a/stable/elasticsearch-curator/templates/cronjob.yaml
+++ b/stable/elasticsearch-curator/templates/cronjob.yaml
@@ -53,6 +53,16 @@ spec:
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
+{{- if .Values.extraInitContainers }}
+ initContainers:
+{{- range $key, $value := .Values.extraInitContainers }}
+ - name: "{{ $key }}"
+{{ toYaml $value | indent 12 }}
+{{- end }}
+{{- end }}
+ {{- if .Values.rbac.enabled }}
+ serviceAccountName: {{ template "elasticsearch-curator.serviceAccountName" .}}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
diff --git a/stable/elasticsearch-curator/templates/psp.yml b/stable/elasticsearch-curator/templates/psp.yml
new file mode 100644
index 0000000..5f62985
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/psp.yml
@@ -0,0 +1,35 @@
+{{- if .Values.psp.create }}
+apiVersion: {{ template "podsecuritypolicy.apiVersion" . }}
+kind: PodSecurityPolicy
+metadata:
+ labels:
+ app: {{ template "elasticsearch-curator.name" . }}
+ chart: {{ template "elasticsearch-curator.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ name: {{ template "elasticsearch-curator.fullname" . }}-psp
+spec:
+ privileged: true
+ #requiredDropCapabilities:
+ volumes:
+ - 'configMap'
+ - 'secret'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'RunAsAny'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/stable/elasticsearch-curator/templates/role.yaml b/stable/elasticsearch-curator/templates/role.yaml
new file mode 100644
index 0000000..8867f67
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/role.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.rbac.enabled }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app: {{ template "elasticsearch-curator.name" . }}
+ chart: {{ template "elasticsearch-curator.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ component: elasticsearch-curator-configmap
+ name: {{ template "elasticsearch-curator.name" . }}-role
+rules:
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["update", "patch"]
+{{- if .Values.psp.create }}
+- apiGroups: ["extensions"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
+ resourceNames:
+ - {{ template "elasticsearch-curator.fullname" . }}-psp
+{{- end -}}
+{{- end -}}
diff --git a/stable/elasticsearch-curator/templates/rolebinding.yaml b/stable/elasticsearch-curator/templates/rolebinding.yaml
new file mode 100644
index 0000000..d25d2e1
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.enabled -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ app: {{ template "elasticsearch-curator.name" . }}
+ chart: {{ template "elasticsearch-curator.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ component: elasticsearch-curator-configmap
+ name: {{ template "elasticsearch-curator.name" . }}-rolebinding
+roleRef:
+ kind: Role
+ name: {{ template "elasticsearch-curator.name" . }}-role
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "elasticsearch-curator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end -}}
+
diff --git a/stable/elasticsearch-curator/templates/serviceaccount.yaml b/stable/elasticsearch-curator/templates/serviceaccount.yaml
new file mode 100644
index 0000000..ad9c5c9
--- /dev/null
+++ b/stable/elasticsearch-curator/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "elasticsearch-curator.serviceAccountName" .}}
+ labels:
+ app: {{ template "elasticsearch-curator.fullname" . }}
+ chart: {{ template "elasticsearch-curator.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- end }}
+
diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml
index 3779be1..460f2a4 100644
--- a/stable/elasticsearch-curator/values.yaml
+++ b/stable/elasticsearch-curator/values.yaml
@@ -13,9 +13,25 @@ cronjob:
pod:
annotations: {}
+rbac:
+ # Specifies whether RBAC should be enabled
+ enabled: false
+
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+
+psp:
+ # Specifies whether a podsecuritypolicy should be created
+ create: false
+
image:
- repository: quay.io/pires/docker-elasticsearch-curator
- tag: 5.5.4
+ repository: untergeek/curator
+ tag: 5.7.6
pullPolicy: IfNotPresent
hooks:
@@ -25,7 +41,7 @@ hooks:
# run curator in dry-run mode
dryrun: false
-command: ["curator"]
+command: ["/curator/curator"]
env: {}
configMaps:
@@ -101,5 +117,40 @@ priorityClassName: ""
# mountPath: /certs
# readOnly: true
+# Add your own init container or uncomment and modify the given example.
+extraInitContainers: {}
+ ## Don't configure S3 repository till Elasticsearch is reachable.
+ ## Ensure that it is available at http://elasticsearch:9200
+ ##
+ # elasticsearch-s3-repository:
+ # image: jwilder/dockerize:latest
+ # imagePullPolicy: "IfNotPresent"
+ # command:
+ # - "/bin/sh"
+ # - "-c"
+ # args:
+ # - |
+ # ES_HOST=elasticsearch
+ # ES_PORT=9200
+ # ES_REPOSITORY=backup
+ # S3_REGION=us-east-1
+ # S3_BUCKET=bucket
+ # S3_BASE_PATH=backup
+ # S3_COMPRESS=true
+ # S3_STORAGE_CLASS=standard
+ # apk add curl --no-cache && \
+ # dockerize -wait http://${ES_HOST}:${ES_PORT} --timeout 120s && \
+ # cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
+ # {
+ # "type": "s3",
+ # "settings": {
+ # "bucket": "${S3_BUCKET}",
+ # "base_path": "${S3_BASE_PATH}",
+ # "region": "${S3_REGION}",
+ # "compress": "${S3_COMPRESS}",
+ # "storage_class": "${S3_STORAGE_CLASS}"
+ # }
+ # }
+
securityContext:
runAsUser: 16 # run as cron user instead of root
--
1.8.3.1
View Git Blame Copy Permalink