From f69fe062c6b993b463b35105382e26f1837c5df1 Mon Sep 17 00:00:00 2001 From: Caleb Bron Date: Wed, 12 Aug 2020 15:27:45 -0700 Subject: [PATCH] (dev-v2.6-archive) Merge pull request #532 from cbron/kiali-server rancher-kiali-server (partially cherry picked from commit 9329c3c38ddb8f36909dca370b4d7e01c76bae85) --- packages/rancher-istio/charts/Chart.yaml | 2 + packages/rancher-istio/charts/README.md | 19 +++++++ .../charts/configs/istio-base.yaml | 10 ++++ .../rancher-istio/charts/requirements.yaml | 7 +++ .../charts/templates/service-monitors.yaml | 51 +++++++++++++++++++ packages/rancher-istio/charts/values.yaml | 24 +++++++++ packages/rancher-kiali-server/package.yaml | 5 ++ .../rancher-kiali-server.patch | 39 ++++++++++++++ .../outputs/elasticsearch/output.yaml | 34 ++++++------- .../outputs/elasticsearch/secret.yaml | 14 +++++ .../templates/outputs/kafka/output.yaml | 36 ++++++------- .../templates/outputs/kafka/secret.yaml | 28 ++++++++++ .../templates/outputs/splunk/output.yaml | 6 +-- .../templates/outputs/splunk/secret.yaml | 11 ++++ .../rancher-logging/rancher-logging.patch | 50 +++++------------- 15 files changed, 260 insertions(+), 76 deletions(-) create mode 100644 packages/rancher-istio/charts/README.md create mode 100644 packages/rancher-istio/charts/requirements.yaml create mode 100644 packages/rancher-istio/charts/templates/service-monitors.yaml create mode 100644 packages/rancher-kiali-server/package.yaml create mode 100644 packages/rancher-kiali-server/rancher-kiali-server.patch create mode 100644 packages/rancher-logging/overlay/templates/outputs/elasticsearch/secret.yaml create mode 100644 packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml create mode 100644 packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml diff --git a/packages/rancher-istio/charts/Chart.yaml b/packages/rancher-istio/charts/Chart.yaml index 7da9678bc..1b93295ea 100644 --- a/packages/rancher-istio/charts/Chart.yaml +++ b/packages/rancher-istio/charts/Chart.yaml @@ -9,3 +9,5 @@ annotations: catalog.cattle.io/namespace: istio-system catalog.cattle.io/release-name: rancher-istio catalog.cattle.io/ui-component: istio + catalog.cattle.io/requires-gvr: prometheuses.monitoring.coreos.com/v1 + catalog.cattle.io/auto-install-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 diff --git a/packages/rancher-istio/charts/README.md b/packages/rancher-istio/charts/README.md new file mode 100644 index 000000000..2b6ac8fa7 --- /dev/null +++ b/packages/rancher-istio/charts/README.md @@ -0,0 +1,19 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation + +### pre-requisites + +This chart depends on the rancher-kiali-server-crd chart. + +It also depends on rancher-monitoring being installed with default values for nameOverride, namespaceOverride, and the prometheus.service.port. +If those values are modified on the rancher-monitoring deployment, please adjust the `kiali.external_services.prometheus` url settings: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` + +### installation + +helm install rancher-istio ./ --create-namespace -n cattle-istio-system diff --git a/packages/rancher-istio/charts/configs/istio-base.yaml b/packages/rancher-istio/charts/configs/istio-base.yaml index 18d57c5b8..6bef9bbda 100644 --- a/packages/rancher-istio/charts/configs/istio-base.yaml +++ b/packages/rancher-istio/charts/configs/istio-base.yaml @@ -4,6 +4,14 @@ spec: addonComponents: istiocoredns: enabled: {{ .Values.istiocoredns.enabled }} + prometheus: + enabled: false + grafana: + enabled: false + kiali: + enabled: false + tracing: + enabled: false components: base: enabled: {{ .Values.base.enabled }} @@ -48,6 +56,8 @@ spec: profile: default tag: {{ .Values.tag }} revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} values: gateways: istio-egressgateway: diff --git a/packages/rancher-istio/charts/requirements.yaml b/packages/rancher-istio/charts/requirements.yaml new file mode 100644 index 000000000..f81657e3d --- /dev/null +++ b/packages/rancher-istio/charts/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.22.0 + repository: file://../../rancher-kiali-server/charts diff --git a/packages/rancher-istio/charts/templates/service-monitors.yaml b/packages/rancher-istio/charts/templates/service-monitors.yaml new file mode 100644 index 000000000..25e479de4 --- /dev/null +++ b/packages/rancher-istio/charts/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: istio-system + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: istio-system + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/packages/rancher-istio/charts/values.yaml b/packages/rancher-istio/charts/values.yaml index 71104d7bb..d74f893ab 100644 --- a/packages/rancher-istio/charts/values.yaml +++ b/packages/rancher-istio/charts/values.yaml @@ -51,3 +51,27 @@ global: image: proxyv2 proxy_init: image: proxyv2 + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + # todo: what auth strategy ? + # strategy: token # this is default, you can use a service-account or kubeconfig token + strategy: anonymous + deployment: + ingress_enabled: false + external_services: + prometheus: + custom_metrics_url: "http://monitoring-rancher-monitor-prometheus.monitoring-system.svc:9090" + url: "http://monitoring-rancher-monitor-prometheus.monitoring-system.svc:9090" + tracing: + enabled: false + # TODO : update images + # deployment: + # image_name: "rancher..." + # image_version: v1..... diff --git a/packages/rancher-kiali-server/package.yaml b/packages/rancher-kiali-server/package.yaml new file mode 100644 index 000000000..30eed352c --- /dev/null +++ b/packages/rancher-kiali-server/package.yaml @@ -0,0 +1,5 @@ +url: https://kiali.org/helm-charts/kiali-server-1.22.0.tgz +packageVersion: 01 +generateCRDChart: + enabled: true + providesGVR: monitoringdashboards.monitoring.kiali.io/v1alpha1 diff --git a/packages/rancher-kiali-server/rancher-kiali-server.patch b/packages/rancher-kiali-server/rancher-kiali-server.patch new file mode 100644 index 000000000..95ee3950e --- /dev/null +++ b/packages/rancher-kiali-server/rancher-kiali-server.patch @@ -0,0 +1,39 @@ +diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-kiali-server/charts-original/Chart.yaml packages/rancher-kiali-server/charts/Chart.yaml +--- packages/rancher-kiali-server/charts-original/Chart.yaml ++++ packages/rancher-kiali-server/charts/Chart.yaml +@@ -1,20 +1,23 @@ + apiVersion: v2 + appVersion: v1.22.0 +-description: Kiali is an open source project for service mesh observability, refer +- to https://www.kiali.io for details. ++description: Rancher chart based on Kiali Server, containing standard defaults. Installed as sub-chart with customized values in Rancher's Istio. + home: https://github.com/kiali/kiali + icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png + keywords: +-- istio +-- kiali ++ - istio ++ - kiali + maintainers: +-- email: kiali-users@googlegroups.com +- name: Kiali +- url: https://kiali.io +-name: kiali-server ++ - email: kiali-users@googlegroups.com ++ name: Kiali ++ url: https://kiali.io ++name: rancher-kiali-server + sources: +-- https://github.com/kiali/kiali +-- https://github.com/kiali/kiali-ui +-- https://github.com/kiali/kiali-operator +-- https://github.com/kiali/helm-charts ++ - https://github.com/kiali/kiali ++ - https://github.com/kiali/kiali-ui ++ - https://github.com/kiali/kiali-operator ++ - https://github.com/kiali/helm-charts + version: 1.22.0 ++annotations: ++ catalog.cattle.io/requires-gvr: prometheuses.monitoring.coreos.com/v1 ++ catalog.rancher.io/namespace: cattle-istio-system ++ catalog.rancher.io/release-name: rancher-kiali-server diff --git a/packages/rancher-logging/overlay/templates/outputs/elasticsearch/output.yaml b/packages/rancher-logging/overlay/templates/outputs/elasticsearch/output.yaml index 2ab2cc920..4f034d249 100644 --- a/packages/rancher-logging/overlay/templates/outputs/elasticsearch/output.yaml +++ b/packages/rancher-logging/overlay/templates/outputs/elasticsearch/output.yaml @@ -12,32 +12,32 @@ spec: {{- if .Values.elasticsearch.user }} user: {{ .Values.elasticsearch.user }} {{- end}} -{{- if .Values.elasticsearch.password.secret_name }} + {{- if .Values.elasticsearch.password }} password: valueFrom: secretKeyRef: - name: {{ .Values.elasticsearch.password.secret_name }} - key: {{ .Values.elasticsearch.password.key }} -{{- end}} -{{- if .Values.elasticsearch.client_cert.secret_name }} + name: {{ .Release.Name }}-elasticsearch + key: "password" + {{- end}} + {{- if .Values.elasticsearch.client_cert }} client_cert: valueFrom: secretKeyRef: - name: {{ .Values.elasticsearch.client_cert.secret_name }} - key: {{ .Values.elasticsearch.client_cert.key }} -{{- end}} -{{- if .Values.elasticsearch.client_key.secret_name }} + name: {{ .Release.Name }}-elasticsearch + key: "client_cert" + {{- end}} + {{- if .Values.elasticsearch.client_key }} client_key: valueFrom: secretKeyRef: - name: {{ .Values.elasticsearch.client_key.secret_name }} - key: {{ .Values.elasticsearch.client_key.key }} -{{- end}} -{{- if .Values.elasticsearch.client_key_pass.secret_name }} + name: {{ .Release.Name }}-elasticsearch + key: "client_key" + {{- end}} + {{- if .Values.elasticsearch.client_key_pass }} client_key_pass: valueFrom: secretKeyRef: - name: {{ .Values.elasticsearch.client_key_pass.secret_name }} - key: {{ .Values.elasticsearch.client_key_pass.key }} -{{- end}} -{{- end }} + name: {{ .Release.Name }}-elasticsearch + key: "client_key_pass" + {{- end}} + {{- end }} diff --git a/packages/rancher-logging/overlay/templates/outputs/elasticsearch/secret.yaml b/packages/rancher-logging/overlay/templates/outputs/elasticsearch/secret.yaml new file mode 100644 index 000000000..3c04c8b6f --- /dev/null +++ b/packages/rancher-logging/overlay/templates/outputs/elasticsearch/secret.yaml @@ -0,0 +1,14 @@ +{{- if .Values.elasticsearch.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-elasticsearch + labels: +{{ include "logging-operator.labels" . | indent 4 }} +type: Opaque +data: + password: {{ .Values.elasticsearch.password | b64enc | quote }} + client_cert: {{ .Values.elasticsearch.client_cert | b64enc | quote }} + client_key: {{ .Values.elasticsearch.client_key | b64enc | quote }} + client_key_pass: {{ .Values.elasticsearch.client_key_pass | b64enc | quote }} +{{- end }} diff --git a/packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml b/packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml index e7d9f2ab6..f321fd420 100644 --- a/packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml +++ b/packages/rancher-logging/overlay/templates/outputs/kafka/output.yaml @@ -12,46 +12,46 @@ spec: format: type: json - {{- if .Values.kakfa.username.secret_name }} + {{- if .Values.kakfa.username }} username: valueFrom: secretKeyRef: - name: {{ .Values.kakfa.username.secret_name }} - key: {{ .Values.kakfa.username.key }} + name: {{ .Release.Name }}-kafka + key: "username" {{- end }} - {{- if .Values.kakfa.password.secret_name }} + {{- if .Values.kakfa.password }} password: valueFrom: secretKeyRef: - name: {{ .Values.kakfa.password.secret_name }} - key: {{ .Values.kakfa.password.key }} + name: {{ .Release.Name }}-kafka + key: "password" {{- end }} - {{- if .Values.kakfa.ssl_ca_cert.secret_name }} + {{- if .Values.kakfa.ssl_ca_cert }} ssl_ca_cert: valueFrom: secretKeyRef: - name: {{ .Values.kakfa.ssl_ca_cert.secret_name }} - key: {{ .Values.kakfa.ssl_ca_cert.key }} + name: {{ .Release.Name }}-kafka + key: "ssl_ca_cert" {{- end }} - {{- if .Values.kakfa.ssl_client_cert.secret_name }} + {{- if .Values.kakfa.ssl_client_cert }} ssl_client_cert: valueFrom: secretKeyRef: - name: {{ .Values.kakfa.ssl_client_cert.secret_name }} - key: {{ .Values.kakfa.ssl_client_cert.key }} + name: {{ .Release.Name }}-kafka + key: "ssl_client_cert" {{- end }} - {{- if .Values.kakfa.ssl_client_cert_chain.secret_name }} + {{- if .Values.kakfa.ssl_client_cert_chain }} ssl_client_cert_chain: valueFrom: secretKeyRef: - name: {{ .Values.kakfa.ssl_client_cert_chain.secret_name }} - key: {{ .Values.kakfa.ssl_client_cert_chain.key }} + name: {{ .Release.Name }}-kafka + key: "ssl_client_cert_chain" {{- end }} - {{- if .Values.kakfa.ssl_client_cert_key.secret_name }} + {{- if .Values.kakfa.ssl_client_cert_key }} ssl_client_cert_key: valueFrom: secretKeyRef: - name: {{ .Values.kakfa.ssl_client_cert_key.secret_name }} - key: {{ .Values.kakfa.ssl_client_cert_key.key }} + name: {{ .Release.Name }}-kafka + key: "ssl_client_cert_key" {{- end }} {{- end }} diff --git a/packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml b/packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml new file mode 100644 index 000000000..b26384ca8 --- /dev/null +++ b/packages/rancher-logging/overlay/templates/outputs/kafka/secret.yaml @@ -0,0 +1,28 @@ +{{- if .Values.kafka.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-kafka + labels: +{{ include "logging-operator.labels" . | indent 4 }} +type: Opaque +data: +{{- if .Values.kafka.username }} + username: {{ .Values.kafka.username }} +{{- end }} +{{- if .Values.kafka.password }} + password: {{ .Values.kafka.password }} +{{- end }} +{{- if .Values.kafka.ssl_ca_cert }} + ssl_ca_cert: {{ .Values.kafka.ssl_ca_cert }} +{{- end }} +{{- if .Values.kafka.ssl_client_cert }} + ssl_client_cert: {{ .Values.kafka.ssl_client_cert }} +{{- end }} +{{- if .Values.kafka.ssl_client_cert_chain }} + ssl_client_cert_chain: {{ .Values.kafka.ssl_client_cert_chain }} +{{- end }} +{{- if .Values.kafka.ssl_client_cert_key }} + ssl_client_cert_key: {{ .Values.kafka.ssl_client_cert_key }} +{{- end }} +{{- end }} diff --git a/packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml b/packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml index 60d8a97a0..60bd0bff0 100644 --- a/packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml +++ b/packages/rancher-logging/overlay/templates/outputs/splunk/output.yaml @@ -8,12 +8,12 @@ spec: hec_host: {{ .Values.splunk.host }} hec_port: {{ .Values.splunk.port }} protocol: {{ .Values.splunk.protocol }} -{{- if .Values.splunk.token.secret_name }} +{{- if .Values.splunk.index }} hec_token: valueFrom: secretKeyRef: - name: {{ .Values.splunk.token.secret_name }} - key: {{ .Values.splunk.token.key }} + name: {{ .Release.Name }}-splunk + key: "hec_token" {{- end }} {{- if .Values.splunk.index }} index: {{ .Values.splunk.index }} diff --git a/packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml b/packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml new file mode 100644 index 000000000..42d203a1d --- /dev/null +++ b/packages/rancher-logging/overlay/templates/outputs/splunk/secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.splunk.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-splunk + labels: +{{ include "logging-operator.labels" . | indent 4 }} +type: Opaque +data: + hec_token: {{ .Values.splunk.token | b64enc | quote }} +{{- end }} diff --git a/packages/rancher-logging/rancher-logging.patch b/packages/rancher-logging/rancher-logging.patch index c097cd0e9..41d55d79e 100644 --- a/packages/rancher-logging/rancher-logging.patch +++ b/packages/rancher-logging/rancher-logging.patch @@ -31,7 +31,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values resources: {} # We usually recommend not to specify default resources and to leave this as a conscious -@@ -76,4 +76,70 @@ +@@ -76,4 +76,48 @@ monitoring: # Create a Prometheus Operator ServiceMonitor object serviceMonitor: @@ -44,22 +44,10 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values + index_name: fluentd + scheme: http + user: "" -+ password: -+ secret_name: "" -+ key: "password" -+ ca_file: -+ secret_name: "" -+ key: "ca_file" -+ client_cert: -+ secret_name: "" -+ key: "client_cert" -+ client_key: -+ secret_name: "" -+ key: "client_key" -+ client_key_pass: -+ secret_name: "" -+ key: "client_key_pass" -+ ++ password: "" ++ client_cert: "" ++ client_key: "" ++ client_key_pass: "" + +kafka: + enabled: false @@ -67,24 +55,12 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values + default_topic: "fluentd" + sasl_over_ssl: false + scram_mechanism: "PLAIN" -+ username: -+ secret_name: "" -+ key: "username" -+ password: -+ secret_name: "" -+ key: "password" -+ ssl_ca_cert: -+ secret_name: "" -+ key: "ssl_ca_cert" -+ ssl_client_cert: -+ secret_name: "" -+ key: "ssl_client_cert" -+ ssl_client_cert_chain: -+ secret_name: "" -+ key: "ssl_client_cert_chain" -+ ssl_client_cert_key: -+ secret_name: "" -+ key: "ssl_client_cert_key" ++ username: "" ++ password: "" ++ ssl_ca_cert: "" ++ ssl_client_cert: "" ++ ssl_client_cert_chain: "" ++ ssl_client_cert_key: "" + +splunk: + enabled: false @@ -92,9 +68,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-logging/charts-original/values + port: 8088 + protocol: http + index: rancher -+ token: -+ secret_name: "" -+ key: "token" ++ token: "" + client_cert: "" + client_key: "" + insecure_ssl: false