diff --git a/assets/argo/argo-cd-5.23.3.tgz b/assets/argo/argo-cd-5.23.3.tgz new file mode 100644 index 000000000..506ed1303 Binary files /dev/null and b/assets/argo/argo-cd-5.23.3.tgz differ diff --git a/assets/bitnami/wordpress-15.2.46.tgz b/assets/bitnami/wordpress-15.2.46.tgz new file mode 100644 index 000000000..8aa2cd1e3 Binary files /dev/null and b/assets/bitnami/wordpress-15.2.46.tgz differ diff --git a/assets/btp/sextant-2.3.0.tgz b/assets/btp/sextant-2.3.0.tgz new file mode 100644 index 000000000..11e09cb50 Binary files /dev/null and b/assets/btp/sextant-2.3.0.tgz differ diff --git a/assets/clastix/kamaji-0.11.3.tgz b/assets/clastix/kamaji-0.11.3.tgz new file mode 100644 index 000000000..c8f952c25 Binary files /dev/null and b/assets/clastix/kamaji-0.11.3.tgz differ diff --git a/assets/codefresh/cf-runtime-1.9.10.tgz b/assets/codefresh/cf-runtime-1.9.10.tgz new file mode 100644 index 000000000..169a8ccc2 Binary files /dev/null and b/assets/codefresh/cf-runtime-1.9.10.tgz differ diff --git a/assets/crate/crate-operator-2.23.0.tgz b/assets/crate/crate-operator-2.23.0.tgz new file mode 100644 index 000000000..ca602b61f Binary files /dev/null and b/assets/crate/crate-operator-2.23.0.tgz differ diff --git a/assets/datadog/datadog-3.11.0.tgz b/assets/datadog/datadog-3.11.0.tgz new file mode 100644 index 000000000..89bce0a8b Binary files /dev/null and b/assets/datadog/datadog-3.11.0.tgz differ diff --git a/assets/dell/csi-powerstore-2.5.1.tgz b/assets/dell/csi-powerstore-2.5.1.tgz new file mode 100644 index 000000000..0126bf342 Binary files /dev/null and b/assets/dell/csi-powerstore-2.5.1.tgz differ diff --git a/assets/dh2i/dxemssql-1.0.2.tgz b/assets/dh2i/dxemssql-1.0.2.tgz new file mode 100644 index 000000000..787f5e349 Binary files /dev/null and b/assets/dh2i/dxemssql-1.0.2.tgz differ diff --git a/assets/gitlab/gitlab-6.9.1.tgz b/assets/gitlab/gitlab-6.9.1.tgz new file mode 100644 index 000000000..e2da8d93f Binary files /dev/null and b/assets/gitlab/gitlab-6.9.1.tgz differ diff --git a/assets/harbor/harbor-1.11.1.tgz b/assets/harbor/harbor-1.11.1.tgz new file mode 100644 index 000000000..3202d9f5f Binary files /dev/null and b/assets/harbor/harbor-1.11.1.tgz differ diff --git a/assets/hashicorp/consul-1.1.0.tgz b/assets/hashicorp/consul-1.1.0.tgz new file mode 100644 index 000000000..1293ea6c9 Binary files /dev/null and b/assets/hashicorp/consul-1.1.0.tgz differ diff --git a/assets/instana/instana-agent-1.2.55.tgz b/assets/instana/instana-agent-1.2.55.tgz new file mode 100644 index 000000000..0be69c0d4 Binary files /dev/null and b/assets/instana/instana-agent-1.2.55.tgz differ diff --git a/assets/jenkins/jenkins-4.3.4.tgz b/assets/jenkins/jenkins-4.3.4.tgz new file mode 100644 index 000000000..97eee00b8 Binary files /dev/null and b/assets/jenkins/jenkins-4.3.4.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.55.2.tgz b/assets/jfrog/artifactory-ha-107.55.2.tgz new file mode 100644 index 000000000..612bff4d9 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.55.2.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.55.2.tgz b/assets/jfrog/artifactory-jcr-107.55.2.tgz new file mode 100644 index 000000000..6543b0587 Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.55.2.tgz differ diff --git a/assets/kasten/k10-5.5.501.tgz b/assets/kasten/k10-5.5.501.tgz index 9cbf3825e..cbeada854 100644 Binary files a/assets/kasten/k10-5.5.501.tgz and b/assets/kasten/k10-5.5.501.tgz differ diff --git a/assets/kasten/k10-5.5.601.tgz b/assets/kasten/k10-5.5.601.tgz new file mode 100644 index 000000000..def16db99 Binary files /dev/null and b/assets/kasten/k10-5.5.601.tgz differ diff --git a/assets/openebs/openebs-3.4.1.tgz b/assets/openebs/openebs-3.4.1.tgz new file mode 100644 index 000000000..ded972a54 Binary files /dev/null and b/assets/openebs/openebs-3.4.1.tgz differ diff --git a/assets/redpanda/redpanda-2.11.0.tgz b/assets/redpanda/redpanda-2.11.0.tgz new file mode 100644 index 000000000..33b197de0 Binary files /dev/null and b/assets/redpanda/redpanda-2.11.0.tgz differ diff --git a/assets/triggermesh/triggermesh-0.6.4.tgz b/assets/triggermesh/triggermesh-0.6.4.tgz new file mode 100644 index 000000000..a66dd0286 Binary files /dev/null and b/assets/triggermesh/triggermesh-0.6.4.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index 9b6d08712..9a8701e5e 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,13 +1,13 @@ annotations: artifacthub.io/changes: | - kind: changed - description: Grouped component templates together + description: Upgrade Argo CD to v.2.6.3 catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Argo CD catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.6.2 +appVersion: v2.6.3 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -29,4 +29,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.22.1 +version: 5.23.3 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 2533c1802..3cc94e791 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -509,7 +509,7 @@ NAME: my-release | controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | | controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | | controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb | -| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | | controller.podLabels | object | `{}` | Labels to be added to application controller pods | @@ -592,7 +592,7 @@ NAME: my-release | repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | | repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | | repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb | -| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | | repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | @@ -642,7 +642,7 @@ NAME: my-release | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | | server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | -| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` | +| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | | server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | | server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | @@ -725,7 +725,7 @@ NAME: my-release | server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | | server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | | server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb | -| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | server.podAnnotations | object | `{}` | Annotations to be added to server pods | | server.podLabels | object | `{}` | Labels to be added to server pods | @@ -955,7 +955,7 @@ The main options are listed here: | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag | -| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | @@ -1033,7 +1033,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | | applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | | applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb | -| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods | | applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods | @@ -1072,32 +1072,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | -| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | -| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context | -| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] | -| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods | -| notifications.bots.slack.enabled | bool | `false` | Enable slack bot | -| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot | -| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot | -| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot | -| notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot | -| notifications.bots.slack.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | -| notifications.bots.slack.logFormat | string | `""` (defaults to global.logging.format) | Slack bot log format. Either `text` or `json` | -| notifications.bots.slack.logLevel | string | `""` (defaults to global.logging.level) | Slack bot log level. One of: `debug`, `info`, `warn`, `error` | -| notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] | -| notifications.bots.slack.pdb.annotations | object | `{}` | Annotations to be added to Slack bot pdb | -| notifications.bots.slack.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Slack bot | -| notifications.bots.slack.pdb.labels | object | `{}` | Labels to be added to Slack bot pdb | -| notifications.bots.slack.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | -| notifications.bots.slack.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | -| notifications.bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot | -| notifications.bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot | -| notifications.bots.slack.service.port | int | `80` | Service port for Slack bot | -| notifications.bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot | -| notifications.bots.slack.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | -| notifications.bots.slack.serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. | -| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | @@ -1138,7 +1112,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | | notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller | | notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb | -| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | | notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl index 76abc8d28..377a07e12 100644 --- a/charts/argo/argo-cd/templates/_helpers.tpl +++ b/charts/argo/argo-cd/templates/_helpers.tpl @@ -158,17 +158,6 @@ Create the name of the notifications service account to use {{- end -}} {{- end -}} -{{/* -Create the name of the notifications bots slack service account to use -*/}} -{{- define "argo-cd.notificationsBotsSlackServiceAccountName" -}} -{{- if .Values.notifications.bots.slack.serviceAccount.create -}} - {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.bots.slack.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.notifications.bots.slack.serviceAccount.name }} -{{- end -}} -{{- end -}} - {{/* Argo Configuration Preset Values (Incluenced by Values configuration) */}} diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml index 0a161362a..f8460906b 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -37,10 +37,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }} containers: - command: - argocd-application-controller @@ -285,11 +290,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: {{- with .Values.controller.volumes }} {{- toYaml . | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml index 462ebcbaa..6011cd0ba 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -35,15 +35,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} containers: - name: {{ .Values.applicationSet.name }} image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml deleted file mode 100644 index 2749cb2b4..000000000 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - name: {{ template "argo-cd.notifications.fullname" . }}-bot - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} -spec: - replicas: 1 - revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} - strategy: - type: Recreate - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} - template: - metadata: - labels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 8 }} - spec: - {{- with .Values.notifications.bots.slack.imagePullSecrets | default .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.global.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "argo-cd.notificationsBotsSlackServiceAccountName" . }} - containers: - - name: {{ include "argo-cd.notifications.fullname" . }}-bot - image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }} - command: - - argocd-notifications - - bot - - --loglevel={{ default .Values.global.logging.level .Values.notifications.bots.slack.logLevel }} - - --logformat={{ default .Values.global.logging.format .Values.notifications.bots.slack.logFormat }} - {{- range .Values.notifications.bots.slack.extraArgs }} - - {{ . | squote }} - {{- end }} - workingDir: /app - ports: - - containerPort: 8080 - name: http - resources: - {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }} - securityContext: - {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }} - affinity: - {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications.bots.slack) | nindent 8 }} - {{- with .Values.notifications.bots.slack.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.bots.slack.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.notifications.bots.slack.dnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }} -{{ end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml deleted file mode 100644 index 60df983e8..000000000 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.pdb.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "argo-cd.notifications.fullname" . }}-bot - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} - {{- with .Values.notifications.bots.slack.pdb.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.notifications.bots.slack.pdb.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - {{- with .Values.notifications.bots.slack.pdb.maxUnavailable }} - maxUnavailable: {{ . }} - {{- else }} - minAvailable: {{ .Values.notifications.bots.slack.pdb.minAvailable | default 0 }} - {{- end }} - selector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} -{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/role.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/role.yaml deleted file mode 100644 index 26df5b9c7..000000000 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - get - - list - - watch - - update - - patch -{{ end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml deleted file mode 100644 index 80813f5e4..000000000 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.notifications.fullname" . }}-bot -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} -{{ end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/service.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/service.yaml deleted file mode 100644 index 5cbbd2b14..000000000 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "argo-cd.notifications.fullname" . }}-bot - {{- if .Values.notifications.bots.slack.service.annotations }} - annotations: - {{- toYaml .Values.notifications.bots.slack.service.annotations | nindent 4 }} - {{- end }} -spec: - ports: - - name: http - port: {{ .Values.notifications.bots.slack.service.port }} - protocol: TCP - targetPort: http - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }} - type: {{ .Values.notifications.bots.slack.service.type }} -{{ end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml b/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml deleted file mode 100644 index bdffa2cf8..000000000 --- a/charts/argo/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.notifications.bots.slack.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }} -{{- if .Values.notifications.bots.slack.serviceAccount.annotations }} - annotations: - {{- range $key, $value := .Values.notifications.bots.slack.serviceAccount.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }} -{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml index 5efc09653..e3e7968b7 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml @@ -37,6 +37,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml index 00e73d8a2..28bd3b6dc 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -40,11 +40,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }} containers: - name: {{ .Values.repoServer.name }} image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} @@ -312,11 +316,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: {{- with .Values.repoServer.volumes }} {{- toYaml . | nindent 6 }} diff --git a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml index bb3940065..ea3d3a6ed 100644 --- a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml @@ -37,10 +37,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }} containers: - name: {{ .Values.server.name }} image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} @@ -369,11 +374,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: {{- with .Values.server.volumes }} {{- toYaml . | nindent 6}} diff --git a/charts/argo/argo-cd/templates/dex/deployment.yaml b/charts/argo/argo-cd/templates/dex/deployment.yaml index 7fea0b485..d2189cc37 100644 --- a/charts/argo/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo/argo-cd/templates/dex/deployment.yaml @@ -39,10 +39,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with.Values.global.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "argo-cd.dexServiceAccountName" . }} containers: - name: {{ .Values.dex.name }} image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} @@ -159,11 +164,6 @@ spec: {{- end }} {{- end }} {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} - {{- with .Values.global.hostAliases }} - hostAliases: - {{- toYaml . | nindent 6 }} - {{- end }} volumes: - name: static-files emptyDir: {} diff --git a/charts/argo/argo-cd/templates/redis/deployment.yaml b/charts/argo/argo-cd/templates/redis/deployment.yaml index ffff4badc..e23fe46ca 100644 --- a/charts/argo/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo/argo-cd/templates/redis/deployment.yaml @@ -36,6 +36,10 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.redis.securityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index b3706c5ab..d7c5c8536 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -499,7 +499,7 @@ controller: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `controller.pdb.minAvailable` maxUnavailable: "" @@ -623,7 +623,7 @@ controller: drop: - ALL - # Rediness probe for application controller + # Readiness probe for application controller ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ readinessProbe: # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded @@ -1243,7 +1243,7 @@ redis-ha: # -- Tag to use for the redis-exporter tag: 1.45.0 persistentVolume: - # -- Configures persistency on Redis nodes + # -- Configures persistence on Redis nodes enabled: false redis: # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated @@ -1342,7 +1342,7 @@ server: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `server.pdb.minAvailable` maxUnavailable: "" @@ -1380,7 +1380,7 @@ server: lifecycle: {} ## Argo UI extensions - ## This function in tech preview stage, do expect unstability or breaking changes in newer versions. + ## This function in tech preview stage, do expect instability or breaking changes in newer versions. ## Ref: https://github.com/argoproj-labs/argocd-extensions extensions: # -- Enable support for Argo UI extensions @@ -1583,7 +1583,7 @@ server: group: "" # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` kind: "" - # -- Certificate isser name. Eg. `letsencrypt` + # -- Certificate issuer name. Eg. `letsencrypt` name: "" # Private key of the certificate privateKey: @@ -1885,7 +1885,7 @@ repoServer: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `repoServer.pdb.minAvailable` maxUnavailable: "" @@ -2171,7 +2171,7 @@ applicationSet: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `applicationSet.pdb.minAvailable` maxUnavailable: "" @@ -2445,7 +2445,7 @@ notifications: # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) # @default -- `""` (defaults to 0 if not specified) minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). ## Has higher precedence over `notifications.pdb.minAvailable` maxUnavailable: "" @@ -2910,108 +2910,3 @@ notifications: # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown - - ## The optional bot component simplifies managing subscriptions - ## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/ - bots: - slack: - # -- Enable slack bot - ## You have to set secret.notifiers.slack.signingSecret - enabled: false - - ## Slack bot Pod Disruption Budget - ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - pdb: - # -- Deploy a [PodDisruptionBudget] for the Slack bot - enabled: false - # -- Labels to be added to Slack bot pdb - labels: {} - # -- Annotations to be added to Slack bot pdb - annotations: {} - # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) - # @default -- `""` (defaults to 0 if not specified) - minAvailable: "" - # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). - ## Has higher precedence over `notifications.bots.slack.pdb.minAvailable` - maxUnavailable: "" - - ## Slack bot image - image: - # -- Repository to use for the Slack bot - # @default -- `""` (defaults to global.image.repository) - repository: "" - # -- Tag to use for the Slack bot - # @default -- `""` (defaults to global.image.tag) - tag: "" - # -- Image pull policy for the Slack bot - # @default -- `""` (defaults to global.image.imagePullPolicy) - imagePullPolicy: "" - - # -- Secrets with credentials to pull images from a private registry - # @default -- `[]` (defaults to global.imagePullSecrets) - imagePullSecrets: [] - - # -- Slack bot log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - logFormat: "" - # -- Slack bot log level. One of: `debug`, `info`, `warn`, `error` - # @default -- `""` (defaults to global.logging.level) - logLevel: "" - - # -- List of extra cli args to add for Slack bot - extraArgs: [] - - service: - # -- Service annotations for Slack bot - annotations: {} - # -- Service port for Slack bot - port: 80 - # -- Service type for Slack bot - type: LoadBalancer - - serviceAccount: - # -- Specifies whether a service account should be created - create: true - - # -- The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template - name: argocd-notifications-bot - - # -- Annotations applied to created service account - annotations: {} - - # -- [DNS configuration] - dnsConfig: {} - # -- Alternative DNS policy for Slack bot pods - dnsPolicy: "ClusterFirst" - - # -- Slack bot container-level security Context - # @default -- See [values.yaml] - containerSecurityContext: - runAsNonRoot: true - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - - # -- Resource limits and requests for the Slack bot - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # -- Assign custom [affinity] rules - # @default -- `{}` (defaults to global.affinity preset) - affinity: {} - - # -- [Tolerations] for use with node taints - tolerations: [] - - # -- [Node selector] - nodeSelector: {} diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index 0e859fe7f..73eba858e 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 6.3.7 - name: mariadb repository: https://charts.bitnami.com/bitnami - version: 11.4.6 + version: 11.5.0 - name: common repository: https://charts.bitnami.com/bitnami version: 2.2.3 -digest: sha256:603f659cc8e943991bea143717b130c43a0cf14fc1b9019d97006bfa9f825581 -generated: "2023-02-17T19:05:31.835880298Z" +digest: sha256:9c6e8b16fcad61555ef0d4015cf8dd5643f88080c10588d0fc123f255b78f1b7 +generated: "2023-02-23T11:02:34.782171834Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 91b78f26a..5c3d2394e 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -41,4 +41,4 @@ name: wordpress sources: - https://github.com/bitnami/containers/tree/main/bitnami/wordpress - https://wordpress.org/ -version: 15.2.45 +version: 15.2.46 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 9b4c80002..57a812989 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r49` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r53` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r87` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.11.0-debian-11-r93` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r0` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.lock b/charts/bitnami/wordpress/charts/mariadb/Chart.lock index 5d7370abc..9b535546c 100644 --- a/charts/bitnami/wordpress/charts/mariadb/Chart.lock +++ b/charts/bitnami/wordpress/charts/mariadb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 -generated: "2022-12-15T08:09:23.256191892Z" + version: 2.2.3 +digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb +generated: "2023-02-17T18:41:00.54667787Z" diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml index 9d4da6135..2de22a639 100644 --- a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml @@ -28,4 +28,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 11.4.6 +version: 11.5.0 diff --git a/charts/bitnami/wordpress/charts/mariadb/README.md b/charts/bitnami/wordpress/charts/mariadb/README.md index 17b097298..8cfb5624b 100644 --- a/charts/bitnami/wordpress/charts/mariadb/README.md +++ b/charts/bitnami/wordpress/charts/mariadb/README.md @@ -7,12 +7,12 @@ MariaDB is an open source, community-developed SQL database server that is widel [Overview of MariaDB](https://mariadb.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mariadb +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/mariadb ``` ## Introduction @@ -34,8 +34,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: ```console -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mariadb +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/mariadb ``` The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -47,7 +47,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati To uninstall/delete the `my-release` deployment: ```console -$ helm delete my-release +helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -62,24 +62,23 @@ The command removes all the Kubernetes components associated with the chart and | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | | `global.storageClass` | Global storage class for dynamic provisioning | `""` | - ### Common parameters -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override mariadb.fullname | `""` | -| `fullnameOverride` | String to fully override mariadb.fullname | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` | -| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` | -| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | -| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - +| Name | Description | Value | +| ------------------------- | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override mariadb.fullname | `""` | +| `fullnameOverride` | String to fully override mariadb.fullname | `""` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonAnnotations` | Common annotations to add to all MariaDB resources (sub-charts are not considered) | `{}` | +| `commonLabels` | Common labels to add to all MariaDB resources (sub-charts are not considered) | `{}` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` | +| `runtimeClassName` | Name of the Runtime Class for all MariaDB pods | `""` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | ### MariaDB common parameters @@ -87,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | MariaDB image registry | `docker.io` | | `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r0` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r3` | | `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -106,7 +105,6 @@ The command removes all the Kubernetes components associated with the chart and | `initdbScripts` | Dictionary of initdb scripts | `{}` | | `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | - ### MariaDB Primary parameters | Name | Description | Value | @@ -199,7 +197,6 @@ The command removes all the Kubernetes components associated with the chart and | `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` | | `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | - ### MariaDB Secondary parameters | Name | Description | Value | @@ -292,7 +289,6 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` | | `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | - ### RBAC parameters | Name | Description | Value | @@ -303,7 +299,6 @@ The command removes all the Kubernetes components associated with the chart and | `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | | `rbac.create` | Whether to create and use RBAC resources or not | `false` | - ### Volume Permissions parameters | Name | Description | Value | @@ -311,14 +306,13 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r80` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | | `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | - ### Metrics parameters | Name | Description | Value | @@ -326,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r86` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r90` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -365,7 +359,6 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | | `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | - ### NetworkPolicy parameters | Name | Description | Value | @@ -391,7 +384,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install my-release \ +helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ my-repo/mariadb ``` @@ -403,7 +396,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install my-release -f values.yaml my-repo/mariadb +helm install my-release -f values.yaml my-repo/mariadb ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -463,7 +456,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: ```console -$ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] +helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] ``` | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. @@ -520,7 +513,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: ```console -$ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` | Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. @@ -529,7 +522,7 @@ $ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] - Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. -In https://github.com/helm/charts/pull/17308 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. +In the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. This major version bump signifies this change. @@ -546,7 +539,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is mariadb: ```console -$ kubectl delete statefulset opencart-mariadb --cascade=false +kubectl delete statefulset opencart-mariadb --cascade=false ``` ## License @@ -557,7 +550,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml index f9ba944c8..031ee0fd4 100644 --- a/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml @@ -1,7 +1,8 @@ annotations: category: Infrastructure + licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.3 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://github.com/bitnami/charts/tree/main/bitnami/common @@ -20,4 +21,4 @@ sources: - https://github.com/bitnami/charts - https://www.bitnami.com/ type: library -version: 2.2.2 +version: 2.2.3 diff --git a/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md b/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md index ec43a5fab..8f3bda37d 100644 --- a/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md +++ b/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md @@ -11,7 +11,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami ``` -```bash +```console $ helm dependency update ``` @@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl b/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl index 46c659e79..b06071492 100644 --- a/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl +++ b/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl @@ -1,7 +1,7 @@ {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} */}} {{- define "common.images.image" -}} {{- $registryName := .imageRoot.registry -}} diff --git a/charts/bitnami/wordpress/charts/mariadb/templates/secrets.yaml b/charts/bitnami/wordpress/charts/mariadb/templates/secrets.yaml index 2ff62edd2..0f4906c8b 100644 --- a/charts/bitnami/wordpress/charts/mariadb/templates/secrets.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/templates/secrets.yaml @@ -1,3 +1,7 @@ +{{- $host := include "mariadb.primary.fullname" . }} +{{- $port := print .Values.primary.service.ports.mysql }} +{{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mariadb.secretName" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) | trimAll "\"" | b64dec }} +{{- $password := include "common.secrets.passwords.manage" (dict "secret" (include "mariadb.secretName" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) | trimAll "\"" | b64dec }} {{- if eq (include "mariadb.createSecret" .) "true" }} apiVersion: v1 kind: Secret @@ -14,13 +18,13 @@ metadata: type: Opaque data: {{- if (not .Values.auth.forcePassword) }} - mariadb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) }} + mariadb-root-password: {{ print $rootPassword | b64enc | quote }} {{- else }} mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword | b64enc | quote }} {{- end }} {{- if (not (empty .Values.auth.username)) }} {{- if (not .Values.auth.forcePassword) }} - mariadb-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) }} + mariadb-password: {{ print $password | b64enc | quote }} {{- else }} mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password | b64enc | quote }} {{- end }} @@ -33,3 +37,57 @@ data: {{- end }} {{- end }} {{- end }} + +{{- if .Values.serviceBindings.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-root + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/mysql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "mysql" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + user: {{ print "root" | b64enc | quote }} + password: {{ print $rootPassword | b64enc | quote }} + uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }} + +{{- if .Values.auth.username }} +{{- $database := .Values.auth.database }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-custom-user + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/mysql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "mysql" | b64enc | quote }} + host: {{ print $host | b64enc | quote }} + port: {{ print $port | b64enc | quote }} + user: {{ print .Values.auth.username | b64enc | quote }} + {{- if $database }} + database: {{ print $database | b64enc | quote }} + {{- end }} + password: {{ print $password | b64enc | quote }} + uri: {{ printf "mysql://%s:%s@%s:%s/%s" .Values.auth.username $password $host $port $database | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/bitnami/wordpress/charts/mariadb/values.yaml b/charts/bitnami/wordpress/charts/mariadb/values.yaml index 3c7c3e170..14ac9cfe1 100644 --- a/charts/bitnami/wordpress/charts/mariadb/values.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/values.yaml @@ -65,6 +65,12 @@ diagnosticMode: args: - infinity +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + ## @section MariaDB common parameters ## @@ -81,7 +87,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mariadb - tag: 10.6.12-debian-11-r0 + tag: 10.6.12-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -989,7 +995,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r80 + tag: 11-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1025,7 +1031,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r86 + tag: 0.14.0-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 71c2847dc..e043ce767 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.1.1-debian-11-r49 + tag: 6.1.1-debian-11-r53 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -757,7 +757,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r87 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -851,7 +851,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.11.0-debian-11-r93 + tag: 0.13.0-debian-11-r0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/btp/sextant/Chart.yaml b/charts/btp/sextant/Chart.yaml index 0b0373cb4..f5127b7da 100644 --- a/charts/btp/sextant/Chart.yaml +++ b/charts/btp/sextant/Chart.yaml @@ -22,4 +22,4 @@ keywords: kubeVersion: '>=1.19-0' name: sextant type: application -version: 2.2.21 +version: 2.3.0 diff --git a/charts/clastix/kamaji/Chart.yaml b/charts/clastix/kamaji/Chart.yaml index 286a102b6..22a8e2a27 100644 --- a/charts/clastix/kamaji/Chart.yaml +++ b/charts/clastix/kamaji/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: kamaji apiVersion: v2 -appVersion: v0.2.0 +appVersion: v0.2.1 description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler. @@ -22,4 +22,4 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 0.11.2 +version: 0.11.3 diff --git a/charts/clastix/kamaji/README.md b/charts/clastix/kamaji/README.md index f11cce0fa..f217478ab 100644 --- a/charts/clastix/kamaji/README.md +++ b/charts/clastix/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square) +![Version: 0.11.3](https://img.shields.io/badge/Version-0.11.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.1](https://img.shields.io/badge/AppVersion-v0.2.1-informational?style=flat-square) Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler. diff --git a/charts/codefresh/cf-runtime/Chart.yaml b/charts/codefresh/cf-runtime/Chart.yaml index a0fa5ceba..e99bc734c 100644 --- a/charts/codefresh/cf-runtime/Chart.yaml +++ b/charts/codefresh/cf-runtime/Chart.yaml @@ -4,9 +4,9 @@ annotations: catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: cf-runtime apiVersion: v2 -appVersion: 1.9.7 +appVersion: 1.9.10 description: A Helm chart for Codefresh Runner icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg name: cf-runtime type: application -version: 1.9.7 +version: 1.9.10 diff --git a/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml b/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml index 4a1eb1ad2..2e6f9c569 100644 --- a/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml +++ b/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml @@ -28,3 +28,6 @@ rules: - apiGroups: [ "" ] resources: [ "endpoints" ] verbs: [ "get", "list", "watch", "create", "update", "delete" ] + - apiGroups: [ "coordination.k8s.io" ] + resources: [ "leases" ] + verbs: [ "get", "create", "update" ] diff --git a/charts/codefresh/cf-runtime/values.yaml b/charts/codefresh/cf-runtime/values.yaml index 0ffa33dda..f7dda28be 100644 --- a/charts/codefresh/cf-runtime/values.yaml +++ b/charts/codefresh/cf-runtime/values.yaml @@ -24,7 +24,7 @@ dockerRegistry: "quay.io" # Registry prefix for the runtime images (default quay newRelicLicense: "" # NEWRELIC_LICENSE_KEY (for app-proxy and runner deployments) runner: # Runner Deployment - image: "codefresh/venona:1.9.7" + image: "codefresh/venona:1.9.10" env: {} ## e.g: # env: @@ -53,7 +53,7 @@ runner: # Runner Deployment # effect: NoSchedule volumeProvisioner: # Volume-Provisioner Deployment - image: "codefresh/dind-volume-provisioner:1.31.9" + image: "codefresh/dind-volume-provisioner:1.33.1" serviceAccount: {} # annotate volume-provisioner service account ## e.g: # serviceAccount: @@ -74,8 +74,8 @@ volumeProvisioner: # Volume-Provisioner Deployment annotations: {} # annotate volume-provisioner pod storage: # Storage parameters for Volume-Provisioner - backend: local # volume type: local(default), ebs, gcedisk or azuredisk - fsType: "ext4" # filesystem type: ext4(default) or xfs + backend: local # volume type: local(default), ebs, gcedisk or azuredisk + fsType: "ext4" # filesystem type: ext4(default) or xfs # Storage example for local volumes on the K8S nodes filesystem # https://kubernetes.io/docs/concepts/storage/volumes/#local @@ -154,7 +154,6 @@ storage: # Storage parameters for Volume-Provisioner # DiskIOPSReadWrite: 500 # DiskMBpsReadWrite: 100 - re: # Optionally add an AWS IAM role to your pipelines # More info: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster @@ -186,11 +185,11 @@ appProxy: # App-Proxy Deployment # env: # LOG_LEVEL: debug ingress: - pathPrefix: "" # Specify path prefix for ingress (default is '/') - class: "" # Specify ingress class - host: "" # Specify DNS hostname the ingress will use - tlsSecret: "" # Specify k8s tls secret for the ingress object - annotations: {} # Specify extra annotations for ingress object + pathPrefix: "" # Specify path prefix for ingress (default is '/') + class: "" # Specify ingress class + host: "" # Specify DNS hostname the ingress will use + tlsSecret: "" # Specify k8s tls secret for the ingress object + annotations: {} # Specify extra annotations for ingress object ## e.g: # ingress: # pathPrefix: "/app-proxy" @@ -207,12 +206,11 @@ monitor: # Monitor Deployment enabled: false image: "codefresh/agent:stable" helm3: true - useNamespaceWideRole: false # Use ClusterRole(false) or Role(true) - clusterId: "" # Cluster name as it registered in account - token: "" # API token from Codefresh - existingMonitorToken: "" # Existing secret (name-of-existing-secret) with API token from Codefresh (supersedes value of monitor.token; secret must contain `codefresh.token` key) + useNamespaceWideRole: false # Use ClusterRole(false) or Role(true) + clusterId: "" # Cluster name as it registered in account + token: "" # API token from Codefresh + existingMonitorToken: "" # Existing secret (name-of-existing-secret) with API token from Codefresh (supersedes value of monitor.token; secret must contain `codefresh.token` key) env: {} resources: {} serviceAccount: annotations: {} - diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock index 59c636bad..b175facec 100644 --- a/charts/crate/crate-operator/Chart.lock +++ b/charts/crate/crate-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: crate-operator-crds repository: file://../crate-operator-crds - version: 2.22.0 -digest: sha256:ea59e13300da29acfb32097bfb382649618e7bf503248896fc5c9a66846ee36a -generated: "2023-01-31T14:30:10.49197227Z" + version: 2.23.0 +digest: sha256:3fffe754574fad639050c4717e064e275fc0fb165dd21fc4564feb66cba406b1 +generated: "2023-02-28T11:48:10.16603821Z" diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml index 4d8ee0ecf..8a244f5b1 100644 --- a/charts/crate/crate-operator/Chart.yaml +++ b/charts/crate/crate-operator/Chart.yaml @@ -3,16 +3,16 @@ annotations: catalog.cattle.io/display-name: CrateDB Operator catalog.cattle.io/release-name: crate-operator apiVersion: v2 -appVersion: 2.22.0 +appVersion: 2.23.0 dependencies: - condition: crate-operator-crds.enabled name: crate-operator-crds repository: file://./charts/crate-operator-crds - version: 2.22.0 + version: 2.23.0 description: Crate Operator - Helm chart for installing and upgrading Crate Operator. icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg maintainers: - name: Crate.io name: crate-operator type: application -version: 2.22.0 +version: 2.23.0 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml index a33d3041a..7073c04cc 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 2.22.0 +appVersion: 2.23.0 description: Crate Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Crate Operator. maintainers: - name: Crate.io name: crate-operator-crds type: application -version: 2.22.0 +version: 2.23.0 diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 308b80781..25ac4cb11 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.11.0 + +* Default `Agent` and `Cluster-Agent` image tags to `7.43.0`. + ## 3.10.9 * Default `Agent` and `Cluster-Agent` image tags to `7.42.2`. diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 60b9fc398..a3bfeb529 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.10.9 +version: 3.11.0 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index 319c26430..38e16ac6c 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.10.9](https://img.shields.io/badge/Version-3.10.9-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.11.0](https://img.shields.io/badge/Version-3.11.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -443,7 +443,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.42.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.43.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -501,7 +501,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.42.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.43.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -547,7 +547,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.42.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.43.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index 8e16f9f9c..e04adec12 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -794,7 +794,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.42.2 + tag: 7.43.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1116,7 +1116,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.42.2 + tag: 7.43.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1557,7 +1557,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.42.2 + tag: 7.43.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/charts/dell/csi-powerstore/Chart.yaml b/charts/dell/csi-powerstore/Chart.yaml index 660e4bf63..0963d95e9 100644 --- a/charts/dell/csi-powerstore/Chart.yaml +++ b/charts/dell/csi-powerstore/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.21.0 < 1.26.0' catalog.cattle.io/release-name: csi-powerstore apiVersion: v2 -appVersion: 2.5.0 +appVersion: 2.5.1 description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerStore StorageClass. ' @@ -19,4 +19,4 @@ maintainers: name: csi-powerstore sources: - https://github.com/dell/csi-powerstore -version: 2.5.0 +version: 2.5.1 diff --git a/charts/dell/csi-powerstore/values.yaml b/charts/dell/csi-powerstore/values.yaml index d6b4ea600..736bff4b3 100644 --- a/charts/dell/csi-powerstore/values.yaml +++ b/charts/dell/csi-powerstore/values.yaml @@ -23,7 +23,7 @@ driverName: "csi-powerstore.dellemc.com" # Driver version required to pull the latest driver image -version: "v2.5.0" +version: "v2.5.1" # Specify kubelet config dir path. # Ensure that the config.yaml file is present at this path. diff --git a/charts/dh2i/dxemssql/.helmignore b/charts/dh2i/dxemssql/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/dh2i/dxemssql/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dh2i/dxemssql/Chart.yaml b/charts/dh2i/dxemssql/Chart.yaml index ee5d54618..17719c10f 100644 --- a/charts/dh2i/dxemssql/Chart.yaml +++ b/charts/dh2i/dxemssql/Chart.yaml @@ -16,4 +16,4 @@ maintainers: url: https://dh2i.com name: dxemssql type: application -version: 1.0.1 +version: 1.0.2 diff --git a/charts/dh2i/dxemssql/templates/statefulset.yaml b/charts/dh2i/dxemssql/templates/statefulset.yaml index 9ef5e2873..57b3d53e4 100644 --- a/charts/dh2i/dxemssql/templates/statefulset.yaml +++ b/charts/dh2i/dxemssql/templates/statefulset.yaml @@ -17,8 +17,7 @@ spec: {{- include "dxemssql.labels" . | nindent 8 }} spec: securityContext: - fsGroup: 7979 - fsGroupChangePolicy: "OnRootMismatch" + fsGroup: 10001 containers: - name: sql image: "{{ .Values.sqlImage.repository }}:{{ .Values.sqlImage.tag }}" diff --git a/charts/gitlab/gitlab/CHANGELOG.md b/charts/gitlab/gitlab/CHANGELOG.md index e0ef9ed6a..26b1edd0c 100644 --- a/charts/gitlab/gitlab/CHANGELOG.md +++ b/charts/gitlab/gitlab/CHANGELOG.md @@ -2,6 +2,50 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 6.9.1 (2023-02-23) + +### Changed (1 change) + +- [Update gitlab-org/charts/gitlab-runner from 0.49.3 to 0.50.1](gitlab-org/charts/gitlab@95cb8869b072a926117edd1335202120dd3db9bc) ([merge request](gitlab-org/charts/gitlab!2998)) + +## 6.9.0 (2023-02-21) + +### Added (4 changes) + +- [Add troubleshooting docs and note about annotation-value-word-blocklist](gitlab-org/charts/gitlab@cef52d0a33abd089e01d77e0749bdfda8b7a3ec2) ([merge request](gitlab-org/charts/gitlab!2978)) +- [redis: Introduce support for Redis Cluster and specifying acl user](gitlab-org/charts/gitlab@630ce39a02927d40fa28a13f0590967a133fd2ef) ([merge request](gitlab-org/charts/gitlab!2873)) +- [Add ci_runners_stale_machines_cleanup_worker cronjob](gitlab-org/charts/gitlab@8742fcbb39033f5e3baaf8226d5a370fd5604357) ([merge request](gitlab-org/charts/gitlab!2913)) +- [Add support for toolbox.securityContext.fsGroupChangePolicy](gitlab-org/charts/gitlab@0217b7f8e8328fbec7c49af7c1f62cd34fcc03f6) ([merge request](gitlab-org/charts/gitlab!2905)) + +### Fixed (4 changes) + +- [Fix unwanted 'v' prefix in helper image tag](gitlab-org/charts/gitlab@47aa2e34bbd38ba968033255e5e035ab9b7c5749) ([merge request](gitlab-org/charts/gitlab!2982)) +- [Fix certmanager http01 solver on global "none" ingress class](gitlab-org/charts/gitlab@dbf596421f7cd5ee7374c107f2d6776249c75c69) ([merge request](gitlab-org/charts/gitlab!2908)) +- [Force copy files in `configure` initContainer](gitlab-org/charts/gitlab@3c8bd2730aa117f9d1d76088a1e6e8d742a0d878) ([merge request](gitlab-org/charts/gitlab!2953)) +- [Fix logic for Self-Signed-Certs Job inclusion](gitlab-org/charts/gitlab@b2d98174b41a831ad3b205cb367bf9904ebc2e25) ([merge request](gitlab-org/charts/gitlab!2862)) + +### Changed (9 changes) + +- [Update gitlab-org/container-registry from 3.66.0-gitlab to 3.67.0-gitlab](gitlab-org/charts/gitlab@6d0ecfb2bce4a1cc7ec021a4ab98e82e3cd8079e) ([merge request](gitlab-org/charts/gitlab!2980)) +- [Use 'gitlab.parseAppVersion' for helper image tags](gitlab-org/charts/gitlab@a350fe160cbb3bc549bafd8dd01d04e08a613623) ([merge request](gitlab-org/charts/gitlab!2878)) +- [Update gitlab-org/charts/gitlab-runner from 0.49.1 to 0.49.2](gitlab-org/charts/gitlab@0ef1d3fdbfb79d6f325bcf67da35b8cdfb9e36c0) ([merge request](gitlab-org/charts/gitlab!2970)) +- [Update gitlab-org/charts/gitlab-runner from 0.49.0 to 0.49.1](gitlab-org/charts/gitlab@89398c8f28e695a4f8416ddf729834e71258a70b) ([merge request](gitlab-org/charts/gitlab!2959)) +- [Update gitlab-org/gitlab-exporter from 12.1.0 to 12.1.1](gitlab-org/charts/gitlab@ec0922cef35b9c6799dcc2db4b6a38ddc8990969) ([merge request](gitlab-org/charts/gitlab!2958)) +- [Update gitlab-org/container-registry from 3.65.1-gitlab to 3.66.0-gitlab](gitlab-org/charts/gitlab@acecf98c3478f2faa1f5b39ef07ced9704184df3) ([merge request](gitlab-org/charts/gitlab!2946)) +- [Update link and information about Prometheus scraping TLS endpoint](gitlab-org/charts/gitlab@ed0e9d353e23f3f89e4685fd2d5ab3ded7b8eadb) ([merge request](gitlab-org/charts/gitlab!2931)) +- [Update gitlab-org/container-registry from 3.65.0-gitlab to 3.65.1-gitlab](gitlab-org/charts/gitlab@8a39c2456ae4fcd3169c8e6fb789b2c715e784ec) ([merge request](gitlab-org/charts/gitlab!2934)) +- [Update gitlab-org/charts/gitlab-runner from 0.48.1 to 0.49.0](gitlab-org/charts/gitlab@b0e0eadd387c10f9d2168902a33c7b07fbf1a331) ([merge request](gitlab-org/charts/gitlab!2933)) + +### Deprecated (1 change) + +- [Deprecate sidekiq queueSelector and negateQueues](gitlab-org/charts/gitlab@4f6e5846dbabd0b16f5fad771b8bb78dfaa241b8) ([merge request](gitlab-org/charts/gitlab!2969)) + +### Other (3 changes) + +- [Add defaultReplicationFactor in Praefect's ConfigMap.](gitlab-org/charts/gitlab@36e44f78978b368c1db99a5dc747686ab4363e8c) by @kyunam-jo ([merge request](gitlab-org/charts/gitlab!2844)) +- [Moved minio config to global in example config](gitlab-org/charts/gitlab@973557e4cf0c5ec1e0c399fcce557fae2a87de17) ([merge request](gitlab-org/charts/gitlab!2952)) +- [Doc - configure the GitLab chart with an decomposed database](gitlab-org/charts/gitlab@af72661b6f82f8f16dab591c8af67e44baf0b998) ([merge request](gitlab-org/charts/gitlab!2890)) + ## 6.8.3 (2023-02-15) No changes. @@ -36,6 +80,16 @@ No changes. - [Update gitlab-org/gitlab-exporter from 11.18.2 to 12.1.0](gitlab-org/charts/gitlab@428de3dd7c208a0469b18b927fece2bc54029b19) ([merge request](gitlab-org/charts/gitlab!2911)) - [Update gitlab-org/container-registry from 3.63.0-gitlab to 3.64.0-gitlab](gitlab-org/charts/gitlab@a1edaea5f4d9d2a6d972b7412deafe6a2b50aedb) ([merge request](gitlab-org/charts/gitlab!2904)) +## 6.7.7 (2023-02-10) + +No changes. + +## 6.7.6 (2023-01-30) + +### Fixed (1 change) + +- [Fix indent for priorityClassName in Toolbox backup job](gitlab-org/security/charts/gitlab@3ef41cf43a34d56bcdfd1353cffc5edec3fe9e08) + ## 6.7.4 (2023-01-12) No changes. @@ -78,6 +132,16 @@ No changes. - [Use kubectl image with kubectl 1.24.7, yq 4.30.1](gitlab-org/charts/gitlab@e0c892e060ac405d8a2c90f7b4d632e1b3512728) ([merge request](gitlab-org/charts/gitlab!2871)) +## 6.6.8 (2023-02-10) + +No changes. + +## 6.6.7 (2023-01-30) + +### Fixed (1 change) + +- [Fix indent for priorityClassName in Toolbox backup job](gitlab-org/security/charts/gitlab@47836b96b8ae6dd8fd7f7bab4f59e5321ecb023c) + ## 6.6.5 (2023-01-12) No changes. diff --git a/charts/gitlab/gitlab/Chart.yaml b/charts/gitlab/gitlab/Chart.yaml index e9a6636cf..99e7cae5b 100644 --- a/charts/gitlab/gitlab/Chart.yaml +++ b/charts/gitlab/gitlab/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: GitLab catalog.cattle.io/release-name: gitlab apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: The One DevOps Platform home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png @@ -15,4 +15,4 @@ maintainers: name: gitlab sources: - https://gitlab.com/gitlab-org/charts/gitlab -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_helpers.tpl b/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_helpers.tpl index f934220d8..270e949b1 100644 --- a/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_helpers.tpl +++ b/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_helpers.tpl @@ -26,3 +26,15 @@ reduce collision {{- $name := printf "%s-issuer" .Release.Name | trunc 55 | trimSuffix "-" -}} {{- printf "%s-%d" $name .Release.Revision | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Returns the http01 solver's ingress class field. Takes the IngressClass as paramter. +If the IngressClass is "none", the field is not set. + See: https://cert-manager.io/docs/configuration/acme/http01/#class +*/}} +{{- define "certmanager-issuer.http01.ingress.class.field" -}} +{{- $ingressClass := . | default "" -}} +{{- if ne "none" $ingressClass -}} +class: {{ $ingressClass }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_issuer.yaml b/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_issuer.yaml index a4b05915f..5061d4fff 100644 --- a/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_issuer.yaml +++ b/charts/gitlab/gitlab/charts/certmanager-issuer/templates/_issuer.yaml @@ -1,5 +1,6 @@ {{ if (pluck "configureCertmanager" .Values.global.ingress (dict "configureCertmanager" false) | first) }} {{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "context" $ -}} +{{- $ingressClassName := include "ingress.class.name" $ingressCfg -}} apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -22,5 +23,5 @@ spec: - selector: {} http01: ingress: - class: {{ template "ingress.class.name" $ingressCfg }} + {{ include "certmanager-issuer.http01.ingress.class.field" $ingressClassName -}} {{ end }} diff --git a/charts/gitlab/gitlab/charts/certmanager-issuer/templates/issuer-job.yaml b/charts/gitlab/gitlab/charts/certmanager-issuer/templates/issuer-job.yaml index 4cd37464b..7878755db 100644 --- a/charts/gitlab/gitlab/charts/certmanager-issuer/templates/issuer-job.yaml +++ b/charts/gitlab/gitlab/charts/certmanager-issuer/templates/issuer-job.yaml @@ -28,7 +28,7 @@ spec: {{- include "gitlab.priorityClassName" . | nindent 6 }} containers: - name: create-issuer - image: {{ include "gitlab.kubectl.image" . | quote }} + image: {{ include "gitlab.kubectl.image" . }} command: ['/bin/bash', '/scripts/create-issuer', '/scripts/issuer.yml'] {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} volumeMounts: diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/.common.release.yml b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/.common.release.yml new file mode 100644 index 000000000..0dbf3af07 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/.common.release.yml @@ -0,0 +1,31 @@ +.new-runner-version-changelog: &new-runner-version-changelog + changelog_entry: + scope: new-feature + entry: Update GitLab Runner version to v{{ .Release.AppVersion }} + +.update-chart-versions: &update-chart-versions + write: + file: Chart.yaml + contents: | + apiVersion: v1 + name: gitlab-runner + version: {{ .Release.Version }} + appVersion: {{ .Release.AppVersion }} + description: GitLab Runner + keywords: + - git + - ci + - deploy + sources: + - https://gitlab.com/gitlab-org/charts/gitlab-runner + - https://gitlab.com/gitlab-org/gitlab-runner + - https://docs.gitlab.com/runner/ + icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png + maintainers: + - name: GitLab Inc. + email: support@gitlab.com + +.commit-chart-versions: &commit-chart-versions + commit: + files: [Chart.yaml] + message: Update Chart version to v{{ .Release.Version }} and used GitLab Runner version to v{{ .Release.AppVersion }} diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/branch.release.yml b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/branch.release.yml new file mode 100644 index 000000000..6c9abbcc6 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/branch.release.yml @@ -0,0 +1,7 @@ +include: + - .common.release.yml + +actions: + - *new-runner-version-changelog + - *update-chart-versions + - *commit-chart-versions diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.release.yml b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.release.yml new file mode 100644 index 000000000..3baf00fa2 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.release.yml @@ -0,0 +1,5 @@ +include: + - .common.release.yml + +actions: + - *new-runner-version-changelog diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.yml b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.yml index 5c3684164..b37c90f9e 100644 --- a/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.yml +++ b/charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.yml @@ -33,7 +33,7 @@ label_matchers: scope: maintenance - labels: - feature::enhancement - scope: feature + scope: new-feature - labels: - maintenance::refactor scope: maintenance diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/CHANGELOG.md b/charts/gitlab/gitlab/charts/gitlab-runner/CHANGELOG.md index bf2f55195..f2609c357 100644 --- a/charts/gitlab/gitlab/charts/gitlab-runner/CHANGELOG.md +++ b/charts/gitlab/gitlab/charts/gitlab-runner/CHANGELOG.md @@ -1,20 +1,21 @@ -## v0.49.2 (2023-02-10) +## v0.50.1 (2023-02-21) ### New features -- Update GitLab Runner version to 15.8.2 +- Update GitLab Runner version to v15.9.1 -## v0.49.1 (2023-02-03) +## v0.50.0 (2023-02-21) ### New features -- Update GitLab Runner version to 15.8.1 +- Update GitLab Runner version to v15.9.0 +- Add namespace to service account manifest !375 (Daniel Schömer @quatauta) -## v0.49.0 (2023-01-19) +### Maintenance -### New features - -- Update GitLab Runner version to 15.8.0 +- Add Chart repository as source !379 (Geoffrey McQuat @gmcquat) +- Fix grammatical error in instructional comment !376 (Shafiullah Khan @gitshafi) +- Add reference to actual documentation method of obtaining runnerRegistrationToken !361 (SveLem @SveLem) ## v0.48.0 (2022-12-17) diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab-runner/Chart.yaml index 8b2702037..1b0c1027b 100644 --- a/charts/gitlab/gitlab/charts/gitlab-runner/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab-runner/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.2 +appVersion: 15.9.1 description: GitLab Runner icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png keywords: @@ -11,6 +11,7 @@ maintainers: name: GitLab Inc. name: gitlab-runner sources: +- https://gitlab.com/gitlab-org/charts/gitlab-runner - https://gitlab.com/gitlab-org/gitlab-runner - https://docs.gitlab.com/runner/ -version: 0.49.2 +version: 0.50.1 diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/templates/service-account.yaml b/charts/gitlab/gitlab/charts/gitlab-runner/templates/service-account.yaml index 1e5da6ab5..779ac4f2c 100644 --- a/charts/gitlab/gitlab/charts/gitlab-runner/templates/service-account.yaml +++ b/charts/gitlab/gitlab/charts/gitlab-runner/templates/service-account.yaml @@ -7,6 +7,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} name: {{ include "gitlab-runner.fullname" . }} + namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }} labels: app: {{ include "gitlab-runner.fullname" . }} chart: {{ include "gitlab-runner.chart" . }} diff --git a/charts/gitlab/gitlab/charts/gitlab-runner/values.yaml b/charts/gitlab/gitlab/charts/gitlab-runner/values.yaml index 970f1a332..d0467e557 100644 --- a/charts/gitlab/gitlab/charts/gitlab-runner/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab-runner/values.yaml @@ -53,6 +53,7 @@ imagePullPolicy: IfNotPresent ## The Registration Token for adding new Runners to the GitLab Server. This must ## be retrieved from your GitLab Instance. ## ref: https://docs.gitlab.com/ce/ci/runners/index.html +## ref: https://docs.gitlab.com/runner/register/ ## # runnerRegistrationToken: "" @@ -123,7 +124,7 @@ checkInterval: 30 ## ref: ## ## When sessionServer is enabled, the user can either provide a public publicIP -## or either rely on the external IP auto discovery +## or rely on the external IP auto discovery ## When a serviceAccountName is used with the automounting to the pod disable, ## we recommend the usage of the publicIP sessionServer: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml index 76d806ecf..941990d63 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: GitLab Geo logcursor home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: geo-logcursor sources: - https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml index d1f354917..ac0589bf5 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: Git RPC service for handling all the git calls made by GitLab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitaly sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml index d1f5afdbc..d56cd3d00 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 12.1.0 +appVersion: 12.1.1 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors) home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter - https://gitlab.com/gitlab-org/gitlab-exporter -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml index 36afc8084..d2be7bafa 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: Adapt the Grafana chart to interface to the GitLab App home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitlab-grafana sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml index f2430887d..db71dd729 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: Daemon for serving static websites from GitLab projects home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages - https://gitlab.com/gitlab-org/gitlab-pages -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/templates/configmap.yml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/templates/configmap.yml index 24d952948..496b61a8c 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/templates/configmap.yml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/templates/configmap.yml @@ -51,8 +51,8 @@ data: root-key=/etc/gitlab-secrets/pages/{{ template "gitlab.pages.hostname" $ }}.key {{- end }} {{- end }} - {{- if .Values.propagateCorrelationId }} - propagate-correlation-id={{ .Values.propagateCorrelationId }} + {{- if kindIs "bool" .Values.propagateCorrelationId }} + propagate-correlation-id={{ eq .Values.propagateCorrelationId true }} {{- end }} pages-domain={{ template "gitlab.pages.hostname" . }} pages-root=/srv/gitlab-pages diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml index 0da9aec08..75bd639b8 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 14.15.0 +appVersion: 14.17.0 description: sshd for Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ name: gitlab-shell sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/configmap.yml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/configmap.yml index 73cecda28..88ca617d3 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/configmap.yml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/configmap.yml @@ -83,6 +83,18 @@ data: - {%.%} {%- end %} {%- end %} + # GSSAPI-related settings + gssapi: + # Enable the gssapi-with-mic authentication method. Defaults to false. + enabled: {{ .Values.config.gssapi.enabled }} + # Library path for gssapi shared library - defaults to libgssapi_krb5.so.2 + libpath: {{ .Values.config.gssapi.libpath }} + # Keytab path. Defaults to "", system default (usually /etc/krb5.keytab). + keytab: "/etc/krb5.keytab" + # The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file. + service_principal_name: {{ .Values.config.gssapi.servicePrincipalName }} {{- end }} + krb5.conf: | + {{- .Values.config.gssapi.krb5Config | nindent 4 }} # Leave this here - This line denotes end of block to the parser. {{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml index 588511b19..172ebfb03 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml @@ -130,6 +130,16 @@ spec: - name: shell-secrets mountPath: '/etc/gitlab-secrets' readOnly: true + - name: shell-config + mountPath: '/etc/krb5.conf' + subPath: krb5.conf + readOnly: true + {{- if .Values.config.gssapi.enabled }} + - name: gssapi-keytab + mountPath: '/etc/krb5.keytab' + subPath: {{ .Values.config.gssapi.keytab.key }} + readOnly: true + {{- end }} {{- if eq .Values.sshDaemon "openssh" }} - name: sshd-config mountPath: /etc/ssh/sshd_config @@ -177,6 +187,11 @@ spec: - name: shell-config configMap: name: {{ template "fullname" . }} + {{- if .Values.config.gssapi.enabled }} + - name: gssapi-keytab + secret: + secretName: {{ .Values.config.gssapi.keytab.secret }} + {{- end }} {{- if eq .Values.sshDaemon "openssh" }} - name: sshd-config configMap: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.schema.json b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.schema.json index 1b62a4689..b8c9d3916 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.schema.json +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.schema.json @@ -104,6 +104,40 @@ "items": { "type": "string" } + }, + "gssapi": { + "properties": { + "enabled": { + "title": "Enable GSS-API support for then gitlab-sshd daemon", + "type": "boolean" + }, + "libpath": { + "title": "Library path for gssapi shared library", + "type": "string" + }, + "keytab": { + "properties": { + "secret": { + "title": "The Kubernetes secret name" + }, + "key": { + "title": "The Kubernetes secret key" + } + }, + "title": "The Kubernetes secret holding the keytab for the gssapi-with-mic authentication method", + "type": "object" + }, + "krb5Config": { + "title": "Content of the `/etc/krb5.conf` file in the gitlab-shell container", + "type": "string" + }, + "servicePrincipalName": { + "title": "The Kerberos service name to be used by the gitlab-sshd daemon", + "type": "string" + } + }, + "title": "GSS-API related settings", + "type": "object" } }, "required": [ diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.yaml index f7cb9ce34..ee427939d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.yaml @@ -111,6 +111,14 @@ config: ciphers: [aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr] kexAlgorithms: [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1] macs: [hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1] + gssapi: + enabled: false + libpath: "libgssapi_krb5.so.2" + keytab: + #secret: + key: keytab + krb5Config: "" + servicePrincipalName: "" ## Allow to overwrite under which User and Group we're running. securityContext: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml index fe1f1f55b..197bf29cd 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: v15.9.0 description: GitLab Agent Server home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -17,4 +17,4 @@ name: kas sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml index d79d19e97..fd7d43987 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml @@ -13,4 +13,4 @@ name: mailroom sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml index 6f28987a4..e712a1ec9 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: Database migrations and other versioning tasks for upgrading Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: migrations sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml index c74b2c1bb..d8562e81f 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. home: https://about.gitlab.com/ @@ -16,4 +16,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly - https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/templates/configmap.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/templates/configmap.yaml index c39ecb37d..80a962e59 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/templates/configmap.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/templates/configmap.yaml @@ -42,7 +42,6 @@ data: [failover] enabled = {{ .Values.failover.enabled }} - election_strategy = '{{ .Values.electionStrategy }}' read_only_after_failover = {{ .Values.failover.readonlyAfter }} [auth] @@ -80,6 +79,9 @@ data: {{- $storageName := .name }} [[virtual_storage]] name = '{{ $storageName }}' + {{- if .defaultReplicationFactor }} + default_replication_factor = {{ .defaultReplicationFactor }} + {{- end -}} {{- range until (.gitalyReplicas | int) }} [[virtual_storage.node]] {{- $serviceName := include "gitlab.praefect.gitaly.serviceName" (dict "context" $globalContext "name" $storageName) -}} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/values.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/values.yaml index 9c1361124..bf981ef06 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/values.yaml @@ -6,8 +6,6 @@ failover: enabled: true readonlyAfter: true -electionStrategy: sql - image: repository: registry.gitlab.com/gitlab-org/build/cng/gitaly # pullPolicy: IfNotPresent diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml index ebbd70bbb..76aa69bbc 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: Gitlab Sidekiq for asynchronous task processing in rails home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: sidekiq sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml index d6a1b1de1..4f4ddd088 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml @@ -14,4 +14,4 @@ name: spamcheck sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck - https://gitlab.com/gitlab-org/spamcheck -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml index 7a9cde576..5480fe79a 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: For manually running rake tasks through kubectl home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: toolbox sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml index dd97367e5..f0c7994c7 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/backup-job.yaml @@ -47,6 +47,9 @@ spec: securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} fsGroup: {{ .Values.securityContext.fsGroup }} + {{- if not (empty .Values.securityContext.fsGroupChangePolicy) }} + fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} + {{- end }} {{- if or .Values.serviceAccount.enabled .Values.global.serviceAccount.enabled }} serviceAccountName: {{ include "gitlab.serviceAccount.name" . }} {{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml index b247cc406..cdc9fd868 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml @@ -40,6 +40,9 @@ spec: securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} fsGroup: {{ .Values.securityContext.fsGroup }} + {{- if not (empty .Values.securityContext.fsGroupChangePolicy) }} + fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} + {{- end }} {{- if or .Values.serviceAccount.enabled .Values.global.serviceAccount.enabled }} serviceAccountName: {{ include "gitlab.serviceAccount.name" . }} {{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml index 37271df89..6ba5ba08a 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.3 +appVersion: 15.9.1 description: HTTP server for Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ name: webservice sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice -version: 6.8.3 +version: 6.9.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml index 505739e6c..fea5c67b4 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml @@ -298,6 +298,10 @@ spec: {{- end }} {{- include "gitlab.certificates.volumeMount" $ | nindent 12 }} {{- include "gitlab.extraVolumeMounts" $ | nindent 12 }} + {{- if .deployment.startupProbe }} + startupProbe: + {{- toYaml .deployment.startupProbe | nindent 12 }} + {{- end }} livenessProbe: httpGet: path: /-/liveness @@ -379,6 +383,10 @@ spec: {{- include "gitlab.certificates.volumeMount" $ | nindent 12 }} {{- include "gitlab.appConfig.kerberos.volumeMount" $ | nindent 12 }} {{- include "gitlab.extraVolumeMounts" $ | nindent 12 }} + {{- if .workhorse.startupProbe }} + startupProbe: + {{- toYaml .workhorse.startupProbe | nindent 12 }} + {{- end }} livenessProbe: exec: command: diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml index 9d3e4c443..084770a0c 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/values.yaml @@ -141,6 +141,7 @@ hpa: deployment: # terminationGracePeriodSeconds: 30 + startupProbe: {} livenessProbe: initialDelaySeconds: 20 periodSeconds: 60 @@ -173,6 +174,7 @@ workhorse: memory: 100M # shutdownTimeout: # image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee + startupProbe: {} livenessProbe: initialDelaySeconds: 20 periodSeconds: 60 diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl index 15a2c7d68..22a70a167 100644 --- a/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_configure.tpl @@ -23,7 +23,7 @@ secret_dir="/init-secrets" # required for secret in {{ without $required "none" | join " " }} ; do mkdir -p "${secret_dir}/${secret}" - cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" + cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" done {{- end }} {{- if len (without $optional "none") }} @@ -31,7 +31,7 @@ done for secret in {{ without $optional "none" | join " " }} ; do if [ -e "${config_dir}/${secret}" ]; then mkdir -p "${secret_dir}/${secret}" - cp -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" + cp -f -v -r -L "${config_dir}/${secret}/." "${secret_dir}/${secret}/" fi done {{- end }} diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_rails.redis.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_rails.redis.tpl index c7bd19883..019c4add9 100644 --- a/charts/gitlab/gitlab/charts/gitlab/templates/_rails.redis.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_rails.redis.tpl @@ -5,6 +5,14 @@ Render a Redis `resque` format configuration for Rails. Input: dict "context" $ "name" string */}} {{- define "gitlab.rails.redis.yaml" -}} +{{- if $cluster := include "gitlab.redis.cluster" .context -}} +{{ .name }}.yml.erb: | + production: + {{- include "gitlab.redis.cluster.user" .context | nindent 4 }} + {{- include "gitlab.redis.cluster.password" .context | nindent 4 }} + {{- $cluster | nindent 4 }} + id: +{{- else -}} {{ .name }}.yml.erb: | production: url: {{ template "gitlab.redis.url" .context }} @@ -16,6 +24,7 @@ Input: dict "context" $ "name" string channel_prefix: {{ .context.Values.global.redis.actioncable.channelPrefix }} {{- end }} {{- end }} +{{- end -}} {{- $_ := set .context "redisConfigName" "" }} {{- end -}} @@ -31,6 +40,13 @@ Input: dict "context" $ "name" string {{- end -}} {{- end -}} +{{- define "gitlab.rails.redis.clusterCache" -}} +{{- if .Values.global.redis.clusterCache -}} +{{- $_ := set $ "redisConfigName" "clusterCache" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_cache") -}} +{{- end -}} +{{- end -}} + {{- define "gitlab.rails.redis.sharedState" -}} {{- if .Values.global.redis.sharedState -}} {{- $_ := set $ "redisConfigName" "sharedState" }} @@ -59,6 +75,13 @@ Input: dict "context" $ "name" string {{- end -}} {{- end -}} +{{- define "gitlab.rails.redis.clusterRateLimiting" -}} +{{- if .Values.global.redis.clusterRateLimiting -}} +{{- $_ := set $ "redisConfigName" "clusterRateLimiting" }} +{{- include "gitlab.rails.redis.yaml" (dict "context" $ "name" "redis.cluster_rate_limiting") -}} +{{- end -}} +{{- end -}} + {{- define "gitlab.rails.redis.sessions" -}} {{- if .Values.global.redis.sessions -}} {{- $_ := set $ "redisConfigName" "sessions" }} @@ -94,12 +117,14 @@ redis.yml.erb: | {{- define "gitlab.rails.redis.all" -}} {{ include "gitlab.rails.redis.resque" . }} {{ include "gitlab.rails.redis.cache" . }} +{{ include "gitlab.rails.redis.clusterCache" . }} {{ include "gitlab.rails.redis.sharedState" . }} {{ include "gitlab.rails.redis.queues" . }} {{ include "gitlab.rails.redis.cable" . }} {{ include "gitlab.rails.redis.traceChunks" . }} {{ include "gitlab.rails.redis.rateLimiting" . }} +{{ include "gitlab.rails.redis.clusterRateLimiting" . }} {{ include "gitlab.rails.redis.sessions" . }} {{ include "gitlab.rails.redis.repositoryCache" . }} {{ include "gitlab.rails.redisYmlOverride" . }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_redis.cluster.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_redis.cluster.tpl new file mode 100644 index 000000000..d615d9153 --- /dev/null +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_redis.cluster.tpl @@ -0,0 +1,48 @@ +{{/* ######### Redis Cluster related templates */}} + +{{/* +Return redis cluster user +*/}} +{{- define "gitlab.redis.cluster.user" -}} +{{- include "gitlab.redis.clusterConfig" . -}} +{{- if .redisClusterConfig.user -}} +username: {{ .redisClusterConfig.user }} +{{- end -}} +{{- end -}} + +{{/* +Return redis cluster password +*/}} +{{- define "gitlab.redis.cluster.password" -}} +{{- include "gitlab.redis.clusterConfig" . -}} +{{- if .redisClusterConfig.password -}} +{{- if .redisClusterConfig.password.enabled -}} +password: <%= File.read("/etc/gitlab/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}").strip.to_json %> +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Build the structure describing redis cluster +*/}} +{{- define "gitlab.redis.cluster" -}} +{{- include "gitlab.redis.clusterConfig" . -}} +{{- if .redisClusterConfig.cluster -}} +cluster: +{{- range $i, $entry := .redisClusterConfig.cluster }} + - host: {{ $entry.host }} + port: {{ default 6379 $entry.port }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Set redisClusterConfig, we do _not_ support inheriting from global config if the `cluster` key is set. +*/}} +{{- define "gitlab.redis.clusterConfig" -}} +{{- if .redisConfigName }} +{{- $_ := set . "redisClusterConfig" ( index .Values.global.redis .redisConfigName | default (dict) ) -}} +{{- else -}} +{{- $_ := set . "redisClusterConfig" (dict) -}} +{{- end -}} +{{- end -}} diff --git a/charts/gitlab/gitlab/charts/gitlab/templates/_redis.tpl b/charts/gitlab/gitlab/charts/gitlab/templates/_redis.tpl index 37d1aafb2..f561d72eb 100644 --- a/charts/gitlab/gitlab/charts/gitlab/templates/_redis.tpl +++ b/charts/gitlab/gitlab/charts/gitlab/templates/_redis.tpl @@ -49,7 +49,15 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters Return the redis url. */}} {{- define "gitlab.redis.url" -}} -{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} +{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }} +{{- end -}} + +{{/* +Return the user section of the Redis URI, if needed. +*/}} +{{- define "gitlab.redis.url.user" -}} +{{- include "gitlab.redis.configMerge" . -}} +{{ .redisMergedConfig.user }} {{- end -}} {{/* @@ -96,7 +104,7 @@ Note: Workhorse only uses the primary Redis (global.redis) {{- end -}} {{- define "gitlab.redis.secrets" -}} -{{- range $redis := list "cache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "sessions" "repositoryCache" -}} +{{- range $redis := list "cache" "clusterCache" "sharedState" "queues" "actioncable" "traceChunks" "rateLimiting" "clusterRateLimiting" "sessions" "repositoryCache" -}} {{- if index $.Values.global.redis $redis -}} {{- $_ := set $ "redisConfigName" $redis }} {{ include "gitlab.redis.secret" $ }} diff --git a/charts/gitlab/gitlab/charts/registry/Chart.yaml b/charts/gitlab/gitlab/charts/registry/Chart.yaml index 1223de758..8ccb6f569 100644 --- a/charts/gitlab/gitlab/charts/registry/Chart.yaml +++ b/charts/gitlab/gitlab/charts/registry/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v3.65.0-gitlab +appVersion: v3.67.0-gitlab description: Stateless, highly scalable application that stores and lets you distribute container images home: https://docs.gitlab.com/ee/user/packages/container_registry diff --git a/charts/gitlab/gitlab/charts/registry/values.yaml b/charts/gitlab/gitlab/charts/registry/values.yaml index 89cb7dd2e..22ebc8532 100644 --- a/charts/gitlab/gitlab/charts/registry/values.yaml +++ b/charts/gitlab/gitlab/charts/registry/values.yaml @@ -1,6 +1,6 @@ image: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry - tag: 'v3.65.0-gitlab' + tag: 'v3.67.0-gitlab' # pullPolicy: IfNotPresent # pullSecrets: [] diff --git a/charts/gitlab/gitlab/requirements.lock b/charts/gitlab/gitlab/requirements.lock index c3aa1a7d2..3038c9a92 100644 --- a/charts/gitlab/gitlab/requirements.lock +++ b/charts/gitlab/gitlab/requirements.lock @@ -22,7 +22,7 @@ dependencies: version: 8.9.4 - name: gitlab-runner repository: https://charts.gitlab.io/ - version: 0.49.2 + version: 0.50.1 - name: grafana repository: https://grafana.github.io/helm-charts version: 6.11.0 @@ -32,5 +32,5 @@ dependencies: - name: nginx-ingress repository: "" version: '*.*.*' -digest: sha256:18529bf4e4ef8ffa460919f55b635f7639d9292bb91d2b3f46ee5f62237480fb -generated: "2023-02-15T11:31:27.989738487Z" +digest: sha256:49d31a900c604ab654cbf4fc4be5200921f56731c6659c7cf1cd3abd180419c0 +generated: "2023-02-24T11:24:02.331791355Z" diff --git a/charts/gitlab/gitlab/requirements.yaml b/charts/gitlab/gitlab/requirements.yaml index 454e289ff..14c9128ff 100644 --- a/charts/gitlab/gitlab/requirements.yaml +++ b/charts/gitlab/gitlab/requirements.yaml @@ -21,7 +21,7 @@ dependencies: repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami condition: postgresql.install - name: gitlab-runner - version: 0.49.2 + version: 0.50.1 repository: https://charts.gitlab.io/ condition: gitlab-runner.install - name: grafana diff --git a/charts/gitlab/gitlab/templates/NOTES.txt b/charts/gitlab/gitlab/templates/NOTES.txt index d55ffbba9..a198dbaca 100644 --- a/charts/gitlab/gitlab/templates/NOTES.txt +++ b/charts/gitlab/gitlab/templates/NOTES.txt @@ -46,7 +46,9 @@ The user should ensure all necessary secrets are created according to documentat {{- if or .Values.gitlab.webservice.enabled .Values.registry.enabled .Values.global.minio.enabled }} {{- if not (or .Values.global.ingress.configureCertmanager (include "gitlab.ingress.tls.configured" .)) }} {{ $WARNING }} -Automatic TLS certificate generation with cert-manager is disabled and no TLS certificates were provided. Self-signed certificates were generated. +Automatic TLS certificate generation with cert-manager is disabled. +One or more of the components does not have a TLS certificate Secret configured. +As a result, Self-signed certificates were generated for these components. You may retrieve the CA root for these certificates from the `{{ template "gitlab.wildcard-self-signed-cert-name" $ }}-ca` secret, via the following command. It can then be imported to a web browser or system store. @@ -54,7 +56,7 @@ You may retrieve the CA root for these certificates from the `{{ template "gitla If you do not wish to use self-signed certificates, please set the following properties: - global.ingress.tls.secretName -OR +OR all of: - global.ingress.tls.enabled (set to `true`) {{- if $.Values.gitlab.webservice.enabled }} - gitlab.webservice.ingress.tls.secretName @@ -68,6 +70,12 @@ OR {{- if $.Values.global.minio.enabled }} - minio.ingress.tls.secretName {{- end }} +{{- if $.Values.global.pages.enabled }} +- gitlab.gitlab-pages.ingress.tls.secretName +{{- end }} +{{- if $.Values.global.kas.enabled }} +- gitlab.kas.ingress.tls.secretName +{{- end }} {{- if (index .Values "gitlab-runner").install }} {{ $WARNING }} @@ -164,6 +172,38 @@ kas: With a global value the chart can take care of these configurations without the need for other specific values. {{- end }} +{{- /* Deprecation notice for `gitlab.deprecate.sidekiq.queueSelector` setting */}} +{{- if and (hasKey .Values.gitlab.sidekiq "queueSelector") (eq true .Values.gitlab.sidekiq.queueSelector) -}} +{{ $NOTICE }} +sidekiq: + The configuration of 'gitlab.sidekiq.queueSelector' should be removed. Please follow the steps at https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#start-multiple-processes, to run Sidekiq with multiple processes while listening to all queues. +{{- end }} + +{{- /* Deprecation notice for `gitlab.deprecate.sidekiq.pods.queueSelector` setting */}} +{{- range $index, $pod := .Values.gitlab.sidekiq.pods -}} +{{- if and (hasKey $pod "queueSelector") -}} +{{ $NOTICE }} +sidekiq.pods[{{ $index }}] ({{ $pod.name }}): + The configuration of 'gitlab.sidekiq.pods[{{ $index }}].queueSelector' should be removed. Please follow the steps at https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#start-multiple-processes, to run Sidekiq with multiple processes while listening to all queues. +{{- end -}} +{{- end -}} + +{{- /* Deprecation notice for `gitlab.deprecate.sidekiq.negateQueues` setting */}} +{{- if hasKey .Values.gitlab.sidekiq "negateQueues" -}} +{{ $NOTICE }} +sidekiq: + The configuration of 'gitlab.sidekiq.negateQueues' should be removed. Please follow the steps at https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#start-multiple-processes, to run Sidekiq with multiple processes while listening to all queues. +{{- end }} + +{{- /* Deprecation notice for `gitlab.deprecate.sidekiq.pods.negateQueues` setting */}} +{{- range $index, $pod := .Values.gitlab.sidekiq.pods -}} +{{- if hasKey $pod "negateQueues" -}} +{{ $NOTICE }} +sidekiq.pods[{{ $index }}] ({{ $pod.name }}): + The configuration of 'gitlab.sidekiq.pods[{{ $index }}].negateQueues' should be removed. Please follow the steps at https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#start-multiple-processes, to run Sidekiq with multiple processes while listening to all queues. +{{- end -}} +{{- end -}} + {{- /* run deprecations */}} {{ include "gitlab.deprecations" . }} {{- /* run checkConfig */}} diff --git a/charts/gitlab/gitlab/templates/_certificates.tpl b/charts/gitlab/gitlab/templates/_certificates.tpl index 63e848542..61405f481 100644 --- a/charts/gitlab/gitlab/templates/_certificates.tpl +++ b/charts/gitlab/gitlab/templates/_certificates.tpl @@ -7,7 +7,7 @@ {{- $certmanagerDisabled := not (or $.Values.global.ingress.configureCertmanager $.Values.global.ingress.tls) }} {{- $imageCfg := dict "global" .Values.global.image "local" .Values.global.certificates.image -}} - name: certificates - image: "{{ .Values.global.certificates.image.repository }}:{{ .Values.global.certificates.image.tag }}" + image: {{ include "gitlab.certificates.image" . }} {{- include "gitlab.image.pullPolicy" $imageCfg | indent 2 }} env: {{- include "gitlab.extraEnv" . | nindent 2 }} diff --git a/charts/gitlab/gitlab/templates/_checkConfig.tpl b/charts/gitlab/gitlab/templates/_checkConfig.tpl index 1544a6ff0..66d37a66f 100644 --- a/charts/gitlab/gitlab/templates/_checkConfig.tpl +++ b/charts/gitlab/gitlab/templates/_checkConfig.tpl @@ -50,6 +50,7 @@ Due to gotpl scoping, we can't make use of `range`, so we have to add action lin {{- $messages = append $messages (include "gitlab.checkConfig.gitaly.tls" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.gitaly.extern.repos" .) -}} {{- $messages = append $messages (include "gitlab.checkConfig.praefect.storageNames" .) -}} +{{- $messages = append $messages (include "gitlab.checkConfig.praefect.defaultReplicationFactor" .) -}} {{/* _checkConfig_nginx.tpl*/}} {{- $messages = append $messages (include "gitlab.checkConfig.nginx.controller.extraArgs" .) -}} diff --git a/charts/gitlab/gitlab/templates/_checkConfig_gitaly.tpl b/charts/gitlab/gitlab/templates/_checkConfig_gitaly.tpl index 499e5e119..58beba07b 100644 --- a/charts/gitlab/gitlab/templates/_checkConfig_gitaly.tpl +++ b/charts/gitlab/gitlab/templates/_checkConfig_gitaly.tpl @@ -48,6 +48,25 @@ praefect: {{- end -}} {{/* END gitlab.checkConfig.praefect.storageNames" -}} +{{/* +Ensure that defaultReplicationFactor is greater then 0, and less than gitalyReplicas's number +*/}} +{{- define "gitlab.checkConfig.praefect.defaultReplicationFactor" -}} +{{- if and $.Values.global.gitaly.enabled $.Values.global.praefect.enabled -}} +{{- range $i, $vs := $.Values.global.praefect.virtualStorages -}} +{{- $gitalyReplicas := int (default 1 $vs.gitalyReplicas) -}} +{{- $defaultReplicationFactor := int (default 1 $vs.defaultReplicationFactor) -}} +{{- if or ( gt $defaultReplicationFactor $gitalyReplicas ) ( lt $defaultReplicationFactor 1 ) -}} +praefect: + Praefect is enabled but 'defaultReplicationFactor' is not correct. + 'defaultReplicationFactor' is greater than 1, less than 'gitalyReplicas'. + Please modify `global.praefect.virtualStorages[{{ $i }}].defaultReplicationFactor`. +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{/* END gitlab.checkConfig.praefect.defaultReplicationFactor */}} + {{/* Ensure a certificate is provided when Gitaly is enabled and is instructed to listen over TLS */}} diff --git a/charts/gitlab/gitlab/templates/_helpers.tpl b/charts/gitlab/gitlab/templates/_helpers.tpl index 3700c1109..a218ba611 100644 --- a/charts/gitlab/gitlab/templates/_helpers.tpl +++ b/charts/gitlab/gitlab/templates/_helpers.tpl @@ -439,17 +439,19 @@ Handles merging a set of labels for services {{/* Detect if `x.ingress.tls.secretName` are set -Return value if either `global.ingress.tls.secretName` or all three `x.ingress.tls.secretName` are set. -Return empty if not +Return value if either `global.ingress.tls.secretName` or all components have `x.ingress.tls.secretName` set. +Return empty if not. -We're explicitly checking for an actual value being present, not the existance of map. +We're explicitly checking for an actual value being present, not the existence of map. */}} {{- define "gitlab.ingress.tls.configured" -}} {{/* Pull the value, if it exists */}} -{{- $global := pluck "secretName" (default (dict) $.Values.global.ingress.tls) | first -}} +{{- $global := pluck "secretName" (default (dict) $.Values.global.ingress.tls) | first -}} {{- $webservice := pluck "secretName" $.Values.gitlab.webservice.ingress.tls | first -}} {{- $registry := pluck "secretName" $.Values.registry.ingress.tls | first -}} {{- $minio := pluck "secretName" $.Values.minio.ingress.tls | first -}} +{{- $pages := pluck "secretName" ((index $.Values.gitlab "gitlab-pages").ingress).tls | first -}} +{{- $kas := pluck "secretName" $.Values.gitlab.kas.ingress.tls | first -}} {{- $smartcard := pluck "smartcardSecretName" $.Values.gitlab.webservice.ingress.tls | first -}} {{/* Set each item to configured value, or !enabled This works because `false` is the same as empty, so we'll use the value when `enabled: true` @@ -462,9 +464,11 @@ We're explicitly checking for an actual value being present, not the existance o {{- $webservice := default $webservice (not $.Values.gitlab.webservice.enabled) -}} {{- $registry := default $registry (not $.Values.registry.enabled) -}} {{- $minio := default $minio (not $.Values.global.minio.enabled) -}} +{{- $pages := default $pages (not $.Values.global.pages.enabled) -}} +{{- $kas := default $kas (not $.Values.global.kas.enabled) -}} {{- $smartcard := default $smartcard (not $.Values.global.appConfig.smartcard.enabled) -}} {{/* Check that all enabled items have been configured */}} -{{- if or $global (and $webservice $registry $minio $smartcard) -}} +{{- if or $global (and $webservice $registry $minio $pages $kas $smartcard) -}} true {{- end -}} {{- end -}} @@ -506,10 +510,40 @@ Return true in any other case. {{- end -}} {{/* -Constructs kubectl image name. +Constructs helper image value. +Format: + {{ include "gitlab.helper.image" (dict "context" . "image" "") }} +*/}} +{{- define "gitlab.helper.image" -}} +{{- $gitlabVersion := "" -}} +{{- if .context.Values.global.gitlabVersion -}} +{{- $gitlabVersion = include "gitlab.parseAppVersion" (dict "appVersion" .context.Values.global.gitlabVersion "prepend" "true") -}} +{{- end -}} +{{- $tag := coalesce .image.tag $gitlabVersion "master" -}} +{{- $tagSuffix := include "gitlab.image.tagSuffix" .context -}} +{{- printf "%s:%s%s" .image.repository $tag $tagSuffix -}} +{{- end -}} + +{{/* +Constructs kubectl image value. */}} {{- define "gitlab.kubectl.image" -}} -{{- printf "%s:%s" .Values.global.kubectl.image.repository .Values.global.kubectl.image.tag -}} +{{- include "gitlab.helper.image" (dict "context" . "image" .Values.global.kubectl.image) -}} +{{- end -}} + +{{/* +Constructs certificates image value. +*/}} +{{- define "gitlab.certificates.image" -}} +{{- include "gitlab.helper.image" (dict "context" . "image" .Values.global.certificates.image) -}} +{{- end -}} + +{{/* +Constructs selfsign image value. +*/}} +{{- define "gitlab.selfsign.image" -}} +{{- $image := index .Values "shared-secrets" "selfsign" "image" -}} +{{- include "gitlab.helper.image" (dict "context" . "image" $image) -}} {{- end -}} {{/* @@ -525,10 +559,11 @@ Constructs busybox image name. # doesn't matter what we print there because once rendering is done # deprecation check will kick-in and abort the process. That value will not # be used. + # TODO: consider tagSuffix here, since we took it out of example */}} {{- if kindIs "map" .local.image }} {{- $image := default .global.busybox.image.repository .local.image.repository }} -{{- $tag := default .global.busybox.image.tag .local.image.tag }} +{{- $tag := coalesce .local.image.tag .global.busybox.image.tag "latest" }} {{- printf "%s:%s" $image $tag -}} {{- else }} {{- printf "DEPRECATED:DEPRECATED" -}} diff --git a/charts/gitlab/gitlab/templates/_ingress.tpl b/charts/gitlab/gitlab/templates/_ingress.tpl index ce4005215..636bcdc00 100644 --- a/charts/gitlab/gitlab/templates/_ingress.tpl +++ b/charts/gitlab/gitlab/templates/_ingress.tpl @@ -10,7 +10,7 @@ It expects a dictionary with two entries: {{- $apiVersion := include "gitlab.ingress.apiVersion" . -}} {{- $className := include "ingress.class.name" . -}} {{- if not (eq $apiVersion "networking.k8s.io/v1") -}} -kubernetes.io/ingress.class: {{ $className }} +kubernetes.io/ingress.class: {{ $className | quote }} {{- end -}} {{- end -}} {{- end -}} @@ -38,7 +38,7 @@ Otherwise, it will use the given value (even an empty string ""). {{- if kindIs "invalid" $here.global.class -}} {{- printf "%s-nginx" $here.context.Release.Name -}} {{- else -}} -{{- $here.global.class | quote -}} +{{- $here.global.class -}} {{- end -}} {{- end -}} @@ -53,7 +53,7 @@ It expects a dictionary with two entries: {{- if not (eq (default "" .global.class) "none" ) -}} {{- $apiVersion := include "gitlab.ingress.apiVersion" . -}} {{- if eq $apiVersion "networking.k8s.io/v1" -}} -ingressClassName: {{ include "ingress.class.name" . }} +ingressClassName: {{ include "ingress.class.name" . | quote }} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/gitlab/gitlab/templates/_redis.tpl b/charts/gitlab/gitlab/templates/_redis.tpl index efb9d43a3..4edebbfb6 100644 --- a/charts/gitlab/gitlab/templates/_redis.tpl +++ b/charts/gitlab/gitlab/templates/_redis.tpl @@ -3,14 +3,14 @@ {{/* Build a dict of redis configuration -- inherit from global.redis, all but sentinels +- inherit from global.redis, all but sentinels and cluster - use values within children, if they exist, even if "empty" */}} {{- define "gitlab.redis.configMerge" -}} {{- $_ := set $ "redisConfigName" (default "" $.redisConfigName) -}} {{- $_ := unset $ "redisMergedConfig" -}} {{- $_ := set $ "redisMergedConfig" (dict "redisConfigName" $.redisConfigName) -}} -{{- range $want := list "host" "port" "password" "scheme" -}} +{{- range $want := list "host" "port" "password" "scheme" "user" -}} {{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}} {{- end -}} {{- range $key := keys $.Values.global.redis.password -}} diff --git a/charts/gitlab/gitlab/templates/shared-secrets/job.yaml b/charts/gitlab/gitlab/templates/shared-secrets/job.yaml index b8f499cfb..4cf5d898a 100644 --- a/charts/gitlab/gitlab/templates/shared-secrets/job.yaml +++ b/charts/gitlab/gitlab/templates/shared-secrets/job.yaml @@ -42,7 +42,7 @@ spec: {{- include "gitlab.image.pullSecrets" $imageCfg | nindent 6 }} containers: - name: {{ .Chart.Name }} - image: {{ include "gitlab.kubectl.image" . | quote }} + image: {{ include "gitlab.kubectl.image" . }} {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }} command: ['/bin/bash', '/scripts/generate-secrets'] volumeMounts: diff --git a/charts/gitlab/gitlab/templates/shared-secrets/self-signed-cert-job.yml b/charts/gitlab/gitlab/templates/shared-secrets/self-signed-cert-job.yml index d23f613de..c92f467c3 100644 --- a/charts/gitlab/gitlab/templates/shared-secrets/self-signed-cert-job.yml +++ b/charts/gitlab/gitlab/templates/shared-secrets/self-signed-cert-job.yml @@ -1,10 +1,11 @@ {{- $sharedSecretValues := index .Values "shared-secrets" -}} {{- if $sharedSecretValues.enabled }} -{{- if not (or .Values.global.ingress.configureCertmanager .Values.global.ingress.tls) -}} -{{- $imageCfgSelfsign := dict "global" .Values.global.image "local" $sharedSecretValues.selfsign.image -}} -{{- $imageCfgKubectl := dict "global" .Values.global.image "local" .Values.global.kubectl.image -}} -{{- $jointPullSecrets := concat (default (list) $sharedSecretValues.selfsign.image.pullSecrets) (default (list) .Values.global.kubectl.image.pullSecrets) -}} -{{- $imageCfg := dict "global" .Values.global.image "local" (dict "pullSecrets" $jointPullSecrets) -}} +{{- if not .Values.global.ingress.configureCertmanager -}} +{{- if not (include "gitlab.ingress.tls.configured" .) }} +{{- $imageCfgSelfsign := dict "global" .Values.global.image "local" $sharedSecretValues.selfsign.image -}} +{{- $imageCfgKubectl := dict "global" .Values.global.image "local" .Values.global.kubectl.image -}} +{{- $jointPullSecrets := concat (default (list) $sharedSecretValues.selfsign.image.pullSecrets) (default (list) .Values.global.kubectl.image.pullSecrets) -}} +{{- $imageCfg := dict "global" .Values.global.image "local" (dict "pullSecrets" $jointPullSecrets) -}} apiVersion: batch/v1 kind: Job metadata: @@ -42,7 +43,7 @@ spec: {{- include "gitlab.image.pullSecrets" $imageCfg | nindent 6 }} initContainers: - name: cfssl-self-sign - image: "{{ $sharedSecretValues.selfsign.image.repository }}:{{ $sharedSecretValues.selfsign.image.tag }}" + image: {{ include "gitlab.selfsign.image" . }} {{- include "gitlab.image.pullPolicy" $imageCfgSelfsign | indent 8 }} env: - name: CA_SUBJECT @@ -68,7 +69,7 @@ spec: {{- toYaml $sharedSecretValues.resources | nindent 10 }} containers: - name: kubectl - image: {{ include "gitlab.kubectl.image" . | quote }} + image: {{ include "gitlab.kubectl.image" . }} {{- include "gitlab.image.pullPolicy" $imageCfgKubectl | indent 8 }} command: - /bin/bash @@ -111,5 +112,6 @@ spec: volumes: - name: certs-path emptyDir: {} +{{- end -}} {{- end -}} {{- end }} diff --git a/charts/gitlab/gitlab/values.yaml b/charts/gitlab/gitlab/values.yaml index 995cc40c6..2fa7696f3 100644 --- a/charts/gitlab/gitlab/values.yaml +++ b/charts/gitlab/gitlab/values.yaml @@ -40,7 +40,7 @@ global: edition: ee ## https://docs.gitlab.com/charts/charts/globals#gitlab-version - gitlabVersion: "15.8.3" + gitlabVersion: "15.9.1" ## https://docs.gitlab.com/charts/charts/globals#application-resource application: @@ -133,6 +133,7 @@ global: # key: # host: redis.hostedsomewhere.else # port: 6379 + # user: webservice # sentinels: # - host: # port: @@ -248,6 +249,9 @@ global: ## Periodically update ci_runner_versions table with up-to-date versions and status # ci_runner_versions_reconciliation_worker: # cron: "@daily" + ## Periodically clean up stale ci_runner_machines records + # ci_runners_stale_machines_cleanup_worker: + # cron: "36 4 * * *" ### GitLab Geo # Geo Primary only! # geo_prune_event_log_worker: @@ -717,12 +721,9 @@ global: # configuration of certificates container & custom CA injection certificates: image: - repository: registry.gitlab.com/gitlab-org/build/cng/alpine-certificates - # The digest below comes from a given tag pipeline because they are mirrored to .com, - # ensuring that the image tag is available from both instances. The digest can be - # found in the 'sync_images' job. - # https://dev.gitlab.org/gitlab/charts/components/images/-/tags - tag: 20191127-r2@sha256:367d437d024d7647432d67fb2442e3e5723af5930bad77d3535f4f8f4f8630d9 + repository: registry.gitlab.com/gitlab-org/build/cng/certificates + # Default tag is `master`, overridable by `global.gitlabVersion`. + # tag: master # pullPolicy: IfNotPresent # pullSecrets: [] customCAs: [] @@ -740,11 +741,8 @@ global: kubectl: image: repository: registry.gitlab.com/gitlab-org/build/cng/kubectl - # The digest below comes from a given tag pipeline because they are mirrored to .com, - # ensuring that the image tag is available from both instances. The digest can be - # found in the 'sync_images' job. - # https://dev.gitlab.org/gitlab/charts/components/images/-/tags - tag: 1.24.7@sha256:4be8ed0fb89c29c5bacf0dcedee803e1ac1298da9a45186eb5a391c2353c6bf6 + # Default tag is `master`, overridable by `global.gitlabVersion`. + # tag: master # pullPolicy: IfNotPresent # pullSecrets: [] securityContext: @@ -754,7 +752,7 @@ global: busybox: image: repository: registry.gitlab.com/gitlab-org/cloud-native/mirror/images/busybox - tag: latest + # tag: latest # pullPolicy: IfNotPresent # pullSecrets: [] @@ -858,7 +856,7 @@ nginx-ingress: externalTrafficPolicy: "Local" ingressClassByName: false ingressClassResource: - name: '{{ include "ingress.class.name" $ }}' + name: '{{ include "ingress.class.name" $ | quote }}' resources: requests: cpu: 100m @@ -1094,11 +1092,8 @@ shared-secrets: # pullPolicy: IfNotPresent # pullSecrets: [] repository: registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign - # The digest below comes from a given tag pipeline because they are mirrored to .com, - # ensuring that the image tag is available from both instances. The digest can be - # found in the 'sync_images' job. - # https://dev.gitlab.org/gitlab/charts/components/images/-/tags - tag: 1.6.1@sha256:e89392e13b4ef12cd48ba8c30326aacd89a8d0161cb081ac8dfbb77200d5ebac + # Default tag is `master`, overridable by `global.gitlabVersion`. + # tag: master keyAlgorithm: "rsa" keySize: "4096" expiry: "3650d" diff --git a/charts/harbor/harbor/Chart.yaml b/charts/harbor/harbor/Chart.yaml index aeb83c048..2a04d2614 100644 --- a/charts/harbor/harbor/Chart.yaml +++ b/charts/harbor/harbor/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.20-0' catalog.cattle.io/release-name: harbor apiVersion: v1 -appVersion: 2.7.0 +appVersion: 2.7.1 description: An open source trusted cloud native registry that stores, signs, and scans content home: https://goharbor.io @@ -24,4 +24,4 @@ name: harbor sources: - https://github.com/goharbor/harbor - https://github.com/goharbor/harbor-helm -version: 1.11.0 +version: 1.11.1 diff --git a/charts/harbor/harbor/README.md b/charts/harbor/harbor/README.md index b72151357..3f2d22dcd 100644 --- a/charts/harbor/harbor/README.md +++ b/charts/harbor/harbor/README.md @@ -158,12 +158,6 @@ The following table lists the configurable parameters of the Harbor chart and th | `persistence.persistentVolumeClaim.jobservice.jobLog.accessMode` | The access mode of the volume | `ReadWriteOnce` | | `persistence.persistentVolumeClaim.jobservice.jobLog.size` | The size of the volume | `1Gi` | | `persistence.persistentVolumeClaim.jobservice.jobLog.annotations` | The annotations of the volume | | -| `persistence.persistentVolumeClaim.jobservice.scanDataExports.existingClaim` | Use the existing PVC which must be created manually before bound, and specify the `subPath` if the PVC is shared with other components. | | -| `persistence.persistentVolumeClaim.jobservice.scanDataExports.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used (the default). Set it to `-` to disable dynamic provisioning | | -| `persistence.persistentVolumeClaim.jobservice.scanDataExports.subPath` | The sub path used in the volume | | -| `persistence.persistentVolumeClaim.jobservice.scanDataExports.accessMode` | The access mode of the volume | `ReadWriteOnce` | -| `persistence.persistentVolumeClaim.jobservice.scanDataExports.size` | The size of the volume | `1Gi` | -| `persistence.persistentVolumeClaim.jobservice.scanDataExports.annotations` | The annotations of the volume | | | `persistence.persistentVolumeClaim.database.existingClaim` | Use the existing PVC which must be created manually before bound, and specify the `subPath` if the PVC is shared with other components. If external database is used, the setting will be ignored | | | `persistence.persistentVolumeClaim.database.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used (the default). Set it to `-` to disable dynamic provisioning. If external database is used, the setting will be ignored | | | `persistence.persistentVolumeClaim.database.subPath` | The sub path used in the volume. If external database is used, the setting will be ignored | | @@ -243,6 +237,8 @@ The following table lists the configurable parameters of the Harbor chart and th | `core.serviceAnnotations` | Annotations to add to the core service | `{}` | | `core.secret` | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | | | `core.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain keys named: `tls.crt` - the certificate and `tls.key` - the private key. The default key pair will be used if it isn't set | | +| `core.tokenKey` | PEM-formatted RSA private key used to sign service tokens. Only used if `core.secretName` is unset. If set, `core.tokenCert` MUST also be set. | | +| `core.tokenCert` | PEM-formatted certificate signed by `core.tokenKey` used to validate service tokens. Only used if `core.secretName` is unset. If set, `core.tokenKey` MUST also be set. | | | `core.xsrfKey` | The XSRF key. Will be generated automatically if it isn't specified | | | `core.priorityClassName` | The priority class to run the pod as | | | `core.artifactPullAsyncFlushDuration` | The time duration for async update artifact pull_time and repository pull_count | | diff --git a/charts/harbor/harbor/cert/tls.crt b/charts/harbor/harbor/cert/tls.crt deleted file mode 100644 index de4aa3e09..000000000 --- a/charts/harbor/harbor/cert/tls.crt +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE0zCCArugAwIBAgIJAPY/OzLMeVq2MA0GCSqGSIb3DQEBCwUAMAAwHhcNMTkw -NDE4MDIyNzM3WhcNMjkwNDE1MDIyNzM3WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o -F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr -PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT -RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q -LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp -UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q -w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc -jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr -vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d -1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN -2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA -AaNQME4wHQYDVR0OBBYEFFhNhTo4UAC2PUsf8jYaWj160vGEMB8GA1UdIwQYMBaA -FFhNhTo4UAC2PUsf8jYaWj160vGEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggIBAMAsEtVlELMwdtcifHeOT0kOmf5wo9In/eFSgscCzBMDaRx2B3q36AoS -Il7XWAZpevaR7W7yeARKaAshBLhygUqLD0zWbKlSN9Hprd1wdpM0ffyPpN5dxOYA -er04y12GRnCbMYqi4cvztP4TinXqq2yHSYhLbO9qkI5gbWVxkRuIcMKvixddllNY -Q3obJaDDHmovM3+g/G+1YFgt4qES38XnJ7BrSshHnn5EIQh286xfJriyrK2hHbLJ -qz0YuF6G3DXPeWGgXvj0Hipc0f8UDZkKkk/eGEI6vEkytyvoepoZI2XbAf/ZMy5n -KwuhEn4hhkFMwWaSWp/h0QdMCaxk4BVSOqmNVaLSB7+FjsIj4CasFotYiyJ2gpRB -Nf8QaS4bz0Tn1eBbC8ksj+e3ZWeX2b5wVMjql9jTt2X1ICs8KKe3vEBkjqT2AUi2 -52TtKzm73aWrz/GPy/Q2LCor3Fh9FGVSBOBBDXGy6MJpNHJnYVH9EENFGOh85ol1 -2pADOBB5vAU/kLB5LHPj2kue/FMiHaNnrSYIGrMlBSX2jj9EYa1uuUH+pd4MBj1F -5uH8ORiaQ6ht2+WHklxic1Rj5yTYQwVlH70CBOn+qVEdo63yQwzAMJKFIwlGUQEX -jiljgc86q4cZtUTFrcwMidbk+8Q6+JbDVg7HV/+pnC+wnv197kwe ------END CERTIFICATE----- diff --git a/charts/harbor/harbor/cert/tls.key b/charts/harbor/harbor/cert/tls.key deleted file mode 100644 index 014e2fafb..000000000 --- a/charts/harbor/harbor/cert/tls.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o -F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr -PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT -RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q -LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp -UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q -w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc -jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr -vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d -1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN -2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA -AQKCAgEAk8q8s4PrvYby79UVlWJNKqceykwBkxE1fjrYORWQ2hiAirxGV5+8lDT/ -k6ujm1EWwb5K0HxxRKkb+PEa1HqNNHE6JxNpJKK9exDlYAQ+x7dFBqVr/2nazmo4 -MB8MLYlmIztWWoSYwe8o2mEg4q+bxYs5Imdu7AkhE7dJ63hm23gLMfeMLalRqopu -XBPwE5nXP6aGuUNHtG1K8tQJDlZY+LEbAeOfReNQhT9NdRukYSW579vfKblJrSvz -ulg89sVm3cWEK5pB6rj9wJbK94voKftVqbbuBwWjd1a9pibKhwVBe2L2FWhpSZc5 -F/coC7njTaYT6tr91y5VhhJhIZQCf/vv4Zl5XhFHs5VTZNbM/OfqyFQLYXVJO48K -F7tmazAEQQBQwVZqH9C9NQdzPHWmc38Okhtc1wzaqn/rg9+1sgAMD8hWCtQJUe97 -b9ymh5A0Z4QXKpyFT0b+pXcD1jRha07UtkX+/zLJ9HpAXcUmzkG+j5CXNpnxsIq5 -fJFeq3hBj9w6n4h+50M4W0Fse5YoEUsc3B0fz8BlQBb+YJLFLNH34MH8p1l0ZDYJ -yae0psxlBijg4OPZ+WCBa+jtFW4LiWgEcxwgz8w+hEOAQr2a1Dc7w8jd+Y4IK8Um -lTVs5dbp4mOmPMlRv/GM7kDudFqbMg3YFwXg3QbquVqLZzEzjVkCggEBAPJKZbCW -YfLejkS/fkRyV3VIb54mKwQHoMWub88tPgGuXzjsJyd5QTQ58PpUjXrLHmn8lS2+ -viE8GJylKwN1yMlZw40+kZhpHUpCWx/2ZKjAqvqA9OOKo2fv6Hd/wOAnU4CtioC1 -pri7lKFYXoP8DtQVwHYvIzCRqDnhc4mwJDqzTC9xduI+svxzl4xH82fx0jrPiFY+ -/wOdXjyfIPjyhHC4jPTWbairwXS9dBjSl128aIRT580/yXE/SYAugg05jKtg5zQA -So13MTezXRHXdO0di3tEMHGREEkFpeVnnPQvCCedK0DV36iNwiWc8pwdfLMVneTt -DKwZedCx+o/7ev0CggEBAOu48DGEJJJzHxVR5mY1K2AlZyYtpTOWehK1zX74JvM3 -YxN4nd+Zx5n9uSPmmKzqF3TU+44RVtdJK6ejoFE8dMDTNWaSLW/ZDmN1nT0njvOn -IWJn59ynOChWWKZgXZ/9UqGR7Pt6OxSkkex9c/fYBsMX/xusdXQigeogl0iOYVFW -gXIiiLRLHpHJsK/uNxIizj0hTYYn7uD7PRENwFRcCYf8J1eUFbd6DuCVWeQCKWgf -Nd2tSWoi0Vylj4uUX8Iw0tjLNMD5CREJEk4GSv4EDSmvUdv1LiBKJCL2lEcgoPeC -oOD2iCc5KqgnmQraRilFFk8RVXA9PWZGY3C0b6TVmmcCggEANZO2AOKALlCAbTtb -FI+kP08RP4t5H58AMjZsiweaGo0QiWnPDq+Fd6MIYpKn5mtcAlvUMRVovbioSJtN -c6psB/pNf8JCN82mqHEb7WlywM46AMLbZCWYFLe8VBBv+iE4GdBGPEfu4hK4vyTn -YZAvRz64HGo4Adlztbjg76V/nWtggW05uLXcpm55KJAQhv+2WULjBw9PHOGDoSwf -Am2+U567rLht70prsQDj10laJ2QuSHS1YXGlfeFcw3eFUp9TN+JpvdoCol2lCIgl -IHjgZj6ORWfCvpoxW7RgBuZukqCD0R60HdYtavxN3jtiepsapA83pxO0JapMgZWZ -rpURkQKCAQBOcEv9Liu9T/GX9pjkiezVIZ0hZy8B66DTeQvYpFrRtCyT3h8quNFi -vLtO5v0HDR6hEf5jWAG9wet07U37ulJfl+i9KQdVoLTZA9o+71ryWTsSs+DD3CEj -yxfUxVxiULmeaiChzhq608h7GYPthUU6xlFttAWhj5oLfqzYyAg6OL76a+Nxm02g -1ayl3m8U6eAXF23kpoUm+HNpqVnGuJmzVoUA75YKZ+NreEdhSBbfPwN9sJwtZUil -u7H4kHcM95Ix8eysCjKqKIqezBlITbDTnjNvLjcbJ5C+0a6lvIXT1vQR5/eGlc9M -BWE360pNkV/LD8mOf9Jepi2Q43oDL9EhAoIBAQDTWImfy0K9gGzA2rPy169mWYQK -OlcnD3+hQq6x51Zn1e/texFeVlhHn4rrnRdCFOAp47uFkJ2m72GCVD74EwQucK9y -AD5jorqgVHqCKZdkHjb2V60Mzm6g3rtL9WJXFVLvNBb/QGB2vgHVOO0zqiqGZj4e -Ex7l2m//5SE4DLtn70J9CgG1HtXCS8dWrGPL1pzDnk8VXtnoXzb0LChLUFEgZRmh -cV6AFHEK2H8wBHviNyehsRQiDkl2AiWOcJNvkzW68ck2nJjRWyPYK1JL3NCKpB3Q -OohrP0fHcWAXMW97wFXZhRfnQfDxxIOlj3McYT0AlanXd0F4NGc2Nvmphx04 ------END RSA PRIVATE KEY----- diff --git a/charts/harbor/harbor/templates/_helpers.tpl b/charts/harbor/harbor/templates/_helpers.tpl index b28109595..e92b8ecfc 100644 --- a/charts/harbor/harbor/templates/_helpers.tpl +++ b/charts/harbor/harbor/templates/_helpers.tpl @@ -237,10 +237,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab {{- printf "%s-jobservice" (include "harbor.fullname" .) -}} {{- end -}} -{{- define "harbor.jobserviceScandata" -}} - {{- printf "%s-jobservice-scandata" (include "harbor.fullname" .) -}} -{{- end -}} - {{- define "harbor.registry" -}} {{- printf "%s-registry" (include "harbor.fullname" .) -}} {{- end -}} diff --git a/charts/harbor/harbor/templates/core/core-secret.yaml b/charts/harbor/harbor/templates/core/core-secret.yaml index 9c80e3f7c..f14823f3b 100644 --- a/charts/harbor/harbor/templates/core/core-secret.yaml +++ b/charts/harbor/harbor/templates/core/core-secret.yaml @@ -11,8 +11,9 @@ data: {{- end }} secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }} {{- if not .Values.core.secretName }} - tls.crt: {{ .Files.Get "cert/tls.crt" | b64enc }} - tls.key: {{ .Files.Get "cert/tls.key" | b64enc }} + {{- $ca := genCA "harbor-token-ca" 365 }} + tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }} + tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }} {{- end }} HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} {{- if not .Values.database.external.existingSecret }} diff --git a/charts/harbor/harbor/templates/exporter/exporter-secret.yaml b/charts/harbor/harbor/templates/exporter/exporter-secret.yaml index 815772fdb..328470f4f 100644 --- a/charts/harbor/harbor/templates/exporter/exporter-secret.yaml +++ b/charts/harbor/harbor/templates/exporter/exporter-secret.yaml @@ -7,10 +7,6 @@ metadata: {{ include "harbor.labels" . | indent 4 }} type: Opaque data: -{{- if not .Values.exporter.secretName }} - tls.crt: {{ .Files.Get "cert/tls.crt" | b64enc }} - tls.key: {{ .Files.Get "cert/tls.key" | b64enc }} -{{- end }} HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} {{- if not .Values.database.external.existingSecret }} HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} diff --git a/charts/harbor/harbor/templates/jobservice/jobservice-dpl.yaml b/charts/harbor/harbor/templates/jobservice/jobservice-dpl.yaml index 18bc1cea4..32df454b1 100644 --- a/charts/harbor/harbor/templates/jobservice/jobservice-dpl.yaml +++ b/charts/harbor/harbor/templates/jobservice/jobservice-dpl.yaml @@ -107,9 +107,6 @@ spec: - name: job-logs mountPath: /var/log/jobs subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.jobLog.subPath }} - - name: job-scandata-exports - mountPath: /var/scandata_exports - subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanDataExports.subPath }} {{- if .Values.internalTLS.enabled }} - name: jobservice-internal-certs mountPath: /etc/harbor/ssl/jobservice @@ -128,13 +125,6 @@ spec: {{- else }} emptyDir: {} {{- end }} - - name: job-scandata-exports - {{- if and .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.persistentVolumeClaim.jobservice.scanDataExports.existingClaim | default (include "harbor.jobserviceScandata" .) }} - {{- else }} - emptyDir: {} - {{- end }} {{- if .Values.internalTLS.enabled }} - name: jobservice-internal-certs secret: diff --git a/charts/harbor/harbor/templates/jobservice/jobservice-pvc-scandata.yaml b/charts/harbor/harbor/templates/jobservice/jobservice-pvc-scandata.yaml deleted file mode 100644 index 9810f9781..000000000 --- a/charts/harbor/harbor/templates/jobservice/jobservice-pvc-scandata.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- $scandataExports := .Values.persistence.persistentVolumeClaim.jobservice.scanDataExports -}} -{{- if and .Values.persistence.enabled (not $scandataExports.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "harbor.jobserviceScandata" . }} - annotations: - {{- range $key, $value := $scandataExports.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if eq .Values.persistence.resourcePolicy "keep" }} - helm.sh/resource-policy: keep - {{- end }} - labels: -{{ include "harbor.labels" . | indent 4 }} - component: jobservice -spec: - accessModes: - - {{ $scandataExports.accessMode }} - resources: - requests: - storage: {{ $scandataExports.size }} - {{- if $scandataExports.storageClass }} - {{- if eq "-" $scandataExports.storageClass }} - storageClassName: "" - {{- else }} - storageClassName: {{ $scandataExports.storageClass }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/harbor/harbor/values.yaml b/charts/harbor/harbor/values.yaml index 65d8e221c..32d690d82 100644 --- a/charts/harbor/harbor/values.yaml +++ b/charts/harbor/harbor/values.yaml @@ -237,13 +237,6 @@ persistence: accessMode: ReadWriteOnce size: 1Gi annotations: {} - scanDataExports: - existingClaim: "" - storageClass: "" - subPath: "" - accessMode: ReadWriteOnce - size: 1Gi - annotations: {} # If external database is used, the following settings for database will # be ignored database: @@ -421,7 +414,7 @@ enableMigrateHelmHook: false nginx: image: repository: goharbor/nginx-photon - tag: v2.7.0 + tag: v2.7.1 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -443,7 +436,7 @@ nginx: portal: image: repository: goharbor/harbor-portal - tag: v2.7.0 + tag: v2.7.1 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -465,7 +458,7 @@ portal: core: image: repository: goharbor/harbor-core - tag: v2.7.0 + tag: v2.7.1 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -494,10 +487,16 @@ core: # Fill the name of a kubernetes secret if you want to use your own # TLS certificate and private key for token encryption/decryption. # The secret must contain keys named: - # "tls.crt" - the certificate # "tls.key" - the private key - # The default key pair will be used if it isn't set + # "tls.crt" - the certificate secretName: "" + # If not specifying a preexisting secret, a secret can be created from tokenKey and tokenCert and used instead. + # If none of secretName, tokenKey, and tokenCert are specified, an ephemeral key and certificate will be autogenerated. + # tokenKey and tokenCert must BOTH be set or BOTH unset. + # The tokenKey value is formatted as a multiline string containing a PEM-encoded RSA key, indented one more than tokenKey on the following line. + tokenKey: | + # If tokenKey is set, the value of tokenCert must be set as a PEM-encoded certificate signed by tokenKey, and supplied as a multiline string, indented one more than tokenCert on the following line. + tokenCert: | # The XSRF key. Will be generated automatically if it isn't specified xsrfKey: "" ## The priority class to run the pod as @@ -512,7 +511,7 @@ core: jobservice: image: repository: goharbor/harbor-jobservice - tag: v2.7.0 + tag: v2.7.1 replicas: 1 revisionHistoryLimit: 10 # set the service account to be used, default if left empty @@ -552,7 +551,7 @@ registry: registry: image: repository: goharbor/registry-photon - tag: v2.7.0 + tag: v2.7.1 # resources: # requests: # memory: 256Mi @@ -560,7 +559,7 @@ registry: controller: image: repository: goharbor/harbor-registryctl - tag: v2.7.0 + tag: v2.7.1 # resources: # requests: @@ -620,7 +619,7 @@ chartmuseum: absoluteUrl: false image: repository: goharbor/chartmuseum-photon - tag: v2.7.0 + tag: v2.7.1 replicas: 1 revisionHistoryLimit: 10 # resources: @@ -644,7 +643,7 @@ trivy: # repository the repository for Trivy adapter image repository: goharbor/trivy-adapter-photon # tag the tag for Trivy adapter image - tag: v2.7.0 + tag: v2.7.1 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -719,7 +718,7 @@ notary: automountServiceAccountToken: false image: repository: goharbor/notary-server-photon - tag: v2.7.0 + tag: v2.7.1 replicas: 1 # resources: # requests: @@ -741,7 +740,7 @@ notary: automountServiceAccountToken: false image: repository: goharbor/notary-signer-photon - tag: v2.7.0 + tag: v2.7.1 replicas: 1 # resources: # requests: @@ -773,7 +772,7 @@ database: automountServiceAccountToken: false image: repository: goharbor/harbor-db - tag: v2.7.0 + tag: v2.7.1 # The initial superuser password for internal database password: "changeit" # The size limit for Shared memory, pgSQL use it for shared_buffer @@ -845,7 +844,7 @@ redis: automountServiceAccountToken: false image: repository: goharbor/redis-photon - tag: v2.7.0 + tag: v2.7.1 # resources: # requests: # memory: 256Mi @@ -888,7 +887,7 @@ exporter: automountServiceAccountToken: false image: repository: goharbor/harbor-exporter - tag: v2.7.0 + tag: v2.7.1 nodeSelector: {} tolerations: [] affinity: {} diff --git a/charts/hashicorp/consul/Chart.yaml b/charts/hashicorp/consul/Chart.yaml index 548b589a9..65173f36d 100644 --- a/charts/hashicorp/consul/Chart.yaml +++ b/charts/hashicorp/consul/Chart.yaml @@ -1,13 +1,13 @@ annotations: artifacthub.io/images: | - name: consul - image: hashicorp/consul:1.14.4 + image: hashicorp/consul:1.15.0 - name: consul-k8s-control-plane - image: hashicorp/consul-k8s-control-plane:1.0.4 + image: hashicorp/consul-k8s-control-plane:1.1.0 - name: consul-dataplane - image: hashicorp/consul-dataplane:1.0.1 + image: hashicorp/consul-dataplane:1.1.0 - name: envoy - image: envoyproxy/envoy:v1.23.1 + image: envoyproxy/envoy:v1.25.1 artifacthub.io/license: MPL-2.0 artifacthub.io/links: | - name: Documentation @@ -22,16 +22,16 @@ annotations: url: https://keybase.io/hashicorp/pgp_keys.asc catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Hashicorp Consul - catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: consul apiVersion: v2 -appVersion: 1.14.4 +appVersion: 1.15.0 description: Official HashiCorp Consul Chart home: https://www.consul.io icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png -kubeVersion: '>=1.21.0-0' +kubeVersion: '>=1.22.0-0' name: consul sources: - https://github.com/hashicorp/consul - https://github.com/hashicorp/consul-k8s -version: 1.0.4 +version: 1.1.0 diff --git a/charts/hashicorp/consul/templates/_helpers.tpl b/charts/hashicorp/consul/templates/_helpers.tpl index e2f735e69..3552c8c20 100644 --- a/charts/hashicorp/consul/templates/_helpers.tpl +++ b/charts/hashicorp/consul/templates/_helpers.tpl @@ -73,22 +73,6 @@ as well as the global.name setting. {{ "{{" }}- end -{{ "}}" }} {{- end -}} -{{- define "consul.controllerWebhookTLSCertTemplate" -}} - | - {{ "{{" }}- with secret "{{ .Values.global.secretsBackend.vault.controller.tlsCert.secretName }}" "{{- $name := include "consul.fullname" . -}}{{ printf "common_name=%s-controller-webhook" $name }}" - "alt_names={{ include "consul.controllerWebhookTLSAltNames" . }}" -{{ "}}" }} - {{ "{{" }}- .Data.certificate -{{ "}}" }} - {{ "{{" }}- end -{{ "}}" }} -{{- end -}} - -{{- define "consul.controllerWebhookTLSKeyTemplate" -}} - | - {{ "{{" }}- with secret "{{ .Values.global.secretsBackend.vault.controller.tlsCert.secretName }}" "{{- $name := include "consul.fullname" . -}}{{ printf "common_name=%s-controller-webhook" $name }}" - "alt_names={{ include "consul.controllerWebhookTLSAltNames" . }}" -{{ "}}" }} - {{ "{{" }}- .Data.private_key -{{ "}}" }} - {{ "{{" }}- end -{{ "}}" }} -{{- end -}} - {{- define "consul.serverTLSAltNames" -}} {{- $name := include "consul.fullname" . -}} {{- $ns := .Release.Namespace -}} @@ -109,12 +93,6 @@ as well as the global.name setting. {{ printf "%s-connect-injector,%s-connect-injector.%s,%s-connect-injector.%s.svc,%s-connect-injector.%s.svc.cluster.local" $name $name $ns $name $ns $name $ns}} {{- end -}} -{{- define "consul.controllerWebhookTLSAltNames" -}} -{{- $name := include "consul.fullname" . -}} -{{- $ns := .Release.Namespace -}} -{{ printf "%s-controller-webhook,%s-controller-webhook.%s,%s-controller-webhook.%s.svc,%s-controller-webhook.%s.svc.cluster.local" $name $name $ns $name $ns $name $ns}} -{{- end -}} - {{- define "consul.vaultReplicationTokenTemplate" -}} | {{ "{{" }}- with secret "{{ .Values.global.acls.replicationToken.secretName }}" -{{ "}}" }} @@ -285,20 +263,17 @@ Fails when at least one but not all of the following have been set: - global.secretsBackend.vault.connectInjectRole - global.secretsBackend.vault.connectInject.tlsCert.secretName - global.secretsBackend.vault.connectInject.caCert.secretName -- global.secretsBackend.vault.controllerRole -- global.secretsBackend.vault.controller.tlsCert.secretName -- global.secretsBackend.vault.controller.caCert.secretName The above values are needed in full to turn off web cert manager and allow -connect inject and controller to manage its own webhook certs. +connect inject to manage its own webhook certs. Usage: {{ template "consul.validateVaultWebhookCertConfiguration" . }} */}} {{- define "consul.validateVaultWebhookCertConfiguration" -}} -{{- if or .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName}} -{{- if or (not .Values.global.secretsBackend.vault.connectInjectRole) (not .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName) (not .Values.global.secretsBackend.vault.connectInject.caCert.secretName) (not .Values.global.secretsBackend.vault.controllerRole) (not .Values.global.secretsBackend.vault.controller.tlsCert.secretName) (not .Values.global.secretsBackend.vault.controller.caCert.secretName) }} -{{fail "When one of the following has been set, all must be set: global.secretsBackend.vault.connectInjectRole, global.secretsBackend.vault.connectInject.tlsCert.secretName, global.secretsBackend.vault.connectInject.caCert.secretName, global.secretsBackend.vault.controllerRole, global.secretsBackend.vault.controller.tlsCert.secretName, and global.secretsBackend.vault.controller.caCert.secretName."}} +{{- if or .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName}} +{{- if or (not .Values.global.secretsBackend.vault.connectInjectRole) (not .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName) (not .Values.global.secretsBackend.vault.connectInject.caCert.secretName) }} +{{fail "When one of the following has been set, all must be set: global.secretsBackend.vault.connectInjectRole, global.secretsBackend.vault.connectInject.tlsCert.secretName, global.secretsBackend.vault.connectInject.caCert.secretName"}} {{ end }} {{ end }} {{- end -}} diff --git a/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml b/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml index ec64bc363..a9f1806cc 100644 --- a/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml +++ b/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml @@ -75,6 +75,7 @@ spec: {{- if .Values.global.acls.manageSystemACLs }} - name: CONSUL_HTTP_TOKEN_FILE value: "/consul/login/acl-token" + # CONSUL_LOGIN_DATACENTER is passed to the gateway that gets created. The controller does not use this to log in - name: CONSUL_LOGIN_DATACENTER value: {{ .Values.global.datacenter }} {{- end }} @@ -240,6 +241,12 @@ spec: fieldPath: metadata.name - name: CONSUL_LOGIN_META value: "component=api-gateway-controller,pod=$(NAMESPACE)/$(POD_NAME)" + - name: CONSUL_LOGIN_DATACENTER + {{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter }} + value: {{ .Values.global.federation.primaryDatacenter }} + {{- else }} + value: {{ .Values.global.datacenter }} + {{- end}} {{- include "consul.consulK8sConsulServerEnvVars" . | nindent 8 }} image: {{ .Values.global.imageK8S }} volumeMounts: @@ -260,7 +267,6 @@ spec: consul-k8s-control-plane acl-init \ {{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter }} -auth-method-name={{ template "consul.fullname" . }}-k8s-component-auth-method-{{ .Values.global.datacenter }} \ - -datacenter={{ .Values.global.federation.primaryDatacenter }} \ {{- else }} -auth-method-name={{ template "consul.fullname" . }}-k8s-component-auth-method \ {{- end }} diff --git a/charts/hashicorp/consul/templates/client-daemonset.yaml b/charts/hashicorp/consul/templates/client-daemonset.yaml index 91af3821f..09a70b394 100644 --- a/charts/hashicorp/consul/templates/client-daemonset.yaml +++ b/charts/hashicorp/consul/templates/client-daemonset.yaml @@ -509,6 +509,12 @@ spec: - name: CONSUL_LOGIN_META value: "component=client,pod=$(NAMESPACE)/$(POD_NAME)" {{- end }} + - name: CONSUL_LOGIN_DATACENTER + {{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter }} + value: {{ .Values.global.federation.primaryDatacenter }} + {{- else }} + value: {{ .Values.global.datacenter }} + {{- end}} command: - "/bin/sh" - "-ec" diff --git a/charts/hashicorp/consul/templates/crd-proxydefaults.yaml b/charts/hashicorp/consul/templates/crd-proxydefaults.yaml index e66543637..749f2e425 100644 --- a/charts/hashicorp/consul/templates/crd-proxydefaults.yaml +++ b/charts/hashicorp/consul/templates/crd-proxydefaults.yaml @@ -57,12 +57,60 @@ spec: spec: description: ProxyDefaultsSpec defines the desired state of ProxyDefaults. properties: + accessLogs: + description: AccessLogs controls all envoy instances' access logging + configuration. + properties: + disableListenerLogs: + description: DisableListenerLogs turns off just listener logs + for connections rejected by Envoy because they don't have a + matching listener filter. + type: boolean + enabled: + description: Enabled turns on all access logging + type: boolean + jsonFormat: + description: 'JSONFormat is a JSON-formatted string of an Envoy + access log format dictionary. See for more info on formatting: + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-dictionaries + Defining JSONFormat and TextFormat is invalid.' + type: string + path: + description: Path is the output file to write logs for file-type + logging + type: string + textFormat: + description: 'TextFormat is a representation of Envoy access logs + format. See for more info on formatting: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-strings + Defining JSONFormat and TextFormat is invalid.' + type: string + type: + description: Type selects the output for logs one of "file", "stderr". + "stdout" + type: string + type: object config: description: Config is an arbitrary map of configuration values used by Connect proxies. Any values that your proxy allows can be configured globally here. Supports JSON config values. See https://www.consul.io/docs/connect/proxies/envoy#configuration-formatting type: object x-kubernetes-preserve-unknown-fields: true + envoyExtensions: + description: EnvoyExtensions are a list of extensions to modify Envoy + proxy configuration. + items: + description: EnvoyExtension has configuration for an extension that + patches Envoy resources. + properties: + arguments: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + type: boolean + type: object + type: array expose: description: Expose controls the default expose path configuration for Envoy. diff --git a/charts/hashicorp/consul/templates/crd-servicedefaults.yaml b/charts/hashicorp/consul/templates/crd-servicedefaults.yaml index f1ebdc8d2..5c6ecc747 100644 --- a/charts/hashicorp/consul/templates/crd-servicedefaults.yaml +++ b/charts/hashicorp/consul/templates/crd-servicedefaults.yaml @@ -57,6 +57,12 @@ spec: spec: description: ServiceDefaultsSpec defines the desired state of ServiceDefaults. properties: + balanceInboundConnections: + description: BalanceInboundConnections sets the strategy for allocating + inbound connections to the service across proxy threads. The only + supported value is exact_balance. By default, no connection balancing + is used. Refer to the Envoy Connection Balance config for details. + type: string destination: description: Destination is an address(es)/port combination that represents an endpoint outside the mesh. This is only valid when the mesh is @@ -76,6 +82,22 @@ spec: format: int32 type: integer type: object + envoyExtensions: + description: EnvoyExtensions are a list of extensions to modify Envoy + proxy configuration. + items: + description: EnvoyExtension has configuration for an extension that + patches Envoy resources. + properties: + arguments: + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + type: boolean + type: object + type: array expose: description: Expose controls the default expose path configuration for Envoy. @@ -114,15 +136,15 @@ spec: with an external system. type: string localConnectTimeoutMs: - description: The number of milliseconds allowed to make connections - to the local application instance before timing out. Defaults to - 5000. + description: LocalConnectTimeoutMs is the number of milliseconds allowed + to make connections to the local application instance before timing + out. Defaults to 5000. type: integer localRequestTimeoutMs: - description: In milliseconds, the timeout for HTTP requests to the - local application instance. Applies to HTTP-based protocols only. - If not specified, inherits the Envoy default for route timeouts - (15s). + description: LocalRequestTimeoutMs is the timeout for HTTP requests + to the local application instance in milliseconds. Applies to HTTP-based + protocols only. If not specified, inherits the Envoy default for + route timeouts (15s). type: integer maxInboundConnections: description: MaxInboundConnections is the maximum number of concurrent @@ -236,15 +258,15 @@ spec: type: string type: object name: - description: Name is only accepted within a service-defaults + description: Name is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides config entry. type: string namespace: - description: Namespace is only accepted within a service-defaults + description: Namespace is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides config entry. type: string partition: - description: Partition is only accepted within a service-defaults + description: Partition is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides config entry. type: string passiveHealthCheck: @@ -269,6 +291,10 @@ spec: format: int32 type: integer type: object + peer: + description: Peer is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides + config entry. + type: string protocol: description: Protocol describes the upstream's service protocol. Valid values are "tcp", "http" and "grpc". Anything else @@ -335,15 +361,15 @@ spec: type: string type: object name: - description: Name is only accepted within a service-defaults + description: Name is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides config entry. type: string namespace: - description: Namespace is only accepted within a service-defaults + description: Namespace is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides config entry. type: string partition: - description: Partition is only accepted within a service-defaults + description: Partition is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides config entry. type: string passiveHealthCheck: @@ -370,6 +396,10 @@ spec: format: int32 type: integer type: object + peer: + description: Peer is only accepted within service ServiceDefaultsSpec.UpstreamConfig.Overrides + config entry. + type: string protocol: description: Protocol describes the upstream's service protocol. Valid values are "tcp", "http" and "grpc". Anything else diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrole.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrole.yaml index c2a2422d0..e13e2dc74 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrole.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrole.yaml @@ -1,4 +1,4 @@ -{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName) -}} +{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName) -}} {{- if (and .Values.connectInject.enabled (not $hasConfiguredWebhookCertsUsingVault)) }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrolebinding.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrolebinding.yaml index ca2bb84bd..472ef4ee1 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrolebinding.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName) -}} +{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName) -}} {{- if (and .Values.connectInject.enabled (not $hasConfiguredWebhookCertsUsingVault)) }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-configmap.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-configmap.yaml index 914d2b87d..293dd32d9 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-configmap.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-configmap.yaml @@ -1,4 +1,4 @@ -{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName) -}} +{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName) -}} {{- if (and .Values.connectInject.enabled (not $hasConfiguredWebhookCertsUsingVault)) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml index a2913dd92..dd93c039d 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml @@ -1,4 +1,4 @@ -{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName) -}} +{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName) -}} {{- if (and .Values.connectInject.enabled (not $hasConfiguredWebhookCertsUsingVault)) }} apiVersion: apps/v1 kind: Deployment diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-podsecuritypolicy.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-podsecuritypolicy.yaml index b67dbda51..4d685edc3 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-podsecuritypolicy.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName) -}} +{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName) -}} {{- if (and .Values.global.enablePodSecurityPolicies (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled))) }} {{- if (and .Values.connectInject.enabled (not $hasConfiguredWebhookCertsUsingVault)) }} apiVersion: policy/v1beta1 diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-serviceaccount.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-serviceaccount.yaml index fa4b24ef8..68c54f3c2 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-serviceaccount.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-serviceaccount.yaml @@ -1,4 +1,4 @@ -{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName .Values.global.secretsBackend.vault.controllerRole .Values.global.secretsBackend.vault.controller.tlsCert.secretName .Values.global.secretsBackend.vault.controller.caCert.secretName) -}} +{{ $hasConfiguredWebhookCertsUsingVault := (and .Values.global.secretsBackend.vault.enabled .Values.global.secretsBackend.vault.connectInjectRole .Values.global.secretsBackend.vault.connectInject.tlsCert.secretName .Values.global.secretsBackend.vault.connectInject.caCert.secretName) -}} {{- if (and .Values.connectInject.enabled (not $hasConfiguredWebhookCertsUsingVault)) }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/hashicorp/consul/values.yaml b/charts/hashicorp/consul/values.yaml index d99713ad8..b275ed2a7 100644 --- a/charts/hashicorp/consul/values.yaml +++ b/charts/hashicorp/consul/values.yaml @@ -25,7 +25,7 @@ global: name: null # The domain Consul will answer DNS queries for - # (see `-domain` (https://www.consul.io/docs/agent/config/cli-flags#_domain)) and the domain services synced from + # (Refer to [`-domain`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_domain)) and the domain services synced from # Consul into Kubernetes will have, e.g. `service-name.service.consul`. domain: consul @@ -63,11 +63,11 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: "hashicorp/consul:1.14.4" + image: "hashicorp/consul:1.15.0" # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. - # See https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry for reference. + # Refer to https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry. # # Example: # @@ -83,7 +83,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: hashicorp/consul-k8s-control-plane:1.0.4 + imageK8S: hashicorp/consul-k8s-control-plane:1.1.0 # The name of the datacenter that the agents should # register as. This can't be changed once the Consul cluster is up and running @@ -92,13 +92,14 @@ global: datacenter: dc1 # Controls whether pod security policies are created for the Consul components - # created by this chart. See https://kubernetes.io/docs/concepts/policy/pod-security-policy/. + # created by this chart. Refer to https://kubernetes.io/docs/concepts/policy/pod-security-policy/. enablePodSecurityPolicies: false # secretsBackend is used to configure Vault as the secrets backend for the Consul on Kubernetes installation. # The Vault cluster needs to have the Kubernetes Auth Method, KV2 and PKI secrets engines enabled # and have necessary secrets, policies and roles created prior to installing Consul. - # See https://www.consul.io/docs/k8s/installation/vault for full instructions. + # Refer to [Vault as the Secrets Backend](https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/vault) + # documentation for full instructions. # # The Vault cluster _must_ not have the Consul cluster installed by this Helm chart as its storage backend # as that would cause a circular dependency. @@ -160,12 +161,6 @@ global: # and check the name of `metadata.name`. adminPartitionsRole: "" - # The Vault role to read Consul controller's webhook's - # CA and issue a certificate and private key. - # A Vault policy must be created which grants issue capabilities to - # `global.secretsBackend.vault.controller.tlsCert.secretName`. - controllerRole: "" - # The Vault role to read Consul connect-injector webhook's CA # and issue a certificate and private key. # A Vault policy must be created which grants issue capabilities to @@ -204,8 +199,8 @@ global: # The provider will be configured to use the Vault Kubernetes auth method # and therefore requires the role provided by `global.secretsBackend.vault.consulServerRole` # to have permissions to the root and intermediate PKI paths. - # Please see https://www.consul.io/docs/connect/ca/vault#vault-acl-policies - # for information on how to configure the Vault policies. + # Please refer to [Vault ACL policies](https://developer.hashicorp.com/consul/docs/connect/ca/vault#vault-acl-policies) + # documentation for information on how to configure the Vault policies. connectCA: # The address of the Vault server. address: "" @@ -214,15 +209,15 @@ global: authMethodPath: "kubernetes" # The path to a PKI secrets engine for the root certificate. - # For more details, please refer to [Vault Connect CA configuration](https://www.consul.io/docs/connect/ca/vault#rootpkipath). + # For more details, please refer to [Vault Connect CA configuration](https://developer.hashicorp.com/consul/docs/connect/ca/vault#rootpkipath). rootPKIPath: "" # The path to a PKI secrets engine for the generated intermediate certificate. - # For more details, please refer to [Vault Connect CA configuration](https://www.consul.io/docs/connect/ca/vault#intermediatepkipath). + # For more details, please refer to [Vault Connect CA configuration](https://developer.hashicorp.com/consul/docs/connect/ca/vault#intermediatepkipath). intermediatePKIPath: "" # Additional Connect CA configuration in JSON format. - # Please refer to [Vault Connect CA configuration](https://www.consul.io/docs/connect/ca/vault#configuration) + # Please refer to [Vault Connect CA configuration](https://developer.hashicorp.com/consul/docs/connect/ca/vault#configuration) # for all configuration options available for that provider. # # Example: @@ -241,25 +236,6 @@ global: additionalConfig: | {} - controller: - # Configuration to the Vault Secret that Kubernetes will use on - # Kubernetes CRD creation, deletion, and update, to get TLS certificates - # used issued from vault to send webhooks to the controller. - tlsCert: - # The Vault secret path that issues TLS certificates for controller - # webhooks. - # @type: string - secretName: null - - # Configuration to the Vault Secret that Kubernetes will use on - # Kubernetes CRD creation, deletion, and update, to get CA certificates - # used issued from vault to send webhooks to the controller. - caCert: - # The Vault secret path that contains the CA certificate for controller - # webhooks. - # @type: string - secretName: null - connectInject: # Configuration to the Vault Secret that Kubernetes uses on # Kubernetes pod creation, deletion, and update, to get CA certificates @@ -280,7 +256,7 @@ global: secretName: null # Configures Consul's gossip encryption key. - # (see `-encrypt` (https://www.consul.io/docs/agent/config/cli-flags#_encrypt)). + # (Refer to [`-encrypt`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_encrypt)). # By default, gossip encryption is not enabled. The gossip encryption key may be set automatically or manually. # The recommended method is to automatically generate the key. # To automatically generate and set a gossip encryption key, set autoGenerate to true. @@ -288,7 +264,7 @@ global: # To manually generate a gossip encryption key, set secretName and secretKey and use Consul to generate # a key, saving this as a Kubernetes secret or Vault secret path and key. # If `global.secretsBackend.vault.enabled=true`, be sure to add the "data" component of the secretName path as required by - # the Vault KV-2 secrets engine [see example]. + # the Vault KV-2 secrets engine [refer to example]. # # ```shell-session # $ kubectl create secret generic consul-gossip-encryption-key --from-literal=key=$(consul keygen) @@ -313,12 +289,12 @@ global: # A list of addresses of upstream DNS servers that are used to recursively resolve DNS queries. # These values are given as `-recursor` flags to Consul servers and clients. - # See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details. + # Refer to [`-recursor`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_recursor) for more details. # If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`). # @type: array recursors: [ ] - # Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure) + # Enables [TLS](https://developer.hashicorp.com/consul/tutorials/security/tls-encryption-secure) # across the cluster to verify authenticity of the Consul servers and clients. # Requires Consul v1.4.1+. tls: @@ -348,7 +324,7 @@ global: # If true, `verify_outgoing`, `verify_server_hostname`, # and `verify_incoming` for internal RPC communication will be set to `true` for Consul servers and clients. # Set this to false to incrementally roll out TLS on an existing Consul cluster. - # Please see https://consul.io/docs/k8s/operations/tls-on-existing-cluster + # Please refer to [TLS on existing clusters](https://developer.hashicorp.com/consul/docs/k8s/operations/tls-on-existing-cluster) # for more details. verify: true @@ -389,8 +365,9 @@ global: # # Note that we need the CA key so that we can generate server and client certificates. # It is particularly important for the client certificates since they need to have host IPs - # as Subject Alternative Names. In the future, we may support bringing your own server - # certificates. + # as Subject Alternative Names. If you are setting server certs yourself via `server.serverCert` + # and you are not enabling clients (or clients are enabled with autoEncrypt) then you do not + # need to provide the CA key. caKey: # The name of the Kubernetes or Vault secret that holds the CA key. # @type: string @@ -461,10 +438,10 @@ global: # tolerations configures the taints and tolerations for the server-acl-init # and server-acl-init-cleanup jobs. This should be a multi-line string matching the - # Tolerations (https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. + # [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. tolerations: "" - # This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) + # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) # labels for the server-acl-init and server-acl-init-cleanup jobs pod assignment, formatted as a multi-line string. # # Example: @@ -526,7 +503,7 @@ global: # This address must be reachable from the Consul servers in the primary datacenter. # This auth method will be used to provision ACL tokens for Consul components and is different # from the one used by the Consul Service Mesh. - # Please see the [Kubernetes Auth Method documentation](https://consul.io/docs/acl/auth-methods/kubernetes). + # Please refer to the [Kubernetes Auth Method documentation](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes). # # You can retrieve this value from your `kubeconfig` by running: # @@ -567,7 +544,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: "hashicorp/consul-dataplane:1.0.1" + imageConsulDataplane: "hashicorp/consul-dataplane:1.1.0" # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. @@ -678,7 +655,7 @@ server: image: null # The number of server agents to run. This determines the fault tolerance of - # the cluster. Please see the deployment table (https://consul.io/docs/internals/consensus#deployment-table) + # the cluster. Please refer to the [deployment table](https://developer.hashicorp.com/consul/docs/architecture/consensus#deployment-table) # for more information. replicas: 1 @@ -720,8 +697,8 @@ server: # Vault Secrets backend: # If you are using Vault as a secrets backend, a Vault Policy must be created which allows `["create", "update"]` # capabilities on the PKI issuing endpoint, which is usually of the form `pki/issue/consul-server`. - # Please see the following guide for steps to generate a compatible certificate: - # https://learn.hashicorp.com/tutorials/consul/vault-pki-consul-secure-tls + # Complete [this tutorial](https://developer.hashicorp.com/consul/tutorials/vault-secure/vault-pki-consul-secure-tls) + # to learn how to generate a compatible certificate. # Note: when using TLS, both the `server.serverCert` and `global.tls.caCert` which points to the CA endpoint of this PKI engine # must be provided. serverCert: @@ -764,17 +741,17 @@ server: # storage classes, the PersistentVolumeClaims would need to be manually created. # A `null` value will use the Kubernetes cluster's default StorageClass. If a default # StorageClass does not exist, you will need to create one. - # Refer to the [Read/Write Tuning](https://www.consul.io/docs/install/performance#read-write-tuning) + # Refer to the [Read/Write Tuning](https://developer.hashicorp.com/consul/docs/install/performance#read-write-tuning) # section of the Server Performance Requirements documentation for considerations # around choosing a performant storage class. # - # ~> **Note:** The [Reference Architecture](https://learn.hashicorp.com/tutorials/consul/reference-architecture#hardware-sizing-for-consul-servers) + # ~> **Note:** The [Reference Architecture](https://developer.hashicorp.com/consul/tutorials/production-deploy/reference-architecture#hardware-sizing-for-consul-servers) # contains best practices and recommendations for selecting suitable # hardware sizes for your Consul servers. # @type: string storageClass: null - # This will enable/disable Connect (https://consul.io/docs/connect). Setting this to true + # This will enable/disable [Connect](https://developer.hashicorp.com/consul/docs/connect). Setting this to true # _will not_ automatically secure pod communication, this # setting will only enable usage of the feature. Consul will automatically initialize # a new CA and set of certificates. Additional Connect settings can be configured @@ -796,7 +773,7 @@ server: # The resource requests (CPU, memory, etc.) # for each of the server agents. This should be a YAML map corresponding to a Kubernetes - # ResourceRequirements (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) + # [`ResourceRequirements``](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) # object. NOTE: The use of a YAML string is deprecated. # # Example: @@ -849,12 +826,13 @@ server: # This value is used to carefully # control a rolling update of Consul server agents. This value specifies the - # partition (https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) - # for performing a rolling update. Please read the linked Kubernetes documentation - # and https://www.consul.io/docs/k8s/upgrade#upgrading-consul-servers for more information. + # [partition](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions) + # for performing a rolling update. Please read the linked Kubernetes + # and [Upgrade Consul](https://developer.hashicorp.com/consul/docs/k8s/upgrade#upgrading-consul-servers) + # documentation for more information. updatePartition: 0 - # This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/) + # This configures the [`PodDisruptionBudget`](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # for the server cluster. disruptionBudget: # Enables registering a PodDisruptionBudget for the server @@ -870,7 +848,7 @@ server: # @type: integer maxUnavailable: null - # A raw string of extra JSON configuration (https://consul.io/docs/agent/options) for Consul + # A raw string of extra [JSON configuration](https://developer.hashicorp.com/consul/docs/agent/config/config-files) for Consul # servers. This will be saved as-is into a ConfigMap that is read by the Consul # server agents. This can be used to add additional configuration that # isn't directly exposed by the chart. @@ -933,7 +911,7 @@ server: # @type: array extraContainers: [ ] - # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # for server pods. It defaults to allowing only a single server pod on each node, which # minimizes risk of the cluster becoming unusable if a node is lost. If you need # to run more pods per node (for example, testing on Minikube), set this value @@ -963,13 +941,15 @@ server: topologyKey: kubernetes.io/hostname # Toleration settings for server pods. This - # should be a multi-line string matching the Tolerations - # (https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. + # should be a multi-line string matching the + # [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # array in a Pod spec. tolerations: "" # Pod topology spread constraints for server pods. - # This should be a multi-line YAML string matching the `topologySpreadConstraints` array - # (https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) in a Pod Spec. + # This should be a multi-line YAML string matching the + # [`topologySpreadConstraints`](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) + # array in a Pod Spec. # # This requires K8S >= 1.18 (beta) or 1.19 (stable). # @@ -988,7 +968,7 @@ server: # ``` topologySpreadConstraints: "" - # This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) + # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) # labels for server pod assignment, formatted as a multi-line string. # # Example: @@ -1002,7 +982,7 @@ server: nodeSelector: null # This value references an existing - # Kubernetes `priorityClassName` (https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority) + # Kubernetes [`priorityClassName`](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority) # that can be assigned to server pods. priorityClassName: "" @@ -1087,22 +1067,22 @@ server: # @type: map extraEnvironmentVars: { } - # [Enterprise Only] Values for setting up and running snapshot agents - # (https://consul.io/commands/snapshot/agent) + # [Enterprise Only] Values for setting up and running + # [snapshot agents](https://developer.hashicorp.com/consul/commands/snapshot/agent) # within the Consul clusters. They run as a sidecar with Consul servers. snapshotAgent: # If true, the chart will install resources necessary to run the snapshot agent. enabled: false # Interval at which to perform snapshots. - # See https://www.consul.io/commands/snapshot/agent#interval + # Refer to [`interval`](https://developer.hashicorp.com/consul/commands/snapshot/agent#interval) # @type: string interval: 1h # A Kubernetes or Vault secret that should be manually created to contain the entire # config to be used on the snapshot agent. # This is the preferred method of configuration since there are usually storage - # credentials present. Please see Snapshot agent config (https://consul.io/commands/snapshot/agent#config-file-options) + # credentials present. Please refer to the [Snapshot agent config](https://developer.hashicorp.com/consul/commands/snapshot/agent#config-file-options) # for details. configSecret: # The name of the Kubernetes secret or Vault secret path that holds the snapshot agent config. @@ -1180,7 +1160,7 @@ externalServers: # If you are setting `global.acls.manageSystemACLs` and # `connectInject.enabled` to true, set `k8sAuthMethodHost` to the address of the Kubernetes API server. # This address must be reachable from the Consul servers. - # Please see the Kubernetes Auth Method documentation (https://consul.io/docs/acl/auth-methods/kubernetes). + # Please refer to the [Kubernetes Auth Method documentation](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes). # # You could retrieve this value from your `kubeconfig` by running: # @@ -1209,7 +1189,7 @@ client: # @type: string image: null - # A list of valid `-retry-join` values (https://www.consul.io/docs/agent/config/cli-flags#_retry_join). + # A list of valid [`-retry-join` values](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_retry_join). # If this is `null` (default), then the clients will attempt to automatically # join the server cluster running within Kubernetes. # This means that with `server.enabled` set to true, clients will automatically @@ -1235,7 +1215,7 @@ client: grpc: true # nodeMeta specifies an arbitrary metadata key/value pair to associate with the node - # (see https://www.consul.io/docs/agent/config/cli-flags#_node_meta) + # (refer to [`-node-meta`](https://developer.hashicorp.com/consul/docs/agent/config/cli-flags#_node_meta)) nodeMeta: pod-name: ${HOSTNAME} host-ip: ${HOST_IP} @@ -1306,7 +1286,7 @@ client: # @recurse: false tlsInit: null - # A raw string of extra JSON configuration (https://consul.io/docs/agent/options) for Consul + # A raw string of extra [JSON configuration](https://developer.hashicorp.com/consul/docs/agent/config/config-files) for Consul # clients. This will be saved as-is into a ConfigMap that is read by the Consul # client agents. This can be used to add additional configuration that # isn't directly exposed by the chart. @@ -1411,7 +1391,7 @@ client: affinity: null # This value references an existing - # Kubernetes `priorityClassName` (https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority) + # Kubernetes [`priorityClassName`](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority) # that can be assigned to client pods. priorityClassName: "" @@ -1447,7 +1427,7 @@ client: # @type: map extraEnvironmentVars: { } - # This value defines the Pod DNS policy (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) + # This value defines the [Pod DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) # for client pods to use. # @type: string dnsPolicy: null @@ -1460,7 +1440,8 @@ client: hostNetwork: false # updateStrategy for the DaemonSet. - # See https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy. + # Refer to the Kubernetes [Daemonset upgrade strategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) + # documentation. # This should be a multi-line string mapping directly to the updateStrategy # # Example: @@ -1588,7 +1569,7 @@ ui: # Optionally set the ingressClassName. ingressClassName: "" - # pathType override - see: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types + # pathType override - refer to: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types pathType: Prefix # hosts is a list of host name to create Ingress rules. @@ -1634,8 +1615,8 @@ ui: # @type: boolean # @default: global.metrics.enabled enabled: "-" - # Provider for metrics. See - # https://www.consul.io/docs/agent/options#ui_config_metrics_provider + # Provider for metrics. Refer to + # [`metrics_provider`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#ui_config_metrics_provider) # This value is only used if `ui.enabled` is set to true. # @type: string provider: "prometheus" @@ -1645,9 +1626,10 @@ ui: # @type: string baseURL: http://prometheus-server - # Corresponds to https://www.consul.io/docs/agent/options#ui_config_dashboard_url_templates configuration. + # Corresponds to [`dashboard_url_templates`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#ui_config_dashboard_url_templates) + # configuration. dashboardURLTemplates: - # Sets https://www.consul.io/docs/agent/options#ui_config_dashboard_url_templates_service. + # Sets [`dashboardURLTemplates.service`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#ui_config_dashboard_url_templates_service). service: "" # Configure the catalog sync process to sync K8S with Consul @@ -1669,8 +1651,8 @@ syncCatalog: image: null # If true, all valid services in K8S are - # synced by default. If false, the service must be annotated - # (https://consul.io/docs/k8s/service-sync#sync-enable-disable) properly to sync. + # synced by default. If false, the service must be [annotated](https://developer.hashicorp.com/consul/docs/k8s/service-sync#enable-and-disable-sync) + # properly to sync. # In either case an annotation can override the default. default: true @@ -1809,7 +1791,7 @@ syncCatalog: # @type: string secretKey: null - # This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) + # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) # labels for catalog sync pod assignment, formatted as a multi-line string. # # Example: @@ -1905,7 +1887,7 @@ connectInject: # If true, the injector will inject the # Connect sidecar into all pods by default. Otherwise, pods must specify the - # injection annotation (https://consul.io/docs/k8s/connect#consul-hashicorp-com-connect-inject) + # [injection annotation](https://developer.hashicorp.com/consul/docs/k8s/connect#consul-hashicorp-com-connect-inject) # to opt-in to Connect injection. If this is true, pods can use the same annotation # to explicitly opt-out of injection. default: false @@ -1926,7 +1908,7 @@ connectInject: # Note: This value has no effect if transparent proxy is disabled on the pod. defaultOverwriteProbes: true - # This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/) + # This configures the [`PodDisruptionBudget`](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # for the service mesh sidecar injector. disruptionBudget: # This will enable/disable registering a PodDisruptionBudget for the @@ -2017,7 +1999,8 @@ connectInject: runAsUser: 0 # updateStrategy for the CNI installer DaemonSet. - # See https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy. + # Refer to the Kubernetes [Daemonset upgrade strategy](https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy) + # documentation. # This should be a multi-line string mapping directly to the updateStrategy # # Example: @@ -2162,12 +2145,12 @@ connectInject: # Selector for restricting the webhook to only specific namespaces. # Use with `connectInject.default: true` to automatically inject all pods in namespaces that match the selector. This should be set to a multiline string. - # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector + # Refer to https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector # for more details. # # By default, we exclude kube-system since usually users won't # want those pods injected and local-path-storage and openebs so that - # Kind (Kubernetes In Docker) and OpenEBS (https://openebs.io/) respectively can provision Pods used to create PVCs. + # Kind (Kubernetes In Docker) and [OpenEBS](https://openebs.io/) respectively can provision Pods used to create PVCs. # Note that this exclusion is only supported in Kubernetes v1.21.1+. # # Example: @@ -2268,8 +2251,8 @@ connectInject: # If set to an empty string all service accounts can log in. # This only has effect if ACLs are enabled. # - # See https://www.consul.io/docs/acl/acl-auth-methods.html#binding-rules - # and https://www.consul.io/docs/acl/auth-methods/kubernetes.html#trusted-identity-attributes + # Refer to Auth methods [Binding rules](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods#binding-rules) + # and [Trusted identiy attributes](https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/kubernetes#trusted-identity-attributes) # for more details. # Requires Consul >= v1.5. aclBindingRuleSelector: "serviceaccount.name!=default" @@ -2299,7 +2282,7 @@ connectInject: # leads to unnecessary thread and memory usage and leaves unnecessary idle connections open. It is # advised to keep this number low for sidecars and high for edge proxies. # This will control the `--concurrency` flag to Envoy. - # For additional information see also: https://blog.envoyproxy.io/envoy-threading-model-a8d44b922310 + # For additional information, refer to https://blog.envoyproxy.io/envoy-threading-model-a8d44b922310 # # This setting can be overridden on a per-pod basis via this annotation: # - `consul.hashicorp.com/consul-envoy-proxy-concurrency` @@ -2384,7 +2367,7 @@ meshGateway: # Port that gets registered for WAN traffic. # If source is set to "Service" then this setting will have no effect. - # See the documentation for source as to which port will be used in that + # Refer to the documentation for source as to which port will be used in that # case. port: 443 @@ -2487,7 +2470,7 @@ meshGateway: memory: "50Mi" cpu: "50m" - # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # for mesh gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value # to the value in the example below. @@ -2513,8 +2496,9 @@ meshGateway: tolerations: null # Pod topology spread constraints for mesh gateway pods. - # This should be a multi-line YAML string matching the `topologySpreadConstraints` array - # (https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) in a Pod Spec. + # This should be a multi-line YAML string matching the + # [`topologySpreadConstraints`](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) + # array in a Pod Spec. # # This requires K8S >= 1.18 (beta) or 1.19 (stable). # @@ -2634,7 +2618,7 @@ ingressGateways: memory: "100Mi" cpu: "100m" - # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # for ingress gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value # to the value in the example below. @@ -2660,8 +2644,9 @@ ingressGateways: tolerations: null # Pod topology spread constraints for ingress gateway pods. - # This should be a multi-line YAML string matching the `topologySpreadConstraints` array - # (https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) in a Pod Spec. + # This should be a multi-line YAML string matching the + # [`topologySpreadConstraints`](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) + # array in a Pod Spec. # # This requires K8S >= 1.18 (beta) or 1.19 (stable). # @@ -2764,7 +2749,7 @@ terminatingGateways: memory: "100Mi" cpu: "100m" - # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # for terminating gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value # to the value in the example below. @@ -2790,8 +2775,9 @@ terminatingGateways: tolerations: null # Pod topology spread constraints for terminating gateway pods. - # This should be a multi-line YAML string matching the `topologySpreadConstraints` array - # (https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) in a Pod Spec. + # This should be a multi-line YAML string matching the + # [`topologySpreadConstraints`](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) + # array in a Pod Spec. # # This requires K8S >= 1.18 (beta) or 1.19 (stable). # @@ -2872,7 +2858,7 @@ apiGateway: # The name (and tag) of the Envoy Docker image used for the # apiGateway. For other Consul compoenents, imageEnvoy has been replaced with Consul Dataplane. # @default: envoyproxy/envoy: - imageEnvoy: "envoyproxy/envoy:v1.23.1" + imageEnvoy: "envoyproxy/envoy:v1.25.1" # Override global log verbosity level for api-gateway-controller pods. One of "debug", "info", "warn", or "error". # @type: string @@ -2883,7 +2869,7 @@ apiGateway: # When true a GatewayClass is configured to automatically work with Consul as installed by helm. enabled: true - # This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) + # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) # labels for gateway pod assignment, formatted as a multi-line string. # # Example: @@ -2968,11 +2954,11 @@ apiGateway: annotations: null # This value references an existing - # Kubernetes `priorityClassName` (https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority) + # Kubernetes [`priorityClassName`](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority) # that can be assigned to api-gateway-controller pods. priorityClassName: "" - # This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) + # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) # labels for api-gateway-controller pod assignment, formatted as a multi-line string. # # Example: @@ -2986,7 +2972,7 @@ apiGateway: nodeSelector: null # This value defines the tolerations for api-gateway-controller pod, this should be a multi-line string matching the - # Tolerations (https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. + # [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. # # @type: string tolerations: null @@ -3036,7 +3022,7 @@ webhookCertManager: # @type: string tolerations: null - # This value defines `nodeSelector` (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) + # This value defines [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) # labels for the webhook-cert-manager pod assignment, formatted as a multi-line string. # # Example: diff --git a/charts/instana/instana-agent/Chart.yaml b/charts/instana/instana-agent/Chart.yaml index 6ff4a9b2b..2a375c62e 100644 --- a/charts/instana/instana-agent/Chart.yaml +++ b/charts/instana/instana-agent/Chart.yaml @@ -9,7 +9,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: instana-agent apiVersion: v2 -appVersion: 1.242.0 +appVersion: 1.243.0 description: Instana Agent for Kubernetes home: https://www.instana.com/ icon: https://agents.instana.io/helm/stan-logo-2020.png @@ -23,4 +23,4 @@ maintainers: name: instana-agent sources: - https://github.com/instana/instana-agent-docker -version: 1.2.54 +version: 1.2.55 diff --git a/charts/instana/instana-agent/README.md b/charts/instana/instana-agent/README.md index 3f9788873..ea8eb84ef 100644 --- a/charts/instana/instana-agent/README.md +++ b/charts/instana/instana-agent/README.md @@ -129,7 +129,7 @@ The following table lists the configurable parameters of the Instana chart and t | `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` | | `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` | | `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` | -| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. | +| `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well and it is available until Kubernetes version v1.25. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. | | `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` | | `rbac.create` | Whether RBAC resources should be created | `true` | | `openshift` | Whether to install the Helm chart as needed in OpenShift; this setting implies `rbac.create=true` | `false` | diff --git a/charts/instana/instana-agent/templates/_helpers.tpl b/charts/instana/instana-agent/templates/_helpers.tpl index 0df653d03..7fbd6ec39 100644 --- a/charts/instana/instana-agent/templates/_helpers.tpl +++ b/charts/instana/instana-agent/templates/_helpers.tpl @@ -337,3 +337,11 @@ failureThreshold: 3 {{- define "instana-agent.opentelemetry.grpc.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "grpc" }}{{ if hasKey .Values.opentelemetry.grpc "enabled" }}{{ .Values.opentelemetry.grpc.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ if hasKey .Values.opentelemetry "enabled" }}{{ .Values.opentelemetry.enabled }}{{ else }}{{ false }}{{ end }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}} {{- define "instana-agent.opentelemetry.http.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "http" }}{{ if hasKey .Values.opentelemetry.http "enabled" }}{{ .Values.opentelemetry.http.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ false }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}} + +{{- define "kubeVersion" -}} +{{- if (regexMatch "\\d+\\.\\d+\\.\\d+-(?:eks|gke).+" .Capabilities.KubeVersion.Version) -}} + {{- regexFind "\\d+\\.\\d+\\.\\d+" .Capabilities.KubeVersion.Version -}} +{{- else -}} + {{- printf .Capabilities.KubeVersion.Version }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml b/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml index 2253cdb18..e20fed070 100644 --- a/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml +++ b/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml @@ -1,5 +1,6 @@ {{- if or .Values.agent.key .Values.agent.keysSecret }} {{- if and .Values.cluster.name .Values.zones }} +{{ $opentelemetryIsEnabled := (or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) )}} {{- range $.Values.zones }} {{- $fullname := printf "%s-%s" (include "instana-agent.fullname" $) .name -}} {{- $tolerations := .tolerations -}} @@ -129,7 +130,7 @@ spec: subPath: configuration-disable-kubernetes-sensor.yaml mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml {{- end }} - {{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }} + {{- if $opentelemetryIsEnabled }} - name: configuration subPath: configuration-opentelemetry.yaml mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml diff --git a/charts/instana/instana-agent/templates/agent-daemonset.yaml b/charts/instana/instana-agent/templates/agent-daemonset.yaml index c056c8a99..95270d49e 100644 --- a/charts/instana/instana-agent/templates/agent-daemonset.yaml +++ b/charts/instana/instana-agent/templates/agent-daemonset.yaml @@ -1,3 +1,4 @@ +# TODO: Combine into single template with agent-daemonset-with-zones.yaml {{- if or .Values.agent.key .Values.agent.keysSecret }} {{- if and (or .Values.zone.name .Values.cluster.name) (not .Values.zones) }} {{- $fullname := include "instana-agent.fullname" . -}} @@ -119,7 +120,7 @@ spec: {{- include "volumeMountsForConfigFileInConfigMap" . | nindent 12 }} {{- end }} {{- if or .Values.kubernetes.deployment.enabled .Values.k8s_sensor.deployment.enabled }} - - name: configuration + - name: configuration # TODO: These shouldn't have the same name subPath: configuration-disable-kubernetes-sensor.yaml mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml {{- end }} diff --git a/charts/instana/instana-agent/templates/clusterrole.yaml b/charts/instana/instana-agent/templates/clusterrole.yaml index aa141616a..b2424245b 100644 --- a/charts/instana/instana-agent/templates/clusterrole.yaml +++ b/charts/instana/instana-agent/templates/clusterrole.yaml @@ -66,10 +66,12 @@ rules: verbs: ["use"] {{- end -}} {{- if .Values.podSecurityPolicy.enable}} +{{- if semverCompare "< 1.25.x" (include "kubeVersion" .) }} - apiGroups: ["policy"] resources: ["podsecuritypolicies"] verbs: ["use"] resourceNames: - {{ template "instana-agent.podSecurityPolicyName" . }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/instana/instana-agent/templates/podsecuritypolicy.yaml b/charts/instana/instana-agent/templates/podsecuritypolicy.yaml index 37627a01a..ca4e04964 100644 --- a/charts/instana/instana-agent/templates/podsecuritypolicy.yaml +++ b/charts/instana/instana-agent/templates/podsecuritypolicy.yaml @@ -1,5 +1,6 @@ {{- if .Values.rbac.create }} {{- if (and .Values.podSecurityPolicy.enable (not .Values.podSecurityPolicy.name)) }} +{{- if semverCompare "< 1.25.x" (include "kubeVersion" .) }} --- kind: PodSecurityPolicy apiVersion: policy/v1beta1 @@ -61,3 +62,4 @@ spec: rule: "RunAsAny" {{- end }} {{- end }} +{{- end }} diff --git a/charts/instana/instana-agent/templates/service.yaml b/charts/instana/instana-agent/templates/service.yaml index f812803bc..1644dfed2 100644 --- a/charts/instana/instana-agent/templates/service.yaml +++ b/charts/instana/instana-agent/templates/service.yaml @@ -36,12 +36,7 @@ spec: targetPort: 4318 {{- end -}} - {{- $kubeVersion := .Capabilities.KubeVersion.Version -}} - {{- if (regexMatch "\\d+\\.\\d+\\.\\d+-(?:eks|gke).+" $kubeVersion) -}} - {{- $kubeVersion = regexFind "\\d+\\.\\d+\\.\\d+" $kubeVersion -}} - {{- end -}} - - {{- if semverCompare ">= 1.22.x" $kubeVersion }} + {{- if semverCompare ">= 1.22.x" (include "kubeVersion" .) }} # since we run agents as DaemonSets we assume every node has this Service available: internalTrafficPolicy: Local diff --git a/charts/instana/instana-agent/values.yaml b/charts/instana/instana-agent/values.yaml index 6e165a180..02ba7a1c4 100644 --- a/charts/instana/instana-agent/values.yaml +++ b/charts/instana/instana-agent/values.yaml @@ -218,7 +218,7 @@ serviceAccount: podSecurityPolicy: # Specifies whether a PodSecurityPolicy should be authorized for the Instana Agent pods. - # Requires `rbac.create` to be `true` as well. + # Requires `rbac.create` to be `true` as well and K8s version below v1.25. enable: false # The name of an existing PodSecurityPolicy you would like to authorize for the Instana Agent pods. # If not set and `enable` is true, a PodSecurityPolicy will be created with a name generated using the fullname template. diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index b65f8595c..89f7ab860 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,15 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The change log until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 4.3.4 + +Update Jenkins image and appVersion to jenkins lts release version 2.375.3 + + +## 4.3.3 + +Removed hardcoding of chart version in tests to make maintenance easier + ## 4.3.2 Added `.Values.serviceAccount.extraLabels` on Service Account diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index cc1f8db94..977ec034c 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: jenkins - image: jenkins/jenkins:2.375.2-jdk11 + image: jenkins/jenkins:2.375.3-jdk11 - name: k8s-sidecar image: kiwigrid/k8s-sidecar:1.15.0 - name: inbound-agent @@ -18,7 +18,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.14-0' catalog.cattle.io/release-name: jenkins apiVersion: v2 -appVersion: 2.375.2 +appVersion: 2.375.3 description: Jenkins - Build great things at any scale! The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. @@ -41,4 +41,4 @@ sources: - https://github.com/jenkinsci/docker-inbound-agent - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin -version: 4.3.2 +version: 4.3.4 diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml index b9a42adf4..2287da01e 100644 --- a/charts/jenkins/jenkins/values.yaml +++ b/charts/jenkins/jenkins/values.yaml @@ -19,7 +19,7 @@ controller: # Used for label app.kubernetes.io/component componentName: "jenkins-controller" image: "jenkins/jenkins" - # tag: "2.375.2-jdk11" + # tag: "2.375.3-jdk11" tagLabel: jdk11 imagePullPolicy: "Always" imagePullSecretName: diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index 929a202fb..b41037c1e 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,10 +1,16 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.49.8] - Jan 20, 2023 +## [107.55.0] - Jan 31, 2023 +* Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1760` +* Adding a custom preStop to Artifactory router for allowing graceful termination to complete + +## [107.53.0] - Jan 20, 2023 +* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` + +## [107.50.0] - Jan 20, 2023 * Updated postgresql tag version to `13.9.0-debian-11-r11` * Fixed make lint issue on artifactory-ha chart [GH-1714](https://github.com/jfrog/charts/issues/1714) -* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` * Fixed an issue for capabilities check of ingress * Updated jfrogUrl text path in migrate.sh file * Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723) @@ -13,6 +19,7 @@ All changes to this chart will be documented in this file * Changed logic in wait-for-primary container to use /dev/tcp instead of curl * Added support for setting `seLinuxOptions` in `securityContext` [GH-1700](https://github.com/jfrog/charts/pull/1700) * Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686) +* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` ## [107.48.0] - Oct 27, 2022 * Updated router version to `7.51.0` diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index ac908caba..9e4914843 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.49.8 +appVersion: 7.55.2 dependencies: - condition: postgresql.enabled name: postgresql @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.49.8 +version: 107.55.2 diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml index dc40edae2..80f62c755 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -63,7 +63,7 @@ spec: {{- end }} {{- end }} serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ add .Values.artifactory.terminationGracePeriodSeconds 10 }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- end }} diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml index e399eb3b6..67ae78328 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -81,7 +81,7 @@ spec: {{- end }} {{- end }} serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ add .Values.artifactory.terminationGracePeriodSeconds 10 }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- end }} diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml index ac00deb91..58bcea623 100644 --- a/charts/jfrog/artifactory-ha/values.yaml +++ b/charts/jfrog/artifactory-ha/values.yaml @@ -41,7 +41,7 @@ global: ## String to fully override artifactory-ha.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1760 installer: type: platform: @@ -201,8 +201,8 @@ database: logger: image: registry: releases-docker.jfrog.io - repository: ubi8/ubi-minimal - tag: 8.7.1049 + repository: ubi9/ubi-minimal + tag: 9.1.0.1760 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -217,7 +217,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.56.0 + tag: 7.61.1 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -239,14 +239,14 @@ router: # cpu: "1" # Add lifecycle hooks for router container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - + lifecycle: + # From Artifactory versions 7.52.x, Wait for Artifactory to complete any open uploads or downloads before terminating + preStop: + exec: + command: ["sh", "-c", "while [[ $(curl --fail --silent --connect-timeout 2 http://localhost:8081/artifactory/api/v1/system/liveness) =~ OK ]]; do echo Artifactory is still alive; sleep 2; done"] + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] ## Add custom volumesMounts customVolumeMounts: "" # - name: custom-script @@ -638,6 +638,7 @@ artifactory: consoleLog: enabled: {{ .Values.artifactory.consoleLog }} extraJavaOpts: > + -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.terminationGracePeriodSeconds 1000 }} -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} {{- with .Values.artifactory.primary.javaOpts }} {{- if .corePoolSize }} @@ -844,16 +845,16 @@ artifactory: ## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }} dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data" backupDir: "/var/opt/jfrog/artifactory-backup" - ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. - ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) - ## Create PVCs with ReadWriteMany that match the naming convetions: - ## {{ template "artifactory-ha.fullname" . }}-data-pvc- - ## {{ template "artifactory-ha.fullname" . }}-backup-pvc - ## Example (using numberOfExistingClaims: 2) - ## myexample-data-pvc-0 - ## myexample-data-pvc-1 - ## myexample-backup-pvc - ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. + ## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes. + ## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1) + ## Create PVCs with ReadWriteMany that match the naming convetions: + ## {{ template "artifactory-ha.fullname" . }}-data-pvc- + ## {{ template "artifactory-ha.fullname" . }}-backup-pvc + ## Example (using numberOfExistingClaims: 2) + ## myexample-data-pvc-0 + ## myexample-data-pvc-1 + ## myexample-backup-pvc + ## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive. ## For artifactory.persistence.type nfs ## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes ## cluster nodes. diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md index 285af1d26..6d9ccb324 100644 --- a/charts/jfrog/artifactory-jcr/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.49.8] - Aug 25, 2022 +## [107.55.2] - Aug 25, 2022 * Included event service as mandatory and remove the flag from values.yaml ## [107.41.0] - Jul 22, 2022 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index d84df2626..f8421b6dc 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -4,11 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.49.8 +appVersion: 7.55.2 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.49.8 + version: 107.55.2 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.49.8 +version: 107.55.2 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index b8ce5f2ff..1a78c72de 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,9 +1,15 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.49.8] - Jan 20, 2023 -* Updated postgresql tag version to `13.9.0-debian-11-11` +## [107.55.0] - Jan 31, 2023 +* Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1760` +* Adding a custom preStop to Artifactory router for allowing graceful termination to complete + +## [107.53.0] - Jan 20, 2023 * Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` + +## [107.50.0] - Jan 20, 2023 +* Updated postgresql tag version to `13.9.0-debian-11-11` * Fixed an issue for capabilities check of ingress * Updated jfrogUrl text path in migrate.sh file * Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723) @@ -11,6 +17,7 @@ All changes to this chart will be documented in this file. ## [107.49.0] - Jan 16, 2023 * Added support for setting `seLinuxOptions` in `securityContext` [GH-1699](https://github.com/jfrog/charts/pull/1699) * Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686) +* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` ## [107.48.0] - Oct 27, 2022 * Updated router version to `7.51.0` diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index e2966c53e..ac0ae3a46 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.49.8 +appVersion: 7.55.2 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.49.8 +version: 107.55.2 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml index cf8b91cfe..9f9b1c371 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml @@ -83,7 +83,7 @@ spec: {{- end }} {{- end }} serviceAccountName: {{ template "artifactory.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ add .Values.artifactory.terminationGracePeriodSeconds 10 }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory.imagePullSecrets" . | indent 6 }} {{- end }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml index de51ecd35..b245f7c88 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override artifactory.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1760 # Init containers initContainers: resources: @@ -160,8 +160,8 @@ autoscaling: logger: image: registry: releases-docker.jfrog.io - repository: ubi8/ubi-minimal - tag: 8.7.1049 + repository: ubi9/ubi-minimal + tag: 9.1.0.1760 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -176,7 +176,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.56.0 + tag: 7.61.1 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -198,14 +198,14 @@ router: # cpu: "1" # Add lifecycle hooks for router container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - + lifecycle: + # From Artifactory versions 7.52.x, Wait for Artifactory to complete any open uploads or downloads before terminating + preStop: + exec: + command: ["sh", "-c", "while [[ $(curl --fail --silent --connect-timeout 2 http://localhost:8081/artifactory/api/v1/system/liveness) =~ OK ]]; do echo Artifactory is still alive; sleep 2; done"] + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] ## Add custom volumesMounts customVolumeMounts: "" # - name: custom-script @@ -609,6 +609,7 @@ artifactory: consoleLog: enabled: {{ .Values.artifactory.consoleLog }} extraJavaOpts: > + -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.terminationGracePeriodSeconds 1000 }} -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} {{- with .Values.artifactory.javaOpts }} {{- if .corePoolSize }} diff --git a/charts/jfrog/artifactory-jcr/values.yaml b/charts/jfrog/artifactory-jcr/values.yaml index b26042c5f..357692f0e 100644 --- a/charts/jfrog/artifactory-jcr/values.yaml +++ b/charts/jfrog/artifactory-jcr/values.yaml @@ -67,8 +67,4 @@ postgresql: enabled: true router: image: - tag: 7.56.0 -logger: - image: - tag: 8.7.1049 -initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049 + tag: 7.61.1 diff --git a/charts/kasten/k10/Chart.lock b/charts/kasten/k10/Chart.lock index cc765d613..f8d398e64 100644 --- a/charts/kasten/k10/Chart.lock +++ b/charts/kasten/k10/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: "" version: 15.8.5 digest: sha256:4399c78f4e445e4fbb26151707c9b481fece2002ac02ae20612d9f26e6b66643 -generated: "2023-02-13T18:09:27.808980114Z" +generated: "2023-02-25T02:37:33.967460126Z" diff --git a/charts/kasten/k10/Chart.yaml b/charts/kasten/k10/Chart.yaml index b43534351..c7627add1 100644 --- a/charts/kasten/k10/Chart.yaml +++ b/charts/kasten/k10/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 5.5.5 +appVersion: 5.5.6 dependencies: - name: grafana repository: file://./charts/grafana @@ -20,4 +20,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 5.5.501 +version: 5.5.601 diff --git a/charts/kasten/k10/charts/grafana/values.yaml b/charts/kasten/k10/charts/grafana/values.yaml index 50a114054..2a8842d1c 100644 --- a/charts/kasten/k10/charts/grafana/values.yaml +++ b/charts/kasten/k10/charts/grafana/values.yaml @@ -2890,359 +2890,1747 @@ dashboards: }, "id": 49, "panels": [ - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "palette-classic" }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] } }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Worker Count" }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Worker Count" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 37 - }, - "id": 57, - "interval": "5s", - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true + ] + } + ] }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(exec_executor_worker_count)", - "legendFormat": "Worker Count", - "range": true, - "refId": "A" + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 37 }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(exec_active_job_count) OR on() vector(0)", - "hide": false, - "legendFormat": "Active Job Count", - "range": true, - "refId": "B" - } - ], - "title": "Active Job Count", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" + "id": 57, + "interval": "5s", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(exec_executor_worker_count)", + "legendFormat": "Worker Count", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(exec_active_job_count) OR on() vector(0)", + "hide": false, + "legendFormat": "Worker Load", + "range": true, + "refId": "B" + } + ], + "title": "Executor Worker Load", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] }, - "thresholdsStyle": { - "mode": "off" + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 37 + }, + "id": 68, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_backup_duration_seconds_sum_overall[5m])) / sum(rate(action_backup_ended_overall[5m]))", + "hide": false, + "legendFormat": "Backup", + "range": true, + "refId": "A" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_backup_cluster_duration_seconds_overall_sum[5m])) / sum(rate(action_backup_cluster_ended_overall[5m]))", + "hide": false, + "legendFormat": "Backup Cluster", + "range": true, + "refId": "B" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_export_duration_seconds_sum_overall[5m])) / sum(rate(action_export_ended_overall[5m]))", + "hide": false, + "legendFormat": "Export", + "range": true, + "refId": "C" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_import_duration_seconds_sum_overall[5m])) / sum(rate(action_import_ended_overall[5m]))", + "hide": false, + "legendFormat": "Import", + "range": true, + "refId": "D" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_report_duration_seconds_sum_overall[5m])) / sum(rate(action_report_ended_overall[5m]))", + "hide": false, + "legendFormat": "Report", + "range": true, + "refId": "E" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_retire_duration_seconds_sum_overall[5m])) / sum(rate(action_retire_ended_overall[5m]))", + "hide": false, + "legendFormat": "Retire", + "range": true, + "refId": "F" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_restore_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_ended_overall[5m]))", + "hide": false, + "legendFormat": "Restore", + "range": true, + "refId": "G" + }, + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(action_restore_cluster_duration_seconds_sum_overall[5m])) / sum(rate(action_restore_cluster_ended_overall[5m]))", + "hide": false, + "legendFormat": "Restore Cluster", + "range": true, + "refId": "H" + } + ], + "title": "Average Action Duration", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 44 + }, + "id": 74, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_backup_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Backups", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 44 + }, + "id": 69, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_backup_cluster_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Cluster Backups", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 44 + }, + "id": 75, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_export_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Exports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 44 + }, + "id": 76, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_import_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Imports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 51 + }, + "id": 77, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_report_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Reports", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 51 + }, + "id": 79, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_retire_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Retires", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 51 + }, + "id": 80, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_restore_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Restores", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMax": 0, + "axisSoftMin": 0, + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "succeeded" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cancelled" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "skipped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 51 + }, + "id": 78, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(round(increase(action_restore_cluster_ended_overall[1m:10s]))) by (state)", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Finished Cluster Restores", + "transformations": [], + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 58 + }, + "id": 63, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": "Prometheus", + "editorMode": "code", + "expr": "sum(rate(limiter_request_seconds_sum{stage=\"hold\"}[5m])) by (operation) / sum(rate(limiter_request_seconds_count{stage=\"hold\"}[5m])) by (operation) ", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Rate Limiter - avg operation duration", + "type": "timeseries" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] } }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Limit" }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 37 - }, - "id": 63, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "sum(rate(limiter_request_seconds_sum{stage=\"hold\"}[5m])) by (operation) / sum(rate(limiter_request_seconds_count{stage=\"hold\"}[5m])) by (operation) ", - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Rate Limiter - avg operation duration", - "type": "timeseries" - }, - { - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "red", - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" + { + "matcher": { + "id": "byName", + "options": "inflight" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" + { + "matcher": { + "id": "byName", + "options": "pending" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] } + ] + }, + "gridPos": { + "h": 7, + "w": 4.8, + "x": 0, + "y": 65 + }, + "id": 51, + "maxPerRow": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] + "tooltip": { + "mode": "single", + "sort": "none" } }, - "overrides": [ + "repeat": "operation", + "repeatDirection": "h", + "targets": [ { - "matcher": { - "id": "byName", - "options": "Limit" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_inflight_count{operation=\"$operation\"}", + "legendFormat": "Inflight", + "range": true, + "refId": "A" }, { - "matcher": { - "id": "byName", - "options": "inflight" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_pending_count{operation=\"$operation\"}", + "hide": false, + "legendFormat": "Pending", + "range": true, + "refId": "B" }, { - "matcher": { - "id": "byName", - "options": "pending" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] + "datasource": "Prometheus", + "editorMode": "code", + "expr": "limiter_inflight_limit_value{operation=\"$operation\"}", + "hide": false, + "legendFormat": "Limit", + "range": true, + "refId": "C" } - ] - }, - "gridPos": { - "h": 8, - "w": 4.8, - "x": 0, - "y": 45 - }, - "id": 51, - "maxPerRow": 6, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "repeat": "operation", - "repeatDirection": "h", - "targets": [ - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_inflight_count{operation=\"$operation\"}", - "legendFormat": "Inflight", - "range": true, - "refId": "A" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_pending_count{operation=\"$operation\"}", - "hide": false, - "legendFormat": "Pending", - "range": true, - "refId": "B" - }, - { - "datasource": "Prometheus", - "editorMode": "code", - "expr": "limiter_inflight_limit_value{operation=\"$operation\"}", - "hide": false, - "legendFormat": "Limit", - "range": true, - "refId": "C" - } - ], - "title": "Rate Limiter - $operation", - "type": "timeseries" - } + ], + "title": "Rate Limiter - $operation", + "type": "timeseries" + } ], "targets": [ { diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index 5dbb5ae3d..d295b82e3 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}5.5.5{{- end -}} +{{- define "k10.imageTag" -}}5.5.6{{- end -}} diff --git a/charts/openebs/openebs/Chart.lock b/charts/openebs/openebs/Chart.lock index 2e117b7e2..3492fb6c6 100644 --- a/charts/openebs/openebs/Chart.lock +++ b/charts/openebs/openebs/Chart.lock @@ -16,9 +16,12 @@ dependencies: version: 2.1.0 - name: lvm-localpv repository: https://openebs.github.io/lvm-localpv - version: 1.0.0 + version: 1.0.1 - name: nfs-provisioner repository: https://openebs.github.io/dynamic-nfs-provisioner version: 0.10.0 -digest: sha256:533f2f5f29b0f07b931cad3d89146c5ad96ca98f6925ef87cc449bd8be4d099f -generated: "2023-02-09T23:28:07.940183851Z" +- name: mayastor + repository: https://openebs.github.io/mayastor-extensions + version: 2.0.0 +digest: sha256:0de146367e04eceaac7b98a541c73050ba1992966783db80060e516162f75ec8 +generated: "2023-02-24T10:21:12.101915589Z" diff --git a/charts/openebs/openebs/Chart.yaml b/charts/openebs/openebs/Chart.yaml index 0f4c28eb2..ec1b0500f 100644 --- a/charts/openebs/openebs/Chart.yaml +++ b/charts/openebs/openebs/Chart.yaml @@ -28,11 +28,15 @@ dependencies: - condition: lvm-localpv.enabled name: lvm-localpv repository: file://./charts/lvm-localpv - version: 1.0.0 + version: 1.0.1 - condition: nfs-provisioner.enabled name: nfs-provisioner repository: file://./charts/nfs-provisioner version: 0.10.0 +- condition: mayastor.enabled + name: mayastor + repository: file://./charts/mayastor + version: 2.0.0 description: Containerized Attached Storage for Kubernetes home: http://www.openebs.io/ icon: https://raw.githubusercontent.com/cncf/artwork/HEAD/projects/openebs/icon/color/openebs-icon-color.png @@ -54,4 +58,4 @@ maintainers: name: openebs sources: - https://github.com/openebs/openebs -version: 3.4.0 +version: 3.4.1 diff --git a/charts/openebs/openebs/README.md b/charts/openebs/openebs/README.md index 2dcb05317..c1e523032 100644 --- a/charts/openebs/openebs/README.md +++ b/charts/openebs/openebs/README.md @@ -1,3 +1,11 @@ +## :warning: Compatibility + +The OpenEBS helm chart now supports the installation of Mayastor. Please note the following before installing Mayastor: +1. Mayastor is incompatible with NDM (openebs-ndm) and cStor (cstor). Installing Mayastor alongside NDM and cStor may cause it to behave in unexpected ways. +2. A `helm install` with the `--set mayastor.enabled=true` option set will not deploy the LocalPV Provisioner and NDM. +3. A `helm upgrade` with the `--set mayastor.enabled=true` option set will remove the LocalPV Provisioner and NDM, if they are present. This does not affect any LocalPV volumes you have already provisioned, they will continue to work as expected. +4. Mayastor deployment scenarios involving other OpenEBS storage engines are not tested. It is recommended that you do not install Mayastor along with other storage engines. + # OpenEBS Helm Chart [OpenEBS](https://openebs.io) helps Developers and Platform SREs easily deploy Kubernetes Stateful Workloads that require fast and highly reliable container attached storage. OpenEBS can be deployed on any Kubernetes cluster - either in cloud, on-premise (virtual or bare metal) or developer laptop (minikube). @@ -10,7 +18,7 @@ OpenEBS turns any storage available on the Kubernetes worker nodes into local or ## Documentation and user guides -You can run OpenEBS on any Kubernetes 1.18+ cluster in a matter of minutes. See the [Quickstart Guide to OpenEBS](https://openebs.io/) for detailed instructions. +You can run OpenEBS on any Kubernetes 1.21+ cluster in a matter of minutes. See the [Quickstart Guide to OpenEBS](https://openebs.io/) for detailed instructions. ## Getting started @@ -27,6 +35,7 @@ OpenEBS helm chart will includes common components that are used by multiple eng openebs ├── (default) openebs-ndm ├── (default) localpv-provisioner +├── mayastor ├── jiva ├── cstor ├── zfs-localpv @@ -62,6 +71,11 @@ Examples: ```bash helm install --name openebs --namespace openebs openebs/openebs --create-namespace ``` +- To install OpenEBS with mayastor CSI driver, run + ```bash + helm install openebs openebs/openebs --namespace openebs --create-namespace --set mayastor.enabled=true + ``` +> **Note:** : mayastor will be installed without the default openebs engines - To install OpenEBS with cStor CSI driver, run ```bash @@ -91,75 +105,93 @@ helm delete `my-release` The following table lists the common configurable parameters of the OpenEBS chart and their default values. For a full list of configurable parameters check out the [values.yaml](https://github.com/openebs/charts/blob/HEAD/charts/openebs/values.yaml). -| Parameter | Description | Default | -| ----------------------------------------| --------------------------------------------- |--------------------------------------------------------------------------| -| `apiserver.enabled` | Enable API Server | `true` | -| `apiserver.image` | Image for API Server | `openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `2.12.2` | -| `cleanup.image.registry` | Cleanup pre hook image registry | `nil` | -| `cleanup.image.repository` | Cleanup pre hook image repository | `"bitnami/kubectl"` | -| `cleanup.image.tag` | Cleanup pre hook image tag | `if not provided determined by the k8s version` | -| `crd.enableInstall` | Enable installation of CRDs by OpenEBS | `true` | -| `cstor.pool.image` | Image for cStor Pool | `openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `2.12.2` | -| `cstor.poolMgmt.image` | Image for cStor Pool Management | `openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `2.12.2` | -| `cstor.target.image` | Image for cStor Target | `openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `2.12.2` | -| `cstor.volumeMgmt.image` | Image for cStor Volume Management | `openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `2.12.2` | -| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | -| `featureGates.enabled` | Enable feature gates | `true` | -| `featureGates.GPTBasedUUID.enabled` | Enable feature gate : GPTBasedUUID | `true` | -| `featureGates.APIService.enabled` | Enable feature gate : APIService | `false` | -| `featureGates.UseOSDisk.enabled` | Enable feature gate : UseOSDisk | `false` | -| `featureGates.ChangeDetection.enabled` | Enable feature gate : ChangeDetection | `false` | -| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | -| `helper.image` | Image for helper | `openebs/linux-utils` | -| `helper.imageTag` | Image Tag for helper | `3.4.0` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.repository` | Specify which docker registry to use | `""` | -| `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | -| `jiva.image` | Image for Jiva | `openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `2.12.2` | -| `jiva.replicas` | Number of Jiva Replicas | `3` | -| `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | -| `localprovisioner.enabled` | Enable localProvisioner | `true` | -| `localprovisioner.image` | Image for localProvisioner | `openebs/provisioner-localpv` | -| `localprovisioner.imageTag` | Image Tag for localProvisioner | `3.4.0` | -| `ndm.enabled` | Enable Node Disk Manager | `true` | -| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | -| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | -| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | -| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `/dev/loop,/dev/fd0,/dev/sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd` | -| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | -| `ndm.filters.osDiskExcludePaths` | Paths/Mounts to be excluded by OS Disk Filter | `/,/etc/hosts,/boot` | -| `ndm.image` | Image for Node Disk Manager | `openebs/node-disk-manager` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `2.1.0` | -| `ndmOperator.enabled` | Enable NDM Operator | `true` | -| `ndmOperator.image` | Image for NDM Operator | `openebs/node-disk-operator` | -| `ndmOperator.imageTag` | Image Tag for NDM Operator | `2.1.0` | -| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | -| `policies.monitoring.image` | Image for Prometheus Exporter | `openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `2.12.2` | -| `provisioner.enabled` | Enable Provisioner | `true` | -| `provisioner.image` | Image for Provisioner | `openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `2.12.2` | -| `rbac.create` | Enable RBAC Resources | `true` | -| `rbac.kyvernoEnabled` | Create Kyverno policy resources | `false` | -| `rbac.pspEnabled` | Create pod security policy resources | `false` | -| `snapshotOperator.controller.image` | Image for Snapshot Controller | `openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `2.12.2` | -| `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | -| `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `2.12.2` | -| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | -| `webhook.enabled` | Enable admission server | `true` | -| `webhook.hostNetwork` | Use hostNetwork in admission server | `false` | -| `webhook.image` | Image for admission server | `openebs/admission-server` | -| `webhook.imageTag` | Image Tag for admission server | `2.12.2` | +| Parameter | Description | Default | +| ------------------------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------ | +| `apiserver.enabled` | Enable API Server | `true` | +| `apiserver.image` | Image for API Server | `openebs/m-apiserver` | +| `apiserver.imageTag` | Image Tag for API Server | `2.12.2` | +| `cleanup.image.registry` | Cleanup pre hook image registry | `nil` | +| `cleanup.image.repository` | Cleanup pre hook image repository | `"bitnami/kubectl"` | +| `cleanup.image.tag` | Cleanup pre hook image tag | `if not provided determined by the k8s version` | +| `crd.enableInstall` | Enable installation of CRDs by OpenEBS | `true` | +| `cstor.pool.image` | Image for cStor Pool | `openebs/cstor-pool` | +| `cstor.pool.imageTag` | Image Tag for cStor Pool | `2.12.2` | +| `cstor.poolMgmt.image` | Image for cStor Pool Management | `openebs/cstor-pool-mgmt` | +| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `2.12.2` | +| `cstor.target.image` | Image for cStor Target | `openebs/cstor-istgt` | +| `cstor.target.imageTag` | Image Tag for cStor Target | `2.12.2` | +| `cstor.volumeMgmt.image` | Image for cStor Volume Management | `openebs/cstor-volume-mgmt` | +| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `2.12.2` | +| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | +| `featureGates.enabled` | Enable feature gates | `true` | +| `featureGates.GPTBasedUUID.enabled` | Enable feature gate : GPTBasedUUID | `true` | +| `featureGates.APIService.enabled` | Enable feature gate : APIService | `false` | +| `featureGates.UseOSDisk.enabled` | Enable feature gate : UseOSDisk | `false` | +| `featureGates.ChangeDetection.enabled` | Enable feature gate : ChangeDetection | `false` | +| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | +| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | +| `helper.image` | Image for helper | `openebs/linux-utils` | +| `helper.imageTag` | Image Tag for helper | `3.4.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `image.repository` | Specify which docker registry to use | `""` | +| `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | +| `jiva.image` | Image for Jiva | `openebs/jiva` | +| `jiva.imageTag` | Image Tag for Jiva | `2.12.2` | +| `jiva.replicas` | Number of Jiva Replicas | `3` | +| `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | +| `localprovisioner.enabled` | Enable localProvisioner | `true` | +| `localprovisioner.image` | Image for localProvisioner | `openebs/provisioner-localpv` | +| `localprovisioner.imageTag` | Image Tag for localProvisioner | `3.4.0` | +| `mayastor.enabled` | Enable mayastor (disables localprovisioner and ndm) | `false` | +| `mayastor.etcd.replicaCount` | Set the number of etcd replicas in the | `3` | +| `mayastor.etcd.persistence.storageClass` | Set the StorageClass name used to provision the volume(s) for the etcd | `""` | +| `mayastor.etcd.persistence.size` | Set the size of the volume(s) used by the etcd | `""` | +| `mayastor.image.registry` | Set the container image registry for the mayastor containers | `"docker.io"` | +| `mayastor.image.repo` | Set the container image repository for the mayastor containers | `"openebs"` | +| `mayastor.image.tag` | Set the container image tag for the mayastor containers | `"release-2.0"` | +| `mayastor.image.pullPolicy` | Set the container ImagePullPolicy for the mayastor containers | `"Always"` | +| `mayastor.csi.image.registry` | Set the container image registry for the Kubernetes CSI sidecar containers | `"registry.k8s.io"` | +| `mayastor.csi.image.repo` | Set the container image repository for the Kubernetes CSI sidecar containers | `"sig-storage"` | +| `mayastor.csi.image.pullPolicy` | Set the container ImagePullPolicy for the Kubernetes CSI sidecar containers | `"IfNotPresent"` | +| `mayastor.csi.node.kubeletDir` | Set kubelet directory for Kubernetes CSI plugin registration | `"/var/lib/kubelet"` | +| `mayastor.base.jaeger.enabled` | Enable Jaeger tracing for mayastor | `"false"` | +| `mayastor.jaeger-operator.jaeger.create` | Create Jaeger operator | `"false"` | +| `mayastor.jaeger-operator.crd.install` | Create Jaeger CustomResourceDefinition | `"false"` | +| `mayastor.jaeger-operator.rbac.clusterRole` | Create Jaeger Kubernetes RBAC ClusterRole | `"true"` | +| `mayastor.loki-stack.enabled` | Enable loki log collection for Mayastor components | `"true"` | +| `mayastor.loki-stack.promtail.enabled` | Enables promtail for scraping logs from nodes components | `"true"` | +| `ndm.enabled` | Enable Node Disk Manager | `true` | +| `ndm.filters.enableOsDiskExcludeFilter` | Enable filters of OS disk exclude | `true` | +| `ndm.filters.enablePathFilter` | Enable filters of paths | `true` | +| `ndm.filters.enableVendorFilter` | Enable filters of vendors | `true` | +| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `/dev/loop,/dev/fd0,/dev/sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd` | +| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | +| `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | +| `ndm.filters.osDiskExcludePaths` | Paths/Mounts to be excluded by OS Disk Filter | `/,/etc/hosts,/boot` | +| `ndm.image` | Image for Node Disk Manager | `openebs/node-disk-manager` | +| `ndm.imageTag` | Image Tag for Node Disk Manager | `2.1.0` | +| `ndmOperator.enabled` | Enable NDM Operator | `true` | +| `ndmOperator.image` | Image for NDM Operator | `openebs/node-disk-operator` | +| `ndmOperator.imageTag` | Image Tag for NDM Operator | `2.1.0` | +| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | +| `policies.monitoring.image` | Image for Prometheus Exporter | `openebs/m-exporter` | +| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `2.12.2` | +| `provisioner.enabled` | Enable Provisioner | `true` | +| `provisioner.image` | Image for Provisioner | `openebs/openebs-k8s-provisioner` | +| `provisioner.imageTag` | Image Tag for Provisioner | `2.12.2` | +| `rbac.create` | Enable RBAC Resources | `true` | +| `rbac.kyvernoEnabled` | Create Kyverno policy resources | `false` | +| `rbac.pspEnabled` | Create pod security policy resources | `false` | +| `snapshotOperator.controller.image` | Image for Snapshot Controller | `openebs/snapshot-controller` | +| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `2.12.2` | +| `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | +| `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `openebs/snapshot-provisioner` | +| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `2.12.2` | +| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | +| `webhook.enabled` | Enable admission server | `true` | +| `webhook.hostNetwork` | Use hostNetwork in admission server | `false` | +| `webhook.image` | Image for admission server | `openebs/admission-server` | +| `webhook.imageTag` | Image Tag for admission server | `2.12.2` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml b/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml index 26fb15785..557705b00 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: lvm-localpv sources: - https://github.com/openebs/lvm-localpv -version: 1.0.0 +version: 1.0.1 diff --git a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml index 3571a9394..c6ed0b32a 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-controller.yaml @@ -141,7 +141,7 @@ spec: emptyDir: {} {{- if .Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.lvmController.nodeSelector }} nodeSelector: diff --git a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml index 9c104113f..3d072b8f6 100644 --- a/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml +++ b/charts/openebs/openebs/charts/lvm-localpv/templates/lvm-node.yaml @@ -140,7 +140,7 @@ spec: type: Directory {{- if .Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.lvmNode.nodeSelector }} nodeSelector: diff --git a/charts/openebs/openebs/charts/mayastor/.helmignore b/charts/openebs/openebs/charts/mayastor/.helmignore new file mode 100644 index 000000000..7ba69a71f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +*.md diff --git a/charts/openebs/openebs/charts/mayastor/Chart.lock b/charts/openebs/openebs/charts/mayastor/Chart.lock new file mode 100644 index 000000000..88897cdef --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: etcd + repository: https://charts.bitnami.com/bitnami + version: 8.6.0 +- name: jaeger-operator + repository: https://jaegertracing.github.io/helm-charts + version: 2.25.0 +- name: loki-stack + repository: https://grafana.github.io/helm-charts + version: 2.6.4 +digest: sha256:3d832d0ef2dd68bda649805711ef21fd5e5fb3841c1c6b9a4200703475cf6c28 +generated: "2023-02-07T10:20:57.594369225Z" diff --git a/charts/openebs/openebs/charts/mayastor/Chart.yaml b/charts/openebs/openebs/charts/mayastor/Chart.yaml new file mode 100644 index 000000000..d4f888ec5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +appVersion: 2.0.0 +dependencies: +- name: etcd + repository: https://charts.bitnami.com/bitnami + version: 8.6.0 +- condition: base.jaeger.enabled + name: jaeger-operator + repository: https://jaegertracing.github.io/helm-charts + version: 2.25.0 +- condition: loki-stack.enabled + name: loki-stack + repository: https://grafana.github.io/helm-charts + version: 2.6.4 +description: Mayastor Helm chart for Kubernetes +name: mayastor +type: application +version: 2.0.0 diff --git a/charts/openebs/openebs/charts/mayastor/README.md.tmpl b/charts/openebs/openebs/charts/mayastor/README.md.tmpl new file mode 100644 index 000000000..3092c02fe --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/README.md.tmpl @@ -0,0 +1,58 @@ +{{ template "chart.header" . }} +{{ template "chart.description" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +## Installation Guide + +### Prerequisites + + - Make sure the [system requirement pre-requisites](https://mayastor.gitbook.io/introduction/quickstart/prerequisites) are met. + - Label the storage nodes same as the mayastor.nodeSelector in values.yaml + - Create the namespace you want the chart to be installed, or pass the `--create-namespace` flag in the `helm install` command. + ```sh + kubectl create ns + ``` + - Create secret if downloading the container images from a private repo. + ```sh + kubectl create secret docker-registry --docker-server="https://index.docker.io/v1/" --docker-username="" --docker-password="" --docker-email="" -n + ``` + +### Installing the chart via the git repo + +Clone the mayastor charts repo. +Sync the chart dependencies +```console +$ helm dependency update +``` +Install the mayastor chart using the command. +```console +$ helm install mayastor . -n +``` + +### Installing the Chart via Helm Registry + +To install the chart with the release name `my-release`: + +```console +$ helm repo add openebs https://openebs.github.io/mayastor-extensions/ +$ helm install my-release openebs/{{ template "chart.name" . }} +``` + +## Chart Dependencies + +{{ template "chart.requirementsTable" . }} + +{{ template "chart.valuesHeader" . }} + +| Key | Description | Default | +|-----|-------------|:-------:| +{{ range .Values }} +{{- if or .Description .AutoDescription -}} +{{ if eq .Type "object" -}} +| {{ .Key | replace "." ".​" }} | {{ .Description | default .AutoDescription }} | 
{{ replace "}" "
}" (replace "{" "{
" (replace "," ",
" (toJson (fromJson (trimAll "`" (.Default | default .AutoDefault)))))) }}
| +{{ else -}} +| {{ .Key | replace "." ".​" }} | {{ .Description | default .AutoDescription }} | {{ .Default | default .AutoDefault }} | +{{ end -}} +{{ end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/etcd/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/Chart.lock b/charts/openebs/openebs/charts/mayastor/charts/etcd/Chart.lock new file mode 100644 index 000000000..acaa1520d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.2.2 +digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5 +generated: "2022-12-19T15:22:40.567625269Z" diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/Chart.yaml new file mode 100644 index 000000000..cb5c27a9b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 3.5.6 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 2.x.x +description: etcd is a distributed key-value store designed to securely store data + across a cluster. etcd is widely used in production on account of its reliability, + fault-tolerance and ease of use. +home: https://github.com/bitnami/charts/tree/main/bitnami/etcd +icon: https://bitnami.com/assets/stacks/etcd/img/etcd-stack-220x234.png +keywords: +- etcd +- cluster +- database +- cache +- key-value +maintainers: +- name: Bitnami + url: https://github.com/bitnami/charts +name: etcd +sources: +- https://github.com/bitnami/containers/tree/main/bitnami/etcd +- https://coreos.com/etcd/ +version: 8.6.0 diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/README.md b/charts/openebs/openebs/charts/mayastor/charts/etcd/README.md new file mode 100644 index 000000000..59c1a2a62 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/README.md @@ -0,0 +1,545 @@ + + +# Etcd packaged by Bitnami + +etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use. + +[Overview of Etcd](https://etcd.io/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +$ helm repo add my-repo https://charts.bitnami.com/bitnami +$ helm install my-release my-repo/etcd +``` + +## Introduction + +This chart bootstraps a [etcd](https://github.com/bitnami/containers/tree/main/bitnami/etcd) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add my-repo https://charts.bitnami.com/bitnami +$ helm install my-release my-repo/etcd +``` + +These commands deploy etcd on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### etcd parameters + +| Name | Description | Value | +| -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | --------------------- | +| `image.registry` | etcd image registry | `docker.io` | +| `image.repository` | etcd image name | `bitnami/etcd` | +| `image.tag` | etcd image tag | `3.5.6-debian-11-r10` | +| `image.digest` | etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | etcd image pull policy | `IfNotPresent` | +| `image.pullSecrets` | etcd image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `auth.rbac.create` | Switch to enable RBAC authentication | `true` | +| `auth.rbac.allowNoneAuthentication` | Allow to use etcd without configuring RBAC authentication | `true` | +| `auth.rbac.rootPassword` | Root user password. The root user is always `root` | `""` | +| `auth.rbac.existingSecret` | Name of the existing secret containing credentials for the root user | `""` | +| `auth.rbac.existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | +| `auth.token.type` | Authentication token type. Allowed values: 'simple' or 'jwt' | `jwt` | +| `auth.token.privateKey.filename` | Name of the file containing the private key for signing the JWT token | `jwt-token.pem` | +| `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token | `""` | +| `auth.token.signMethod` | JWT token sign method | `RS256` | +| `auth.token.ttl` | JWT token TTL | `10m` | +| `auth.client.secureTransport` | Switch to encrypt client-to-server communications using TLS certificates | `false` | +| `auth.client.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | +| `auth.client.existingSecret` | Name of the existing secret containing the TLS certificates for client-to-server communications | `""` | +| `auth.client.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | +| `auth.client.certFilename` | Name of the file containing the client certificate | `cert.pem` | +| `auth.client.certKeyFilename` | Name of the file containing the client certificate private key | `key.pem` | +| `auth.client.caFilename` | Name of the file containing the client CA certificate | `""` | +| `auth.peer.secureTransport` | Switch to encrypt server-to-server communications using TLS certificates | `false` | +| `auth.peer.useAutoTLS` | Switch to automatically create the TLS certificates | `false` | +| `auth.peer.existingSecret` | Name of the existing secret containing the TLS certificates for server-to-server communications | `""` | +| `auth.peer.enableAuthentication` | Switch to enable host authentication using TLS certificates. Requires existing secret | `false` | +| `auth.peer.certFilename` | Name of the file containing the peer certificate | `cert.pem` | +| `auth.peer.certKeyFilename` | Name of the file containing the peer certificate private key | `key.pem` | +| `auth.peer.caFilename` | Name of the file containing the peer CA certificate | `""` | +| `autoCompactionMode` | Auto compaction mode, by default periodic. Valid values: "periodic", "revision". | `""` | +| `autoCompactionRetention` | Auto compaction retention for mvcc key value store in hour, by default 0, means disabled | `""` | +| `initialClusterState` | Initial cluster state. Allowed values: 'new' or 'existing' | `""` | +| `logLevel` | Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' | `info` | +| `maxProcs` | Limits the number of operating system threads that can execute user-level | `""` | +| `removeMemberOnContainerTermination` | Use a PreStop hook to remove the etcd members from the etcd cluster on container termination | `true` | +| `configuration` | etcd configuration. Specify content for etcd.conf.yml | `""` | +| `existingConfigmap` | Existing ConfigMap with etcd configuration | `""` | +| `extraEnvVars` | Extra environment variables to be set on etcd container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `command` | Default container command (useful when using custom images) | `[]` | +| `args` | Default container args (useful when using custom images) | `[]` | + + +### etcd statefulset parameters + +| Name | Description | Value | +| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | +| `replicaCount` | Number of etcd replicas to deploy | `1` | +| `updateStrategy.type` | Update strategy type, can be set to RollingUpdate or OnDelete. | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy for the etcd statefulset | `Parallel` | +| `hostAliases` | etcd pod host aliases | `[]` | +| `lifecycleHooks` | Override default etcd container hooks | `{}` | +| `containerPorts.client` | Client port to expose at container level | `2379` | +| `containerPorts.peer` | Peer port to expose at container level | `2380` | +| `podSecurityContext.enabled` | Enabled etcd pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set etcd pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled etcd containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set etcd container's Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set etcd container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as nonprivilege | `false` | +| `resources.limits` | The resources limits for the etcd container | `{}` | +| `resources.requests` | The requested resources for the etcd container | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `extraVolumes` | Optionally specify extra list of additional volumes for etcd pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for etcd container(s) | `[]` | +| `initContainers` | Add additional init containers to the etcd pods | `[]` | +| `sidecars` | Add additional sidecar containers to the etcd pods | `[]` | +| `podAnnotations` | Annotations for etcd pods | `{}` | +| `podLabels` | Extra labels for etcd pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to gracefully terminate | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `priorityClassName` | Name of the priority class to be used by etcd pods | `""` | +| `runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | + + +### Traffic exposure parameters + +| Name | Description | Value | +| ---------------------------------- | ---------------------------------------------------------------------------------- | ----------- | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.enabled` | create second service if equal true | `true` | +| `service.clusterIP` | Kubernetes service Cluster IP | `""` | +| `service.ports.client` | etcd client port | `2379` | +| `service.ports.peer` | etcd peer port | `2380` | +| `service.nodePorts.client` | Specify the nodePort client value for the LoadBalancer and NodePort service types. | `""` | +| `service.nodePorts.peer` | Specify the nodePort peer value for the LoadBalancer and NodePort service types. | `""` | +| `service.clientPortNameOverride` | etcd client port name override | `""` | +| `service.peerPortNameOverride` | etcd peer port name override | `""` | +| `service.loadBalancerIP` | loadBalancerIP for the etcd service (optional, cloud specific) | `""` | +| `service.loadBalancerSourceRanges` | Load Balancer source ranges | `[]` | +| `service.externalIPs` | External IPs | `[]` | +| `service.externalTrafficPolicy` | %%MAIN_CONTAINER_NAME%% service external traffic policy | `Cluster` | +| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Additional annotations for the etcd service | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | + + +### Persistence parameters + +| Name | Description | Value | +| -------------------------- | --------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | If true, use a Persistent Volume Claim. If false, use emptyDir. | `true` | +| `persistence.storageClass` | Persistent Volume Storage Class | `""` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for etcd data volume | `8Gi` | +| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` | + + +### Volume Permissions parameters + +| Name | Description | Value | +| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r63` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | + + +### Network Policy parameters + +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | + + +### Metrics parameters + +| Name | Description | Value | +| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------ | +| `metrics.enabled` | Expose etcd metrics | `false` | +| `metrics.podAnnotations` | Annotations for the Prometheus metrics on etcd pods | `{}` | +| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.podMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` | +| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` | +| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` | +| `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` | +| `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` | +| `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` | +| `metrics.prometheusRule.enabled` | Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | + + +### Snapshotting parameters + +| Name | Description | Value | +| ----------------------------------------------- | ----------------------------------------------------------------------- | -------------- | +| `startFromSnapshot.enabled` | Initialize new cluster recovering an existing snapshot | `false` | +| `startFromSnapshot.existingClaim` | Existing PVC containing the etcd snapshot | `""` | +| `startFromSnapshot.snapshotFilename` | Snapshot filename | `""` | +| `disasterRecovery.enabled` | Enable auto disaster recovery by periodically snapshotting the keyspace | `false` | +| `disasterRecovery.cronjob.schedule` | Schedule in Cron format to save snapshots | `*/30 * * * *` | +| `disasterRecovery.cronjob.historyLimit` | Number of successful finished jobs to retain | `1` | +| `disasterRecovery.cronjob.snapshotHistoryLimit` | Number of etcd snapshots to retain, tagged by date | `1` | +| `disasterRecovery.cronjob.podAnnotations` | Pod annotations for cronjob pods | `{}` | +| `disasterRecovery.cronjob.resources.limits` | Cronjob container resource limits | `{}` | +| `disasterRecovery.cronjob.resources.requests` | Cronjob container resource requests | `{}` | +| `disasterRecovery.cronjob.nodeSelector` | Node labels for cronjob pods assignment | `{}` | +| `disasterRecovery.cronjob.tolerations` | Tolerations for cronjob pods assignment | `[]` | +| `disasterRecovery.pvc.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `disasterRecovery.pvc.size` | PVC Storage Request | `2Gi` | +| `disasterRecovery.pvc.storageClassName` | Storage Class for snapshots volume | `nfs` | + + +### Service account parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------ | ------- | +| `serviceAccount.create` | Enable/disable service account creation | `false` | +| `serviceAccount.name` | Name of the service account to create or use | `""` | +| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of service account token | `true` | +| `serviceAccount.annotations` | Additional annotations to be included on the service account | `{}` | +| `serviceAccount.labels` | Additional labels to be included on the service account | `{}` | + + +### Other parameters + +| Name | Description | Value | +| -------------------- | -------------------------------------------------------------- | ------ | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `51%` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | + + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set auth.rbac.rootPassword=secretpassword my-repo/etcd +``` + +The above command sets the etcd `root` account password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml my-repo/etcd +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Cluster configuration + +The Bitnami etcd chart can be used to bootstrap an etcd cluster, easy to scale and with available features to implement disaster recovery. + +Refer to the [chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/get-started/understand-default-configuration/) for more information about all these details. + +### Enable security for etcd + +The etcd chart can be configured with Role-based access control and TLS encryption to improve its security. + +[Learn more about security in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/enable-security/). + +### Persistence + +The [Bitnami etcd](https://github.com/bitnami/containers/tree/main/bitnami/etcd) image stores the etcd data at the `/bitnami/etcd` path of the container. Persistent Volume Claims are used to keep the data across statefulsets. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose. + +If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). + +### Backup and restore the etcd keyspace + +The Bitnami etcd chart provides mechanisms to bootstrap the etcd cluster restoring an existing snapshot before initializing. + +[Learn more about backup/restore features in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/backup-restore/). + +### Exposing etcd metrics + +The metrics exposed by etcd can be exposed to be scraped by Prometheus. This can be done by adding the required annotations for Prometheus to discover the metrics endpoints or creating a PodMonitor entry if you are using the Prometheus Operator. + +[Learn more about exposing metrics in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/enable-metrics/). + +### Using custom configuration + +In order to use custom configuration parameters, two options are available: + +- Using environment variables: etcd allows setting environment variables that map to configuration settings. In order to set extra environment variables, you can use the `extraEnvVars` property. Alternatively, you can use a ConfigMap or a Secret with the environment variables using the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties. + +```yaml +extraEnvVars: + - name: ETCD_AUTO_COMPACTION_RETENTION + value: "0" + - name: ETCD_HEARTBEAT_INTERVAL + value: "150" +``` + +- Using a custom `etcd.conf.yml`: The etcd chart allows mounting a custom `etcd.conf.yml` file as ConfigMap. In order to so, you can use the `configuration` property. Alternatively, you can use an existing ConfigMap using the `existingConfigmap` parameter. + +### Auto Compaction + +Since etcd keeps an exact history of its keyspace, this history should be periodically compacted to avoid performance degradation and eventual storage space exhaustion. Compacting the keyspace history drops all information about keys superseded prior to a given keyspace revision. The space used by these keys then becomes available for additional writes to the keyspace. + +`autoCompactionMode`, by default periodic. Valid values: "periodic", "revision". +- 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. "5m"). +- 'revision' for revision number based retention. +`autoCompactionRetention` for mvcc key value store in hour, by default 0, means disabled. + +You can enable auto compaction by using following parameters: + +```console +autoCompactionMode=periodic +autoCompactionRetention=10m +``` + +### Sidecars and Init Containers + +If you have a need for additional containers to run within the same pod as the etcd app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +Similarly, you can add extra init containers using the `initContainers` parameter. + +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Deploying extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 8.0.0 + +This version reverts the change in the previous major bump ([7.0.0](https://github.com/bitnami/charts/tree/main/bitnami/etcd#to-700)). Now the default `etcd` branch is `3.5` again once confirmed by the [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation) that this version is production-ready once solved the data corruption issue. + +### To 7.0.0 + +This version changes the default `etcd` branch to `3.4` as suggested by [etcd developers](https://github.com/etcd-io/etcd/tree/main/CHANGELOG#production-recommendation). In order to migrate the data follow the official etcd instructions. + +### To 6.0.0 + +This version introduces several features and performance improvements: + +- The statefulset can now be scaled using `kubectl scale` command. Using `helm upgrade` to recalculate available endpoints is no longer needed. +- The scripts used for bootstrapping, runtime reconfiguration, and disaster recovery have been refactored and moved to the etcd container (see [this PR](https://github.com/bitnami/bitnami-docker-etcd/pull/13)) with two purposes: removing technical debt & improving the stability. +- Several parameters were reorganized to simplify the structure and follow the same standard used on other Bitnami charts: + - `etcd.initialClusterState` is renamed to `initialClusterState`. + - `statefulset.replicaCount` is renamed to `replicaCount`. + - `statefulset.podManagementPolicy` is renamed to `podManagementPolicy`. + - `statefulset.updateStrategy` and `statefulset.rollingUpdatePartition` are merged into `updateStrategy`. + - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. + - `configFileConfigMap` is deprecated in favor of `configuration` and `existingConfigmap`. + - `envVarsConfigMap` is deprecated in favor of `extraEnvVars`, `extraEnvVarsCM` and `extraEnvVarsSecret`. + - `allowNoneAuthentication` is renamed to `auth.rbac.allowNoneAuthentication`. +- New parameters/features were added: + - `extraDeploy` to deploy any extra desired object. + - `initContainers` and `sidecars` to define custom init containers and sidecars. + - `extraVolumes` and `extraVolumeMounts` to define custom volumes and mount points. + - Probes can be now customized, and support to startup probes is added. + - LifecycleHooks can be customized using `lifecycleHooks` parameter. + - The default command/args can be customized using `command` and `args` parameters. +- Metrics integration with Prometheus Operator does no longer use a ServiceMonitor object, but a PodMonitor instead. + +Consequences: + +- Backwards compatibility is not guaranteed unless you adapt you **values.yaml** according to the changes described above. + +### To 5.2.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 5.0.0 + +[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/upgrade-helm3/). + +### To 4.4.14 + +In this release we addressed a vulnerability that showed the `ETCD_ROOT_PASSWORD` environment variable in the application logs. Users are advised to update immediately. More information in [this issue](https://github.com/bitnami/charts/issues/1901). + +### To 3.0.0 + +Backwards compatibility is not guaranteed. The following notables changes were included: + +- **etcdctl** uses v3 API. +- Adds support for auto disaster recovery. +- Labels are adapted to follow the Helm charts best practices. + +To upgrade from previous charts versions, create a snapshot of the keyspace and restore it in a new etcd cluster. Only v3 API data can be restored. +You can use the command below to upgrade your chart by starting a new cluster using an existing snapshot, available in an existing PVC, to initialize the members: + +```console +$ helm install new-release my-repo/etcd \ + --set statefulset.replicaCount=3 \ + --set persistence.enabled=true \ + --set persistence.size=8Gi \ + --set startFromSnapshot.enabled=true \ + --set startFromSnapshot.existingClaim=my-claim \ + --set startFromSnapshot.snapshotFilename=my-snapshot.db +``` + +### To 1.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is etcd: + +```console +$ kubectl delete statefulset etcd --cascade=false +``` + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/Chart.yaml new file mode 100644 index 000000000..f9ba944c8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 2.2.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/main/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: Bitnami + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 2.2.2 diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/README.md b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/README.md new file mode 100644 index 000000000..ec43a5fab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/README.md @@ -0,0 +1,351 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|-----------------------------------|-----------------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_affinities.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_affinities.tpl new file mode 100644 index 000000000..81902a681 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_affinities.tpl @@ -0,0 +1,106 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_capabilities.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..9d9b76004 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_capabilities.tpl @@ -0,0 +1,154 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_errors.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..a79cc2e32 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_images.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_images.tpl new file mode 100644 index 000000000..46c659e79 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_images.tpl @@ -0,0 +1,76 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_ingress.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_ingress.tpl new file mode 100644 index 000000000..831da9caa --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_labels.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..252066c7e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_names.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_names.tpl new file mode 100644 index 000000000..617a23489 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_names.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_secrets.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..a1708b2e8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_secrets.tpl @@ -0,0 +1,165 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | quote }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else -}} + {{- $value = $defaultValue | toString | b64enc -}} +{{- end -}} +{{- printf "%s" $value -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_storage.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..60e2a844f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_tplvalues.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..2db166851 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_utils.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..b1ead50cf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_warnings.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..ae10fa41e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_cassandra.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 000000000..ded1ae3bc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mariadb.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 000000000..b6906ff77 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mongodb.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 000000000..f820ec107 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mysql.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 000000000..74472a061 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_postgresql.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 000000000..164ec0d01 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_redis.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_redis.tpl new file mode 100644 index 000000000..dcccfc1ae --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_validations.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_validations.tpl new file mode 100644 index 000000000..9a814cf40 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/values.yaml new file mode 100644 index 000000000..f2df68e5e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/NOTES.txt new file mode 100644 index 000000000..bfa6e1626 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/NOTES.txt @@ -0,0 +1,119 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +{{- if and (eq .Values.service.type "LoadBalancer") .Values.auth.rbac.allowNoneAuthentication }} +------------------------------------------------------------------------------- + WARNING + + By specifying "service.type=LoadBalancer", "auth.rbac.enabled=false" and + "auth.rbac.allowNoneAuthentication=true" you have most likely exposed the etcd + service externally without any authentication mechanism. + + For security reasons, we strongly suggest that you switch to "ClusterIP" or + "NodePort". As alternative, you can also switch to "auth.rbac.enabled=true" + providing a valid password on "auth.rbac.rootPassword" parameter. + +------------------------------------------------------------------------------- +{{- end }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/etcd/entrypoint.sh /opt/bitnami/scripts/etcd/run.sh + +{{- else }} + +etcd can be accessed via port {{ coalesce .Values.service.ports.client .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + +To create a pod that you can use as a etcd client run the following command: + + kubectl run {{ template "common.names.fullname" . }}-client --restart='Never' --image {{ template "etcd.image" . }}{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} --env ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.etcd-root-password}" | base64 -d){{- end }} --env ETCDCTL_ENDPOINTS="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}" --namespace {{ .Release.Namespace }} --command -- sleep infinity + +Then, you can set/get a key using the commands below: + + kubectl exec --namespace {{ .Release.Namespace }} -it {{ template "common.names.fullname" . }}-client -- bash + {{- $etcdAuthOptions := include "etcd.authOptions" . }} + etcdctl {{ $etcdAuthOptions }} put /message Hello + etcdctl {{ $etcdAuthOptions }} get /message + +To connect to your etcd server from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + echo "etcd URL: http://$NODE_IP:$NODE_PORT/" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + echo "etcd URL: http://$SERVICE_IP:{{ coalesce .Values.service.ports.client .Values.service.port }}/" + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ coalesce .Values.service.ports.client .Values.service.port }}:{{ coalesce .Values.service.ports.client .Values.service.port }} & + echo "etcd URL: http://127.0.0.1:{{ coalesce .Values.service.ports.client .Values.service.port }}" + +{{- end }} +{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + + * As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password: + + export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.etcd-root-password}" | base64 -d) + +{{- end }} +{{- if .Values.auth.client.secureTransport }} +{{- if .Values.auth.client.useAutoTLS }} + + * As TLS is enabled you should add the flag `--cert-file /bitnami/etcd/data/fixtures/client/cert.pem --key-file /bitnami/etcd/data/fixtures/client/key.pem` to the etcdctl commands. + +{{- else }} + + * As TLS is enabled you should add the flag `--cert-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }} --key-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}` to the etcdctl commands. + +{{- end }} + + * You should also export a proper etcdctl endpoint using the https schema. Eg. + + export ETCDCTL_ENDPOINTS=https://{{ template "common.names.fullname" . }}-0:{{ coalesce .Values.service.ports.client .Values.service.port }} + +{{- end }} +{{- if .Values.auth.client.enableAuthentication }} + + * As TLS host authentication is enabled you should add the flag `--ca-file /opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}` to the etcdctl commands. + +{{- end }} +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "etcd.validateValues" . }} +{{- $requiredPassword := list -}} +{{- $secretName := include "etcd.secretName" . -}} +{{- if and (or .Values.auth.rbac.create .Values.auth.rbac.enabled) (not .Values.auth.rbac.existingSecret) -}} + {{- $requiredEtcdPassword := dict "valueKey" "auth.rbac.rootPassword" "secret" $secretName "field" "etcd-root-password" -}} + {{- $requiredPassword = append $requiredPassword $requiredEtcdPassword -}} +{{- end -}} +{{- $requiredEtcdPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPassword "context" $) -}} +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredEtcdPasswordErrors) "context" $) -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/_helpers.tpl new file mode 100644 index 000000000..662beccd3 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/_helpers.tpl @@ -0,0 +1,205 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper etcd image name +*/}} +{{- define "etcd.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "etcd.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "etcd.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper etcd peer protocol +*/}} +{{- define "etcd.peerProtocol" -}} +{{- if .Values.auth.peer.secureTransport -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper etcd client protocol +*/}} +{{- define "etcd.clientProtocol" -}} +{{- if .Values.auth.client.secureTransport -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper etcdctl authentication options +*/}} +{{- define "etcd.authOptions" -}} +{{- $rbacOption := "--user root:$ROOT_PASSWORD" -}} +{{- $certsOption := " --cert $ETCD_CERT_FILE --key $ETCD_KEY_FILE" -}} +{{- $autoCertsOption := " --cert /bitnami/etcd/data/fixtures/client/cert.pem --key /bitnami/etcd/data/fixtures/client/key.pem" -}} +{{- $caOption := " --cacert $ETCD_TRUSTED_CA_FILE" -}} +{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled -}} + {{- printf "%s" $rbacOption -}} +{{- end -}} +{{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS -}} + {{- printf "%s" $autoCertsOption -}} +{{- else if and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS) -}} + {{- printf "%s" $certsOption -}} + {{- if .Values.auth.client.enableAuthentication -}} + {{- printf "%s" $caOption -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the etcd configuration configmap +*/}} +{{- define "etcd.configmapName" -}} +{{- if .Values.existingConfigmap -}} + {{- printf "%s" (tpl .Values.existingConfigmap $) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "etcd.createConfigmap" -}} +{{- if and .Values.configuration (not .Values.existingConfigmap) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with etcd credentials +*/}} +{{- define "etcd.secretName" -}} + {{- if .Values.auth.rbac.existingSecret -}} + {{- printf "%s" .Values.auth.rbac.existingSecret | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Get the secret password key to be retrieved from etcd secret. +*/}} +{{- define "etcd.secretPasswordKey" -}} +{{- if and .Values.auth.rbac.existingSecret .Values.auth.rbac.existingSecretPasswordKey -}} +{{- printf "%s" .Values.auth.rbac.existingSecretPasswordKey -}} +{{- else -}} +{{- printf "etcd-root-password" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for the etcd token private key +*/}} +{{- define "etcd.token.createSecret" -}} +{{- if and (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with etcd token private key +*/}} +{{- define "etcd.token.secretName" -}} + {{- if .Values.auth.token.privateKey.existingSecret -}} + {{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the proper Disaster Recovery PVC name +*/}} +{{- define "etcd.disasterRecovery.pvc.name" -}} +{{- if .Values.disasterRecovery.pvc.existingClaim -}} + {{- printf "%s" (tpl .Values.disasterRecovery.pvc.existingClaim $) | trunc 63 | trimSuffix "-" -}} +{{- else if .Values.startFromSnapshot.existingClaim -}} + {{- printf "%s" (tpl .Values.startFromSnapshot.existingClaim $) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "etcd.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "common.names.fullname" .) .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "etcd.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.existingClaim" .) -}} +{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.snapshotFilename" .) -}} +{{- $messages := append $messages (include "etcd.validateValues.disasterRecovery" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of etcd - an existing claim must be provided when startFromSnapshot is enabled */}} +{{- define "etcd.validateValues.startFromSnapshot.existingClaim" -}} +{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.existingClaim) (not .Values.disasterRecovery.enabled) -}} +etcd: startFromSnapshot.existingClaim + An existing claim must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!! + Please provide it (--set startFromSnapshot.existingClaim="xxxx") +{{- end -}} +{{- end -}} + +{{/* Validate values of etcd - the snapshot filename must be provided when startFromSnapshot is enabled */}} +{{- define "etcd.validateValues.startFromSnapshot.snapshotFilename" -}} +{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.snapshotFilename) (not .Values.disasterRecovery.enabled) -}} +etcd: startFromSnapshot.snapshotFilename + The snapshot filename must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!! + Please provide it (--set startFromSnapshot.snapshotFilename="xxxx") +{{- end -}} +{{- end -}} + +{{/* Validate values of etcd - persistence must be enabled when disasterRecovery is enabled */}} +{{- define "etcd.validateValues.disasterRecovery" -}} +{{- if and .Values.disasterRecovery.enabled (not .Values.persistence.enabled) -}} +etcd: disasterRecovery + Persistence must be enabled when disasterRecovery is enabled!! + Please enable persistence (--set persistence.enabled=true) +{{- end -}} +{{- end -}} + +{{- define "etcd.token.jwtToken" -}} +{{- if (include "etcd.token.createSecret" .) -}} +{{- $jwtToken := lookup "v1" "Secret" .Release.Namespace (printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" ) -}} +{{- if $jwtToken -}} +{{ index $jwtToken "data" "jwt-token.pem" | b64dec }} +{{- else -}} +{{ genPrivateKey "rsa" }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/configmap.yaml new file mode 100644 index 000000000..ca69d7f45 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/configmap.yaml @@ -0,0 +1,17 @@ +{{- if (include "etcd.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + etcd.conf.yml: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/cronjob.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/cronjob.yaml new file mode 100644 index 000000000..438cfcec0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/cronjob.yaml @@ -0,0 +1,132 @@ +{{- if .Values.disasterRecovery.enabled -}} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + concurrencyPolicy: Forbid + schedule: {{ .Values.disasterRecovery.cronjob.schedule | quote }} + successfulJobsHistoryLimit: {{ .Values.disasterRecovery.cronjob.historyLimit }} + jobTemplate: + spec: + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 12 }} + app.kubernetes.io/component: snapshotter + {{- if .Values.disasterRecovery.cronjob.podAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.disasterRecovery.cronjob.podAnnotations "context" $) | nindent 12 }} + {{- end }} + spec: + {{- if .Values.disasterRecovery.cronjob.nodeSelector }} + nodeSelector: {{- toYaml .Values.disasterRecovery.cronjob.nodeSelector | nindent 12 }} + {{- end }} + {{- if .Values.disasterRecovery.cronjob.tolerations }} + tolerations: {{- toYaml .Values.disasterRecovery.cronjob.tolerations | nindent 12 }} + {{- end }} + {{- include "etcd.imagePullSecrets" . | nindent 10 }} + restartPolicy: OnFailure + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled (or .Values.podSecurityContext.enabled .Values.containerSecurityContext.enabled) }} + initContainers: + - name: volume-permissions + image: {{ include "etcd.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /snapshots + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 16 }} + {{- end }} + volumeMounts: + - name: snapshot-volume + mountPath: /snapshots + {{- end }} + containers: + - name: etcd-snapshotter + image: {{ include "etcd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 16 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 16 }} + {{- else }} + command: + - /opt/bitnami/scripts/etcd/snapshot.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: ETCDCTL_API + value: "3" + - name: ETCD_ON_K8S + value: "yes" + - name: MY_STS_NAME + value: {{ include "common.names.fullname" . | quote }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $etcdFullname := include "common.names.fullname" . }} + {{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }} + {{- $clusterDomain := .Values.clusterDomain }} + - name: ETCD_CLUSTER_DOMAIN + value: {{ printf "%s.%s.svc.%s" $etcdHeadlessServiceName $releaseNamespace $clusterDomain | quote }} + - name: ETCD_SNAPSHOT_HISTORY_LIMIT + value: {{ .Values.disasterRecovery.cronjob.snapshotHistoryLimit | quote }} + {{- if .Values.auth.client.secureTransport }} + - name: ETCD_CERT_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}" + - name: ETCD_KEY_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}" + {{- if .Values.auth.client.enableAuthentication }} + - name: ETCD_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.client.caFilename }} + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + - name: ETCD_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "etcd.secretName" . }} + key: {{ include "etcd.secretPasswordKey" . }} + {{- end }} + {{- if .Values.disasterRecovery.cronjob.resources }} + resources: {{- toYaml .Values.disasterRecovery.cronjob.resources | nindent 16 }} + {{- end }} + volumeMounts: + - name: snapshot-volume + mountPath: /snapshots + {{- if .Values.auth.client.secureTransport }} + - name: certs + mountPath: /opt/bitnami/etcd/certs/client + readOnly: true + {{- end }} + volumes: + {{- if .Values.auth.client.secureTransport }} + - name: certs + secret: + secretName: {{ required "A secret containinig the client certificates is required" (tpl .Values.auth.client.existingSecret .) }} + defaultMode: 256 + {{- end }} + - name: snapshot-volume + persistentVolumeClaim: + claimName: {{ include "etcd.disasterRecovery.pvc.name" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/extra-list.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/extra-list.yaml new file mode 100644 index 000000000..9ac65f9e1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/networkpolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/networkpolicy.yaml new file mode 100644 index 000000000..c6ce23a1a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/networkpolicy.yaml @@ -0,0 +1,81 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.standard" . | nindent 6 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 6 }} + {{- end }} + policyTypes: + - Ingress + - Egress + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow outbound connections to other cluster pods + - ports: + - port: {{ .Values.containerPorts.client }} + - port: {{ .Values.containerPorts.peer }} + to: + - podSelector: + matchLabels: {{- include "common.labels.standard" . | nindent 14 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + ingress: + # Allow inbound connections + - ports: + - port: {{ .Values.containerPorts.client }} + - port: {{ .Values.containerPorts.peer }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + - podSelector: + matchLabels: {{- include "common.labels.standard" . | nindent 14 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes for metrics + - ports: + - port: 2379 + {{- end }} + {{- if .Values.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/pdb.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/pdb.yaml new file mode 100644 index 000000000..f06492882 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/pdb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/podmonitor.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/podmonitor.yaml new file mode 100644 index 000000000..952e569b4 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/podmonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.metrics.enabled .Values.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ ternary .Values.metrics.podMonitor.namespace .Release.Namespace (not (empty .Values.metrics.podMonitor.namespace)) }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.podMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - port: client + path: /metrics + {{- if .Values.metrics.podMonitor.interval }} + interval: {{ .Values.metrics.podMonitor.interval }} + {{- end }} + {{- if .Values.metrics.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.podMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.podMonitor.scheme }} + scheme: {{ .Values.metrics.podMonitor.scheme }} + {{- end }} + {{- if .Values.metrics.podMonitor.tlsConfig }} + tlsConfig: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podMonitor.tlsConfig "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podMonitor.relabelings }} + relabelings: + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/prometheusrule.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/prometheusrule.yaml new file mode 100644 index 000000000..58a5594b1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/prometheusrule.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.prometheusRule.namespace }} + namespace: {{ .Values.metrics.prometheusRule.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "common.names.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/secrets.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/secrets.yaml new file mode 100644 index 000000000..ea46c28cd --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{- if and (or .Values.auth.rbac.create .Values.auth.rbac.enabled) (not .Values.auth.rbac.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.auth.rbac.rootPassword }} + etcd-root-password: {{ .Values.auth.rbac.rootPassword | b64enc | quote }} + {{- else }} + etcd-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/serviceaccount.yaml new file mode 100644 index 000000000..a5721db40 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/serviceaccount.yaml @@ -0,0 +1,24 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "etcd.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/snapshot-pvc.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/snapshot-pvc.yaml new file mode 100644 index 000000000..2415b891d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/snapshot-pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.disasterRecovery.pvc.size | quote }} + storageClassName: {{ .Values.disasterRecovery.pvc.storageClassName | quote }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/statefulset.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/statefulset.yaml new file mode 100644 index 000000000..ef02b5b0f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/statefulset.yaml @@ -0,0 +1,419 @@ +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if (include "etcd.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if (include "etcd.token.createSecret" .) }} + checksum/token-secret: {{ include (print $.Template.BasePath "/token-secrets.yaml") . | sha256sum }} + {{- end }} + spec: + {{- include "etcd.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: {{ .Values.runtimeClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.shareProcessNamespace }} + {{- end }} + serviceAccountName: {{ include "etcd.serviceAccountName" $ | quote }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "etcd.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/etcd + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.resources "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/etcd + {{- end }} + {{- end }} + containers: + {{- $replicaCount := int .Values.replicaCount }} + {{- $peerPort := int .Values.containerPorts.peer }} + {{- $etcdFullname := include "common.names.fullname" . }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $etcdPeerProtocol := include "etcd.peerProtocol" . }} + {{- $etcdClientProtocol := include "etcd.clientProtocol" . }} + - name: etcd + image: {{ include "etcd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_STS_NAME + value: {{ include "common.names.fullname" . | quote }} + - name: ETCDCTL_API + value: "3" + - name: ETCD_ON_K8S + value: "yes" + - name: ETCD_START_FROM_SNAPSHOT + value: {{ ternary "yes" "no" .Values.startFromSnapshot.enabled | quote }} + - name: ETCD_DISASTER_RECOVERY + value: {{ ternary "yes" "no" .Values.disasterRecovery.enabled | quote }} + - name: ETCD_NAME + value: "$(MY_POD_NAME)" + - name: ETCD_DATA_DIR + value: "/bitnami/etcd/data" + - name: ETCD_LOG_LEVEL + value: {{ ternary "debug" .Values.logLevel .Values.image.debug | quote }} + - name: ALLOW_NONE_AUTHENTICATION + value: {{ ternary "yes" "no" (and (not (or .Values.auth.rbac.create .Values.auth.rbac.enabled)) .Values.auth.rbac.allowNoneAuthentication) | quote }} + {{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + - name: ETCD_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "etcd.secretName" . }} + key: {{ include "etcd.secretPasswordKey" . }} + {{- end }} + - name: ETCD_AUTH_TOKEN + {{- if eq .Values.auth.token.type "jwt" }} + value: {{ printf "jwt,priv-key=/opt/bitnami/etcd/certs/token/%s,sign-method=%s,ttl=%s" .Values.auth.token.privateKey.filename .Values.auth.token.signMethod .Values.auth.token.ttl | quote }} + {{- else if eq .Values.auth.token.type "simple" }} + value: "simple" + {{- end }} + - name: ETCD_ADVERTISE_CLIENT_URLS + value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}" + - name: ETCD_LISTEN_CLIENT_URLS + value: "{{ $etcdClientProtocol }}://0.0.0.0:{{ .Values.containerPorts.client }}" + - name: ETCD_INITIAL_ADVERTISE_PEER_URLS + value: "{{ $etcdPeerProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.peer }}" + - name: ETCD_LISTEN_PEER_URLS + value: "{{ $etcdPeerProtocol }}://0.0.0.0:{{ .Values.containerPorts.peer }}" + {{- if .Values.autoCompactionMode }} + - name: ETCD_AUTO_COMPACTION_MODE + value: {{ .Values.autoCompactionMode | quote }} + {{- end }} + {{- if .Values.autoCompactionRetention }} + - name: ETCD_AUTO_COMPACTION_RETENTION + value: {{ .Values.autoCompactionRetention | quote }} + {{- end }} + {{- if .Values.maxProcs }} + - name: GOMAXPROCS + value: {{ .Values.maxProcs }} + {{- end }} + {{- if gt $replicaCount 1 }} + - name: ETCD_INITIAL_CLUSTER_TOKEN + value: "etcd-cluster-k8s" + - name: ETCD_INITIAL_CLUSTER_STATE + value: {{ default (ternary "new" "existing" .Release.IsInstall) .Values.initialClusterState | quote }} + {{- $initialCluster := list }} + {{- range $e, $i := until $replicaCount }} + {{- $initialCluster = append $initialCluster (printf "%s-%d=%s://%s-%d.%s.%s.svc.%s:%d" $etcdFullname $i $etcdPeerProtocol $etcdFullname $i $etcdHeadlessServiceName $releaseNamespace $clusterDomain $peerPort) }} + {{- end }} + - name: ETCD_INITIAL_CLUSTER + value: {{ join "," $initialCluster | quote }} + {{- end }} + - name: ETCD_CLUSTER_DOMAIN + value: {{ printf "%s.%s.svc.%s" $etcdHeadlessServiceName $releaseNamespace $clusterDomain | quote }} + {{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS }} + - name: ETCD_AUTO_TLS + value: "true" + {{- else if .Values.auth.client.secureTransport }} + - name: ETCD_CERT_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}" + - name: ETCD_KEY_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}" + {{- if .Values.auth.client.enableAuthentication }} + - name: ETCD_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.client.caFilename }} + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if and .Values.auth.peer.secureTransport .Values.auth.peer.useAutoTLS }} + - name: ETCD_PEER_AUTO_TLS + value: "true" + {{- else if .Values.auth.peer.secureTransport }} + - name: ETCD_PEER_CERT_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.certFilename }}" + - name: ETCD_PEER_KEY_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.certKeyFilename }}" + {{- if .Values.auth.peer.enableAuthentication }} + - name: ETCD_PEER_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_PEER_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.peer.caFilename }} + - name: ETCD_PEER_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/peer/{{ .Values.auth.peer.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if .Values.startFromSnapshot.enabled }} + - name: ETCD_INIT_SNAPSHOT_FILENAME + value: {{ .Values.startFromSnapshot.snapshotFilename | quote }} + - name: ETCD_INIT_SNAPSHOTS_DIR + value: {{ ternary "/snapshots" "/init-snapshot" (and .Values.disasterRecovery.enabled (not .Values.disasterRecovery.pvc.existingClaim)) | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: client + containerPort: {{ .Values.containerPorts.client }} + protocol: TCP + - name: peer + containerPort: {{ .Values.containerPorts.peer }} + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- else if and (gt $replicaCount 1) .Values.removeMemberOnContainerTermination }} + lifecycle: + preStop: + exec: + command: + - /opt/bitnami/scripts/etcd/prestop.sh + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/etcd + {{- if eq .Values.auth.token.type "jwt" }} + - name: etcd-jwt-token + mountPath: /opt/bitnami/etcd/certs/token/ + readOnly: true + {{- end }} + {{- if or (and .Values.startFromSnapshot.enabled (not .Values.disasterRecovery.enabled)) (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled .Values.disasterRecovery.pvc.existingClaim) }} + - name: init-snapshot-volume + mountPath: /init-snapshot + {{- end }} + {{- if or .Values.disasterRecovery.enabled (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled) }} + - name: snapshot-volume + mountPath: /snapshots + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: etcd-config + mountPath: /opt/bitnami/etcd/conf/ + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: etcd-client-certs + mountPath: /opt/bitnami/etcd/certs/client/ + readOnly: true + {{- end }} + {{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }} + - name: etcd-peer-certs + mountPath: /opt/bitnami/etcd/certs/peer/ + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if eq .Values.auth.token.type "jwt" }} + - name: etcd-jwt-token + secret: + secretName: {{ include "etcd.token.secretName" . }} + defaultMode: 256 + {{- end }} + {{- if or (and .Values.startFromSnapshot.enabled (not .Values.disasterRecovery.enabled)) (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled .Values.disasterRecovery.pvc.existingClaim) }} + - name: init-snapshot-volume + persistentVolumeClaim: + claimName: {{ .Values.startFromSnapshot.existingClaim }} + {{- end }} + {{- if or .Values.disasterRecovery.enabled (and .Values.disasterRecovery.enabled .Values.startFromSnapshot.enabled) }} + - name: snapshot-volume + persistentVolumeClaim: + claimName: {{ include "etcd.disasterRecovery.pvc.name" . }} + {{- end }} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: etcd-config + configMap: + name: {{ include "etcd.configmapName" . }} + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: etcd-client-certs + secret: + secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }} + defaultMode: 256 + {{- end }} + {{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }} + - name: etcd-peer-certs + secret: + secretName: {{ required "A secret containing the peer certificates is required" (tpl .Values.auth.peer.existingSecret .) }} + defaultMode: 256 + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/svc-headless.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/svc-headless.yaml new file mode 100644 index 000000000..d1d255672 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/svc-headless.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + {{- if .Values.service.clientPortNameOverride }} + {{- if .Values.auth.client.secureTransport }} + - name: {{ .Values.service.clientPortNameOverride }}-ssl + {{- else }} + - name: {{ .Values.service.clientPortNameOverride }} + {{- end }} + {{- else }} + - name: client + {{- end }} + port: {{ .Values.containerPorts.client }} + targetPort: client + {{- if .Values.service.peerPortNameOverride }} + {{- if .Values.auth.peer.secureTransport }} + - name: {{ .Values.service.peerPortNameOverride }}-ssl + {{- else }} + - name: {{ .Values.service.peerPortNameOverride }} + {{- end }} + {{- else }} + - name: peer + {{- end }} + port: {{ .Values.containerPorts.peer }} + targetPort: peer + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/svc.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/svc.yaml new file mode 100644 index 000000000..24e9c0b9a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/svc.yaml @@ -0,0 +1,62 @@ +{{- if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: {{ default "client" .Values.service.clientPortNameOverride | quote }} + port: {{ coalesce .Values.service.ports.client .Values.service.port }} + targetPort: client + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (coalesce .Values.service.nodePorts.client .Values.service.nodePorts.clientPort))) }} + nodePort: {{ coalesce .Values.service.nodePorts.client .Values.service.nodePorts.clientPort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: {{ default "peer" .Values.service.peerPortNameOverride | quote }} + port: {{ coalesce .Values.service.ports.peer .Values.service.peerPort }} + targetPort: peer + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty (coalesce .Values.service.nodePorts.peer .Values.service.nodePorts.peerPort))) }} + nodePort: {{ coalesce .Values.service.nodePorts.peer .Values.service.nodePorts.peerPort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/token-secrets.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/token-secrets.yaml new file mode 100644 index 000000000..c0246fbaf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/templates/token-secrets.yaml @@ -0,0 +1,14 @@ +{{- if (include "etcd.token.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + jwt-token.pem: {{ include "etcd.token.jwtToken" . | b64enc | quote }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/etcd/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/etcd/values.yaml new file mode 100644 index 000000000..1fd9623ea --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/etcd/values.yaml @@ -0,0 +1,887 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets [array] Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels [object] Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations [object] Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local +## @param extraDeploy [array] Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section etcd parameters +## + +## Bitnami etcd image version +## ref: https://hub.docker.com/r/bitnami/etcd/tags/ +## @param image.registry etcd image registry +## @param image.repository etcd image name +## @param image.tag etcd image tag +## @param image.digest etcd image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## +image: + registry: docker.io + repository: bitnami/etcd + tag: 3.5.6-debian-11-r10 + digest: "" + ## @param image.pullPolicy etcd image pull policy + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## @param image.pullSecrets [array] etcd image pull secrets + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param image.debug Enable image debug mode + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Authentication parameters +## +auth: + ## Role-based access control parameters + ## ref: https://etcd.io/docs/current/op-guide/authentication/ + ## + rbac: + ## @param auth.rbac.create Switch to enable RBAC authentication + ## + create: true + ## @param auth.rbac.allowNoneAuthentication Allow to use etcd without configuring RBAC authentication + ## + allowNoneAuthentication: true + ## @param auth.rbac.rootPassword Root user password. The root user is always `root` + ## + rootPassword: "" + ## @param auth.rbac.existingSecret Name of the existing secret containing credentials for the root user + ## + existingSecret: "" + ## @param auth.rbac.existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret + ## + existingSecretPasswordKey: "" + ## Authentication token + ## ref: https://etcd.io/docs/latest/learning/design-auth-v3/#two-types-of-tokens-simple-and-jwt + ## + token: + ## @param auth.token.type Authentication token type. Allowed values: 'simple' or 'jwt' + ## ref: https://etcd.io/docs/latest/op-guide/configuration/#--auth-token + ## + type: jwt + ## @param auth.token.privateKey.filename Name of the file containing the private key for signing the JWT token + ## @param auth.token.privateKey.existingSecret Name of the existing secret containing the private key for signing the JWT token + ## NOTE: Ignored if auth.token.type=simple + ## NOTE: A secret containing a private key will be auto-generated if an existing one is not provided. + ## + privateKey: + filename: jwt-token.pem + existingSecret: "" + ## @param auth.token.signMethod JWT token sign method + ## NOTE: Ignored if auth.token.type=simple + ## + signMethod: RS256 + ## @param auth.token.ttl JWT token TTL + ## NOTE: Ignored if auth.token.type=simple + ## + ttl: 10m + ## TLS authentication for client-to-server communications + ## ref: https://etcd.io/docs/current/op-guide/security/ + ## + client: + ## @param auth.client.secureTransport Switch to encrypt client-to-server communications using TLS certificates + ## + secureTransport: false + ## @param auth.client.useAutoTLS Switch to automatically create the TLS certificates + ## + useAutoTLS: false + ## @param auth.client.existingSecret Name of the existing secret containing the TLS certificates for client-to-server communications + ## + existingSecret: "" + ## @param auth.client.enableAuthentication Switch to enable host authentication using TLS certificates. Requires existing secret + ## + enableAuthentication: false + ## @param auth.client.certFilename Name of the file containing the client certificate + ## + certFilename: cert.pem + ## @param auth.client.certKeyFilename Name of the file containing the client certificate private key + ## + certKeyFilename: key.pem + ## @param auth.client.caFilename Name of the file containing the client CA certificate + ## If not specified and `auth.client.enableAuthentication=true` or `auth.rbac.enabled=true`, the default is is `ca.crt` + ## + caFilename: "" + ## TLS authentication for server-to-server communications + ## ref: https://etcd.io/docs/current/op-guide/security/ + ## + peer: + ## @param auth.peer.secureTransport Switch to encrypt server-to-server communications using TLS certificates + ## + secureTransport: false + ## @param auth.peer.useAutoTLS Switch to automatically create the TLS certificates + ## + useAutoTLS: false + ## @param auth.peer.existingSecret Name of the existing secret containing the TLS certificates for server-to-server communications + ## + existingSecret: "" + ## @param auth.peer.enableAuthentication Switch to enable host authentication using TLS certificates. Requires existing secret + ## + enableAuthentication: false + ## @param auth.peer.certFilename Name of the file containing the peer certificate + ## + certFilename: cert.pem + ## @param auth.peer.certKeyFilename Name of the file containing the peer certificate private key + ## + certKeyFilename: key.pem + ## @param auth.peer.caFilename Name of the file containing the peer CA certificate + ## If not specified and `auth.peer.enableAuthentication=true` or `rbac.enabled=true`, the default is is `ca.crt` + ## + caFilename: "" +## @param autoCompactionMode Auto compaction mode, by default periodic. Valid values: "periodic", "revision". +## - 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. 5m). +## - 'revision' for revision number based retention. +## +autoCompactionMode: "" +## @param autoCompactionRetention Auto compaction retention for mvcc key value store in hour, by default 0, means disabled +## +autoCompactionRetention: "" +## @param initialClusterState Initial cluster state. Allowed values: 'new' or 'existing' +## If this values is not set, the default values below are set: +## - 'new': when installing the chart ('helm install ...') +## - 'existing': when upgrading the chart ('helm upgrade ...') +## +initialClusterState: "" +## @param logLevel Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' +## +logLevel: "info" +## @param maxProcs Limits the number of operating system threads that can execute user-level +## Go code simultaneously by setting GOMAXPROCS environment variable +## ref: https://golang.org/pkg/runtime +## +maxProcs: "" +## @param removeMemberOnContainerTermination Use a PreStop hook to remove the etcd members from the etcd cluster on container termination +## they the containers are terminated +## NOTE: Ignored if lifecycleHooks is set or replicaCount=1 +## +removeMemberOnContainerTermination: true +## @param configuration etcd configuration. Specify content for etcd.conf.yml +## e.g: +## configuration: |- +## foo: bar +## baz: +## +configuration: "" +## @param existingConfigmap Existing ConfigMap with etcd configuration +## NOTE: When it's set the configuration parameter is ignored +## +existingConfigmap: "" +## @param extraEnvVars [array] Extra environment variables to be set on etcd container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" +## @param command [array] Default container command (useful when using custom images) +## +command: [] +## @param args [array] Default container args (useful when using custom images) +## +args: [] + +## @section etcd statefulset parameters +## + + +## @param replicaCount Number of etcd replicas to deploy +## +replicaCount: 1 +## Update strategy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## @param updateStrategy.type Update strategy type, can be set to RollingUpdate or OnDelete. +## +updateStrategy: + type: RollingUpdate +## @param podManagementPolicy Pod management policy for the etcd statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +## +podManagementPolicy: Parallel +## @param hostAliases [array] etcd pod host aliases +## ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param lifecycleHooks [object] Override default etcd container hooks +## +lifecycleHooks: {} +## etcd container ports to open +## @param containerPorts.client Client port to expose at container level +## @param containerPorts.peer Peer port to expose at container level +## +containerPorts: + client: 2379 + peer: 2380 +## etcd pods' Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled etcd pods' Security Context +## @param podSecurityContext.fsGroup Set etcd pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## etcd containers' SecurityContext +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled etcd containers' Security Context +## @param containerSecurityContext.runAsUser Set etcd container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set etcd container's Security Context runAsNonRoot +## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false +## etcd containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits [object] The resources limits for the etcd container +## @param resources.requests [object] The requested resources for the etcd container +## +resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi + ## + limits: {} + requests: {} +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 60 +## @param customLivenessProbe [object] Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe [object] Override default readiness probe +## +customReadinessProbe: {} +## @param customStartupProbe [object] Override default startup probe +## +customStartupProbe: {} +## @param extraVolumes [array] Optionally specify extra list of additional volumes for etcd pods +## +extraVolumes: [] +## @param extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for etcd container(s) +## +extraVolumeMounts: [] +## @param initContainers [array] Add additional init containers to the etcd pods +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] +## @param sidecars [array] Add additional sidecar containers to the etcd pods +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param podAnnotations [object] Annotations for etcd pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels [object] Extra labels for etcd pods +## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. +## @param nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set. +## +nodeAffinityPreset: + type: "" + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity [object] Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector [object] Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations [array] Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param terminationGracePeriodSeconds Seconds the pod needs to gracefully terminate +## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution +## +terminationGracePeriodSeconds: "" +## @param schedulerName Name of the k8s scheduler (other than default) +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param priorityClassName Name of the priority class to be used by etcd pods +## Priority class needs to be created beforehand +## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param runtimeClassName Name of the runtime class to be used by pod(s) +## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" +## @param shareProcessNamespace Enable shared process namespace in a pod. +## If set to false (default), each container will run in separate namespace, etcd will have PID=1. +## If set to true, the /pause will run as init process and will reap any zombie PIDs, +## for example, generated by a custom exec probe running longer than a probe timeoutSeconds. +## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating. +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ +## +shareProcessNamespace: false +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## persistentVolumeClaimRetentionPolicy +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention +## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet +## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced +## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted +persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain +## @section Traffic exposure parameters +## + +service: + ## @param service.type Kubernetes Service type + ## + type: ClusterIP + ## @param service.enabled create second service if equal true + ## + enabled: true + ## @param service.clusterIP Kubernetes service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.ports.client etcd client port + ## @param service.ports.peer etcd peer port + ## + ports: + client: 2379 + peer: 2380 + ## @param service.nodePorts.client Specify the nodePort client value for the LoadBalancer and NodePort service types. + ## @param service.nodePorts.peer Specify the nodePort peer value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + client: "" + peer: "" + ## @param service.clientPortNameOverride etcd client port name override + ## + clientPortNameOverride: "" + ## @param service.peerPortNameOverride etcd peer port name override + ## + peerPortNameOverride: "" + ## @param service.loadBalancerIP loadBalancerIP for the etcd service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges [array] Load Balancer source ranges + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalIPs [array] External IPs + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + ## + externalIPs: [] + ## @param service.externalTrafficPolicy %%MAIN_CONTAINER_NAME%% service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations [object] Additional annotations for the etcd service + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## @section Persistence parameters +## + +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled If true, use a Persistent Volume Claim. If false, use emptyDir. + ## + enabled: true + ## @param persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## + ## @param persistence.annotations [object] Annotations for the PVC + ## + annotations: {} + ## @param persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for etcd data volume + ## + size: 8Gi + ## @param persistence.selector [object] Selector to match an existing Persistent Volume + ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + ## + selector: {} + +## @section Volume Permissions parameters +## + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image name + ## @param volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r63 + digest: "" + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## + pullPolicy: IfNotPresent + ## @param volumePermissions.image.pullSecrets [array] Specify docker-registry secret names as an array + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container' resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resources.limits [object] Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests [object] Init container volume-permissions resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi + ## + limits: {} + requests: {} + +## @section Network Policy parameters +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## When set to false, only pods with the correct client label will have network access to the ports + ## etcd is listening on. When true, etcd will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + +## @section Metrics parameters +## + +metrics: + ## @param metrics.enabled Expose etcd metrics + ## + enabled: false + ## @param metrics.podAnnotations [object] Annotations for the Prometheus metrics on etcd pods + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.containerPorts.client }}" + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + podMonitor: + ## @param metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + ## @param metrics.podMonitor.namespace Namespace in which Prometheus is running + ## + namespace: monitoring + ## @param metrics.podMonitor.interval Specify the interval at which metrics should be scraped + ## + interval: 30s + ## @param metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## + scrapeTimeout: 30s + ## @param metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## @param metrics.podMonitor.scheme Scheme to use for scraping + ## + scheme: http + ## @param metrics.podMonitor.tlsConfig [object] TLS configuration used for scrape endpoints used by Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + ## e.g: + ## tlsConfig: + ## ca: + ## secret: + ## name: existingSecretName + ## + tlsConfig: {} + ## @param metrics.podMonitor.relabelings [array] Prometheus relabeling rules + ## + relabelings: [] + + ## Prometheus Operator PrometheusRule configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + additionalLabels: {} + ## @param metrics.prometheusRule.rules Prometheus Rule definitions + # - alert: ETCD has no leader + # annotations: + # summary: "ETCD has no leader" + # description: "pod {{`{{`}} $labels.pod {{`}}`}} state error, can't connect leader" + # for: 1m + # expr: etcd_server_has_leader == 0 + # labels: + # severity: critical + # group: PaaS + ## + rules: [] + + +## @section Snapshotting parameters +## + +## Start a new etcd cluster recovering the data from an existing snapshot before bootstrapping +## +startFromSnapshot: + ## @param startFromSnapshot.enabled Initialize new cluster recovering an existing snapshot + ## + enabled: false + ## @param startFromSnapshot.existingClaim Existing PVC containing the etcd snapshot + ## + existingClaim: "" + ## @param startFromSnapshot.snapshotFilename Snapshot filename + ## + snapshotFilename: "" +## Enable auto disaster recovery by periodically snapshotting the keyspace: +## - It creates a cronjob to periodically snapshotting the keyspace +## - It also creates a ReadWriteMany PVC to store the snapshots +## If the cluster permanently loses more than (N-1)/2 members, it tries to +## recover itself from the last available snapshot. +## +disasterRecovery: + ## @param disasterRecovery.enabled Enable auto disaster recovery by periodically snapshotting the keyspace + ## + enabled: false + cronjob: + ## @param disasterRecovery.cronjob.schedule Schedule in Cron format to save snapshots + ## See https://en.wikipedia.org/wiki/Cron + ## + schedule: "*/30 * * * *" + ## @param disasterRecovery.cronjob.historyLimit Number of successful finished jobs to retain + ## + historyLimit: 1 + ## @param disasterRecovery.cronjob.snapshotHistoryLimit Number of etcd snapshots to retain, tagged by date + ## + snapshotHistoryLimit: 1 + ## @param disasterRecovery.cronjob.podAnnotations [object] Pod annotations for cronjob pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## Configure resource requests and limits for snapshotter containers + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param disasterRecovery.cronjob.resources.limits [object] Cronjob container resource limits + ## @param disasterRecovery.cronjob.resources.requests [object] Cronjob container resource requests + ## + resources: + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi + ## + limits: {} + requests: {} + + ## @param disasterRecovery.cronjob.nodeSelector Node labels for cronjob pods assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param disasterRecovery.cronjob.tolerations Tolerations for cronjob pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + pvc: + ## @param disasterRecovery.pvc.existingClaim A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + existingClaim: "" + ## @param disasterRecovery.pvc.size PVC Storage Request + ## + size: 2Gi + ## @param disasterRecovery.pvc.storageClassName Storage Class for snapshots volume + ## + storageClassName: nfs + +## @section Service account parameters +## + +serviceAccount: + ## @param serviceAccount.create Enable/disable service account creation + ## + create: false + ## @param serviceAccount.name Name of the service account to create or use + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of service account token + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations [object] Additional annotations to be included on the service account + ## + annotations: {} + ## @param serviceAccount.labels [object] Additional labels to be included on the service account + ## + labels: {} + +## @section Other parameters +## + +## etcd Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + ## + create: true + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## + minAvailable: 51% + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + maxUnavailable: "" diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/Chart.yaml new file mode 100644 index 000000000..9a1ce85f8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +appVersion: 1.24.0 +description: jaeger-operator Helm chart for Kubernetes +home: https://www.jaegertracing.io/ +icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg +maintainers: +- email: ctadeu@gmail.com + name: cpanato +- email: batazor111@gmail.com + name: batazor +name: jaeger-operator +sources: +- https://github.com/jaegertracing/jaeger-operator +version: 2.25.0 diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/README.md b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/README.md new file mode 100644 index 000000000..3137e164d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/README.md @@ -0,0 +1,128 @@ +# jaeger-operator + +[jaeger-operator](https://github.com/jaegertracing/jaeger-operator) is a Kubernetes operator. + +## Install + +```console +$ helm install jaegertracing/jaeger-operator +``` + +## Introduction + +This chart bootstraps a jaeger-operator deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.19+ + +## Installing the Chart + +Add the Jaeger Tracing Helm repository: + +```console +$ helm repo add jaegertracing https://jaegertracing.github.io/helm-charts +``` + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release jaegertracing/jaeger-operator +``` + +The command deploys jaeger-operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the jaeger-operator chart and their default values. + +| Parameter | Description | Default | +| :---------------------- | :---------------------------------------------------------------------------------------------------------- | :------------------------------ | +| `extraLabels` | Additional labels to jaeger-operator deployment | `{}` +| `image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` | +| `image.tag` | Controller container image tag | `1.24.0` | +| `image.pullPolicy` | Controller container image pull policy | `IfNotPresent` | +| `jaeger.create` | Jaeger instance will be created | `false` | +| `jaeger.spec` | Jaeger instance specification | `{}` | +| `crd.install` | CustomResourceDefinition will be installed | `true` | +| `rbac.create` | All required roles and rolebindings will be created | `true` | +| `serviceAccount.create` | Service account to use | `true` | +| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` | +| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` | +| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` | +| `extraEnv` | Additional environment variables passed to the operator. For example: name: LOG-LEVEL value: debug | `[]` | +| `resources` | K8s pod resources | `None` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `securityContext` | Security context for pod | `{}` | +| `priorityClassName` | Priority class name for the pod | `None` | + +Specify each parameter you'd like to override using a YAML file as described above in the [installation](#installing-the-chart) section. + +You can also specify any non-array parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install jaegertracing/jaeger-operator --name my-release \ + --set rbac.create=false +``` + +## After the Helm Installation + +### Creating a new Jaeger instance + +The simplest possible way to install is by creating a YAML file like the following: + +```YAML +apiVersion: jaegertracing.io/v1 +kind: Jaeger +metadata: + name: simplest +``` + +The YAML file can then be used with `kubectl`: + +```console +$ kubectl apply -f simplest.yaml +``` + +### Creating a new Jaeger with ElasticSearch + +To do that you need to have an ElasticSearch installed in your Kubernetes cluster or install one using the [Helm Chart](https://github.com/helm/charts/tree/master/incubator/elasticsearch) available for that. + +After that just deploy the following manifest: + +```YAML +# setup an elasticsearch with `make es` +apiVersion: jaegertracing.io/v1 +kind: Jaeger +metadata: + name: simple-prod +spec: + strategy: production + storage: + type: elasticsearch + options: + es: + server-urls: http://elasticsearch:9200 + username: elastic + password: changeme +``` + +The YAML file can then be used with `kubectl`: + +```console +$ kubectl apply -f simple-prod.yaml +``` diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/crds/crd.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/crds/crd.yaml new file mode 100644 index 000000000..6376100e0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/crds/crd.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jaegers.jaegertracing.io + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" + labels: + app: jaeger-operator +spec: + group: jaegertracing.io + names: + kind: Jaeger + listKind: JaegerList + plural: jaegers + singular: jaeger + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - jsonPath: .status.phase + description: Jaeger instance's status + name: Status + type: string + - jsonPath: .status.version + description: Jaeger Version + name: Version + type: string diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/NOTES.txt new file mode 100644 index 000000000..64da5f5bf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/NOTES.txt @@ -0,0 +1,8 @@ +jaeger-operator is installed. + + +Check the jaeger-operator logs + export POD=$(kubectl get pods -l app.kubernetes.io/instance={{ .Release.Name }} -lapp.kubernetes.io/name=jaeger-operator --namespace {{ .Release.Namespace }} --output name) + kubectl logs $POD --namespace={{ .Release.Namespace }} + + diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/_helpers.tpl new file mode 100644 index 000000000..ec2de0261 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "jaeger-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "jaeger-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "jaeger-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "jaeger-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "jaeger-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "jaeger-operator.labels" }} +app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/crds.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/crds.yaml new file mode 100644 index 000000000..0ad3047f4 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.crd.install }} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/deployment.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/deployment.yaml new file mode 100644 index 000000000..99df08903 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "jaeger-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jaeger-operator.labels" . | indent 4 }} +{{- with .Values.extraLabels }} +{{ . | toYaml | indent 4 }} +{{- end }} +spec: + replicas: 1 + selector: + matchLabels: +{{ include "jaeger-operator.labels" . | indent 6 }} + template: + metadata: + name: {{ include "jaeger-operator.fullname" . }} + labels: +{{ include "jaeger-operator.labels" . | indent 8 }} +{{- with .Values.extraLabels }} +{{ . | toYaml | indent 8 }} +{{- end }} + spec: + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ include "jaeger-operator.serviceAccountName" . }} + {{- end }} + {{- with .Values.securityContext }} + securityContext: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if and .Values.image.imagePullSecrets (not .Values.serviceAccount.create ) }} + imagePullSecrets: + {{- range .Values.image.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - name: {{ include "jaeger-operator.fullname" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8383 + name: metrics + args: ["start"] + env: + - name: WATCH_NAMESPACE + {{- if .Values.rbac.clusterRole }} + value: "" + {{- else }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: {{ include "jaeger-operator.fullname" . | quote }} + {{- if .Values.extraEnv }} + {{- toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/jaeger.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/jaeger.yaml new file mode 100644 index 000000000..0c4f9d2c4 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/jaeger.yaml @@ -0,0 +1,11 @@ +{{- if .Values.jaeger.create }} +apiVersion: jaegertracing.io/v1 +kind: Jaeger +metadata: + name: {{ include "jaeger-operator.fullname" . }}-jaeger + namespace: {{ default .Release.Namespace .Values.jaeger.namespace }} +{{- with .Values.jaeger.spec }} +spec: +{{ toYaml . | indent 2}} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/psp.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/psp.yaml new file mode 100644 index 000000000..7d7cca5df --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/psp.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "jaeger-operator.fullname" . }}-operator-psp + labels: +{{ include "jaeger-operator.labels" . | indent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/role-binding.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/role-binding.yaml new file mode 100644 index 000000000..533f828bc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/role-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jaeger-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jaeger-operator.labels" . | indent 4 }} +subjects: +- kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ include "jaeger-operator.serviceAccountName" . }} +roleRef: + kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role + name: {{ include "jaeger-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/role.yaml new file mode 100644 index 000000000..321a23c2c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/role.yaml @@ -0,0 +1,231 @@ +{{- if .Values.rbac.create }} +kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "jaeger-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jaeger-operator.labels" . | indent 4 }} +rules: +## our own custom resources +- apiGroups: + - jaegertracing.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +## for the operator's own deployment +- apiGroups: + - apps + resourceNames: + - jaeger-operator + resources: + - deployments/finalizers + verbs: + - update + +## regular things the operator manages for an instance, as the result of processing CRs +- apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +# Ingress for kubernetes 1.14 or higher +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +## needed if you want the operator to create service monitors for the Jaeger instances +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +## for the Elasticsearch auto-provisioning +- apiGroups: + - logging.openshift.io + resources: + - elasticsearches + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +## for the Kafka auto-provisioning +- apiGroups: + - kafka.strimzi.io + resources: + - kafkas + - kafkausers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + +## Extra permissions +## This is an extra set of permissions that the Jaeger Operator might make use of if granted + +## needed if support for injecting sidecars based on namespace annotation is required +- apiGroups: + - "" + resources: + - namespaces + verbs: + - 'get' + - 'list' + - 'watch' + +## needed if support for injecting sidecars based on deployment annotation is required, across all namespaces +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - patch + - update + - watch + +## needed only when .Spec.Ingress.Openshift.DelegateUrls is used +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ include "jaeger-operator.fullname" . }}-operator-psp +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/service-account.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/service-account.yaml new file mode 100644 index 000000000..dc8eea637 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/service-account.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "jaeger-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jaeger-operator.labels" . | indent 4 }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- if .Values.image.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.image.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/service.yaml new file mode 100644 index 000000000..d7daec245 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "jaeger-operator.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} + labels: +{{ include "jaeger-operator.labels" . | indent 4 }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: + ports: + - name: metrics + port: 8383 + protocol: TCP + targetPort: 8383 +{{- if and (eq .Values.service.type "NodePort") (.Values.service.nodePort) }} + nodePort: {{ .Values.service.nodePort }} +{{- end }} + selector: + app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/values.yaml new file mode 100644 index 000000000..478285bec --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/jaeger-operator/values.yaml @@ -0,0 +1,69 @@ +# Default values for jaeger-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: jaegertracing/jaeger-operator + tag: 1.24.0 + pullPolicy: IfNotPresent + imagePullSecrets: [] + +crd: + install: true + +jaeger: + # Specifies whether Jaeger instance should be created + create: false + # namespace where Jaeger resource should be created default to .Release.Namespace + namespace: + spec: {} + +rbac: + # Specifies whether RBAC resources should be created + create: true + pspEnabled: false + clusterRole: false + +service: + type: ClusterIP + # Specify a specific node port when type is NodePort + # nodePort: 32500 + # Annotations for service + annotations: {} + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Annotations for serviceAccount + annotations: {} + +# Specifies extra environment variables passed to the operator: +extraEnv: [] + # Specifies log-level for the operator: + # - name: LOG-LEVEL + # value: debug + +extraLabels: {} + # Specifies extra labels for the operator deployment: + # foo: bar + +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +securityContext: {} + +priorityClassName: diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/Chart.yaml new file mode 100644 index 000000000..4e0553b07 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +appVersion: v2.4.2 +description: 'Loki: like Prometheus, but for logs.' +home: https://grafana.com/loki +icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png +kubeVersion: ^1.10.0-0 +maintainers: +- email: lokiproject@googlegroups.com + name: Loki Maintainers +name: loki-stack +sources: +- https://github.com/grafana/loki +version: 2.6.4 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/README.md new file mode 100644 index 000000000..ee67b03ca --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/README.md @@ -0,0 +1,60 @@ +# Loki-Stack Helm Chart + +## Prerequisites + +Make sure you have Helm [installed](https://helm.sh/docs/using_helm/#installing-helm) installed. + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Deploy Loki and Promtail to your cluster + +### Deploy with default config + +```bash +helm upgrade --install loki grafana/loki-stack +``` + +### Deploy in a custom namespace + +```bash +helm upgrade --install loki --namespace=loki-stack grafana/loki-stack +``` + +### Deploy with custom config + +```bash +helm upgrade --install loki grafana/loki-stack --set "key1=val1,key2=val2,..." +``` + +## Deploy Loki and Fluent Bit to your cluster + +```bash +helm upgrade --install loki grafana/loki-stack \ + --set fluent-bit.enabled=true,promtail.enabled=false +``` + +## Deploy Grafana to your cluster + +The chart loki-stack contains a pre-configured Grafana, simply use `--set grafana.enabled=true` + +To get the admin password for the Grafana pod, run the following command: + +```bash +kubectl get secret --namespace loki-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo +``` + +To access the Grafana UI, run the following command: + +```bash +kubectl port-forward --namespace service/loki-grafana 3000:80 +``` + +Navigate to and login with `admin` and the password output above. +Then follow the [instructions for adding the loki datasource](/docs/getting-started/grafana.md), using the URL `http://loki:3100/`. diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/.helmignore new file mode 100644 index 000000000..e12c0b4b9 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/.helmignore @@ -0,0 +1,2 @@ +tests/ +.pytest_cache/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Chart.yaml new file mode 100644 index 000000000..f3cd8b602 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +appVersion: 7.17.1 +description: Official Elastic helm chart for Filebeat +home: https://github.com/elastic/helm-charts +icon: https://helm.elastic.co/icons/beats.png +maintainers: +- email: helm-charts@elastic.co + name: Elastic +name: filebeat +sources: +- https://github.com/elastic/beats +version: 7.17.1 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Makefile new file mode 100644 index 000000000..22218a1f6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/Makefile @@ -0,0 +1 @@ +include ../helpers/common.mk diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/README.md new file mode 100644 index 000000000..f94a9001d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/README.md @@ -0,0 +1,271 @@ +# Filebeat Helm Chart + +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[Filebeat Docker image][]. + + + + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) + - [Deprecated](#deprecated) +- [FAQ](#faq) + - [How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled?](#how-to-use-filebeat-with-elasticsearch-with-security-authentication-and-tls-enabled) + - [How to install OSS version of Filebeat?](#how-to-install-oss-version-of-filebeat) + - [Why is Filebeat host.name field set to Kubernetes pod name?](#why-is-filebeat-hostname-field-set-to-kubernetes-pod-name) + - [How do I get multiple beats agents working with hostNetworking enabled?](#how-do-i-get-multiple-beats-agents-working-with-hostnetworking-enabled) + - [How to change readinessProbe for outputs which don't support testing](#how-to-change-readinessprobe-for-outputs-which-dont-support-testing) +- [Contributing](#contributing) + + + + + + +## Requirements + +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 + +See [supported configurations][] for more details. + + +## Installing + +This chart is tested with the latest 7.17.1 version. + +### Install released version using Helm repository + +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` + +* Install it: + - with Helm 3: `helm install filebeat --version elastic/filebeat` + - with Helm 2 (deprecated): `helm install --name filebeat --version elastic/filebeat` + +### Install development version from a branch + +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` + +* Checkout the branch : `git checkout 7.17` +* Install it: + - with Helm 3: `helm install filebeat ./helm-charts/filebeat --set imageTag=7.17.1` + - with Helm 2 (deprecated): `helm install --name filebeat ./helm-charts/filebeat --set imageTag=7.17.1` + + +## Upgrading + +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. + + +## Usage notes + +* The default Filebeat configuration file for this chart is configured to use an +Elasticsearch endpoint. Without any additional changes, Filebeat will send +documents to the service URL that the Elasticsearch Helm chart sets up by +default. You may either set the `ELASTICSEARCH_HOSTS` environment variable in +`extraEnvs` to override this endpoint or modify the default `filebeatConfig` to +change this behavior. +* The default Filebeat configuration file is also configured to capture +container logs and enrich them with Kubernetes metadata by default. This will +capture all container logs in the cluster. +* This chart disables the [HostNetwork][] setting by default for compatibility +reasons with the majority of kubernetes providers and scenarios. Some kubernetes +providers may not allow enabling `hostNetwork` and deploying multiple Filebeat +pods on the same node isn't possible with `hostNetwork` However Filebeat does +recommend activating it. If your kubernetes provider is compatible with +`hostNetwork` and you don't need to run multiple Filebeat DaemonSets, you can +activate it by setting `hostNetworking: true` in [values.yaml][]. +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart. + + +## Configuration + +| Parameter | Description | Default | +|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| +| `clusterRoleRules` | Configurable [cluster role rules][] that Filebeat uses to access Kubernetes resources | see [values.yaml][] | +| `daemonset.annotations` | Configurable [annotations][] for filebeat daemonset | `{}` | +| `daemonset.labels` | Configurable [labels][] applied to all filebeat DaemonSet pods | `{}` | +| `daemonset.affinity` | Configurable [affinity][] for filebeat daemonset | `{}` | +| `daemonset.enabled` | If true, enable daemonset | `true` | +| `daemonset.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for DaemonSet | `[]` | +| `daemonset.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` | +| `daemonset.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for DaemonSet | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat DaemonSet | `[]` | +| `daemonset.hostNetworking` | Enable filebeat DaemonSet to use `hostNetwork` | `false` | +| `daemonset.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | +| `daemonset.nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `daemonset.secretMounts` | Allows you easily mount a secret as a file inside the DaemonSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment | see [values.yaml][] | +| `daemonset.resources` | Allows you to set the [resources][] for filebeat DaemonSet | see [values.yaml][] | +| `daemonset.tolerations` | Configurable [tolerations][] for filebeat DaemonSet | `[]` | +| `deployment.annotations` | Configurable [annotations][] for filebeat Deployment | `{}` | +| `deployment.labels` | Configurable [labels][] applied to all filebeat Deployment pods | `{}` | +| `deployment.affinity` | Configurable [affinity][] for filebeat Deployment | `{}` | +| `deployment.enabled` | If true, enable deployment | `false` | +| `deployment.envFrom` | Templatable string of `envFrom` to be passed to the [environment from variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for Deployment | `[]` | +| `deployment.extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for DaemonSet | `[]` | +| `deployment.extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for Deployment | `[]` | +| `daemonset.hostAliases` | Configurable [hostAliases][] for filebeat Deployment | `[]` | +| `deployment.filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for filebeat Deployment | see [values.yaml][] | +| `deployment.nodeSelector` | Configurable [nodeSelector][] for filebeat Deployment | `{}` | +| `deployment.secretMounts` | Allows you easily mount a secret as a file inside the Deployment Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `deployment.resources` | Allows you to set the [resources][] for filebeat Deployment | see [values.yaml][] | +| `deployment.securityContext` | Configurable [securityContext][] for filebeat Deployment pod execution environment | see [values.yaml][] | +| `deployment.tolerations` | Configurable [tolerations][] for filebeat Deployment | `[]` | +| `replicas` | The replica count for the Filebeat deployment | `1` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `extraInitContainers` | Templatable string of additional containers to be passed to the `tpl` function | `""` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostPathRoot` | Fully-qualified [hostPath][] that will be used to persist filebeat registry data | `/var/lib` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The filebeat Docker image tag | `7.17.1` | +| `image` | The filebeat Docker image | `docker.elastic.co/beats/filebeat` | +| `livenessProbe` | Parameters to pass to liveness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `managedServiceAccount` | Whether the `serviceAccount` should be managed by this helm chart. Set this to `false` in order to manage your own service account and related roles | `true` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `podAnnotations` | Configurable [annotations][] applied to all filebeat pods | `{}` | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `readinessProbe` | Parameters to pass to readiness [probe][] checks for values such as timeouts and thresholds | see [values.yaml][] | +| `serviceAccount` | Custom [serviceAccount][] that filebeat will use during execution. By default will use the service account created by this chart | `""` | +| `serviceAccountAnnotations` | Annotations to be added to the ServiceAccount that is created by this chart. | `{}` | +| `terminationGracePeriod` | Termination period (in seconds) to wait before killing filebeat pod process on pod shutdown | `30` | +| `updateStrategy` | The [updateStrategy][] for the DaemonSet By default Kubernetes will kill and recreate pods on updates. Setting this to `OnDelete` will require that pods be deleted manually | `RollingUpdate` | + +### Deprecated + +| Parameter | Description | Default | +|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| `affinity` | Configurable [affinity][] for filebeat DaemonSet | `{}` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to filebeat container for both DaemonSet and Deployment | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function for both DaemonSet and Deployment | `[]` | +| `filebeatConfig` | Allows you to add any config files in `/usr/share/filebeat` such as `filebeat.yml` for both filebeat DaemonSet and Deployment | `{}` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `nodeSelector` | Configurable [nodeSelector][] for filebeat DaemonSet | `{}` | +| `podSecurityContext` | Configurable [securityContext][] for filebeat DaemonSet and Deployment pod execution environment | `{}` | +| `resources` | Allows you to set the [resources][] for both filebeat DaemonSet and Deployment | `{}` | +| `secretMounts` | Allows you easily mount a secret as a file inside DaemonSet and Deployment Useful for mounting certificates and other secrets | `[]` | +| `tolerations` | Configurable [tolerations][] for both filebeat DaemonSet and Deployment | `[]` | +| `labels` | Configurable [labels][] applied to all filebeat pods | `{}` | + +## FAQ + +### How to use Filebeat with Elasticsearch with security (authentication and TLS) enabled? + +This Helm chart can use existing [Kubernetes secrets][] to setup +credentials or certificates for examples. These secrets should be created +outside of this chart and accessed using [environment variables][] and volumes. + +An example can be found in [examples/security][]. + +### How to install OSS version of Filebeat? + +Deploying OSS version of Filebeat can be done by setting `image` value to +[Filebeat OSS Docker image][] + +An example of Filebeat deployment using OSS version can be found in +[examples/oss][]. + +### Why is Filebeat host.name field set to Kubernetes pod name? + +The default Filebeat configuration is using Filebeat pod name for +`agent.hostname` and `host.name` fields. The `hostname` of the Kubernetes nodes +can be find in `kubernetes.node.name` field. If you would like to have +`agent.hostname` and `host.name` fields set to the hostname of the nodes, you'll +need to set `hostNetworking` value to true. + +Note that enabling [hostNetwork][] make Filebeat pod use the host network +namespace which gives it access to the host loopback device, services listening +on localhost, could be used to snoop on network activity of other pods on the +same node. + +### How do I get multiple beats agents working with hostNetworking enabled? + +The default http port for multiple beats agents may be on the same port, for +example, Filebeats and Metricbeats both default to 5066. When `hostNetworking` +is enabled this will cause collisions when standing up the http server. The work +around for this is to set `http.port` in the config file for one of the beats agent +to use a different port. + +### How to change readinessProbe for outputs which don't support testing + +Some [Filebeat outputs][] like [Kafka output][] don't support testing using +`filebeat test output` command which is used by Filebeat chart readiness probe. + +This makes Filebeat pods crash before being ready with the following message: +`Readiness probe failed: kafka output doesn't support testing`. + +The workaround when using this kind of output is to override the readiness probe +command to check Filebeat API instead (same as existing liveness probe). + +``` +readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 +``` + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.17]: https://github.com/elastic/helm-charts/releases +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[cluster role rules]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole +[dnsConfig]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples +[examples/oss]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/oss +[examples/security]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/security +[filebeat docker image]: https://www.elastic.co/guide/en/beats/filebeat/7.17/running-on-docker.html +[filebeat oss docker image]: https://www.docker.elastic.co/r/beats/filebeat-oss +[filebeat outputs]: https://www.elastic.co/guide/en/beats/filebeat/7.17/configuring-output.html +[helm]: https://helm.sh +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[hostNetwork]: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces +[hostPath]: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[kafka output]: https://www.elastic.co/guide/en/beats/filebeat/7.17/kafka-output.html +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[podSecurityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.17/README.md#supported-configurations +[serviceAccount]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[updateStrategy]: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/Makefile new file mode 100644 index 000000000..b39ece967 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-filebeat-default + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/README.md new file mode 100644 index 000000000..00c3ecc66 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Filebeat 7.17.1 using [default values][]. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.17/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/test/goss.yaml new file mode 100644 index 000000000..4774c80ec --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/default/test/goss.yaml @@ -0,0 +1,47 @@ +port: + tcp:5066: + listening: true + ip: + - "127.0.0.1" + +mount: + /usr/share/filebeat/data: + exists: true + /run/docker.sock: + exists: true + /var/lib/docker/containers: + exists: true + opts: + - ro + /usr/share/filebeat/filebeat.yml: + exists: true + opts: + - ro + +user: + filebeat: + exists: true + uid: 1000 + gid: 1000 + +http: + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "filebeat-7.17.1" + +file: + /usr/share/filebeat/filebeat.yml: + exists: true + contains: + - "add_kubernetes_metadata" + - "output.elasticsearch" + - "elasticsearch-master:9200" + +command: + cd /usr/share/filebeat && filebeat test output: + exit-status: 0 + stdout: + - "elasticsearch: http://elasticsearch-master:9200" + - "version: 7.17.1" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/Makefile new file mode 100644 index 000000000..0bc285379 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-filebeat-deployment + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/README.md new file mode 100644 index 000000000..1c0b5b633 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/README.md @@ -0,0 +1,27 @@ +# Default + +This example deploy Filebeat 7.17.1 using [default values][] as a Kubernetes Deployment. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/filebeat/examples/deployment/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/master/filebeat/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/test/goss.yaml new file mode 100644 index 000000000..c5e5868cf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/test/goss.yaml @@ -0,0 +1,6 @@ +http: + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "filebeat-7.17.1" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/values.yaml new file mode 100644 index 000000000..bf1cf06c1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/deployment/values.yaml @@ -0,0 +1,16 @@ +deployment: + enabled: true + +daemonset: + enabled: false + +filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: log + paths: + - /usr/share/filebeat/logs/filebeat + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/Makefile new file mode 100644 index 000000000..3caa17af1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-filebeat-oss + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/README.md new file mode 100644 index 000000000..1729b06ce --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/README.md @@ -0,0 +1,27 @@ +# OSS + +This example deploy Filebeat 7.17.1 using [Filebeat OSS][] version. + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with the default values: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/oss-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[filebeat oss]: https://www.elastic.co/downloads/beats/filebeat-oss +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.17/elasticsearch/examples/oss/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/oss/test/goss.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/test/goss.yaml new file mode 100644 index 000000000..77f6b0727 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/test/goss.yaml @@ -0,0 +1,22 @@ +port: + tcp:5066: + listening: true + ip: + - "127.0.0.1" + +mount: + /usr/share/filebeat/data: + exists: true + +user: + filebeat: + exists: true + uid: 1000 + gid: 1000 + +http: + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "filebeat-oss-7.17.1" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/values.yaml new file mode 100644 index 000000000..7f713fede --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/oss/values.yaml @@ -0,0 +1,22 @@ +image: docker.elastic.co/beats/filebeat-oss + +daemonset: + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + output.elasticsearch: + host: '${NODE_NAME}' + hosts: "elasticsearch-master:9200" + index: "filebeat-oss-%{[agent.version]}-%{+yyyy.MM.dd}" + setup.ilm.enabled: false + setup.template.name: "filebeat" + setup.template.pattern: "filebeat-oss-*" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/Makefile new file mode 100644 index 000000000..7bec9abec --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/Makefile @@ -0,0 +1,13 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-filebeat-security + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/README.md new file mode 100644 index 000000000..7c38422ce --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy Filebeat 7.17.1 using authentication and TLS to connect to +Elasticsearch (see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Filebeat chart with security: `make install` + +* You can now setup a port forward to query Filebeat indices: + + ``` + kubectl port-forward svc/security-master 9200 + curl -u elastic:changeme https://localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.17/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.17/filebeat/examples/security/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/test/goss.yaml new file mode 100644 index 000000000..c80a85e6c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/test/goss.yaml @@ -0,0 +1,9 @@ +http: + https://security-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "filebeat-7.17.1" + allow-insecure: true + username: "{{ .Env.ELASTICSEARCH_USERNAME }}" + password: "{{ .Env.ELASTICSEARCH_PASSWORD }}" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/values.yaml new file mode 100644 index 000000000..606961fa8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/security/values.yaml @@ -0,0 +1,37 @@ +filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + username: '${ELASTICSEARCH_USERNAME}' + password: '${ELASTICSEARCH_PASSWORD}' + protocol: https + hosts: ["security-master:9200"] + ssl.certificate_authorities: + - /usr/share/filebeat/config/certs/elastic-certificate.pem + +secretMounts: + - name: elastic-certificate-pem + secretName: elastic-certificate-pem + path: /usr/share/filebeat/config/certs + +extraEnvs: + - name: 'ELASTICSEARCH_USERNAME' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: username + - name: 'ELASTICSEARCH_PASSWORD' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: password diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/Makefile new file mode 100644 index 000000000..054b53c23 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/Makefile @@ -0,0 +1,16 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := filebeat +RELEASE := helm-filebeat-upgrade +FROM := 7.9.0 # registry file version 1 not supported error with previous version + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status daemonset $(RELEASE)-filebeat + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/README.md new file mode 100644 index 000000000..fa3ee3b85 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/README.md @@ -0,0 +1,21 @@ +# Upgrade + +This example will deploy Filebeat chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy [Elasticsearch Helm chart][]: `helm install elasticsearch elastic/elasticsearch` + +* Deploy and upgrade Filebeat chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/filebeat/examples/upgrade/test/goss.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/test/goss.yaml new file mode 100644 index 000000000..0b7a0c14f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/test/goss.yaml @@ -0,0 +1,45 @@ +port: + tcp:5066: + listening: true + ip: + - "127.0.0.1" + +mount: + /usr/share/filebeat/data: + exists: true + /run/docker.sock: + exists: true + /var/lib/docker/containers: + exists: true + opts: + - ro + /usr/share/filebeat/filebeat.yml: + exists: true + opts: + - ro + +user: + filebeat: + exists: true + uid: 1000 + gid: 1000 + +http: + http://upgrade-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "filebeat-7.17.1" + +file: + /usr/share/filebeat/filebeat.yml: + exists: true + contains: + - "add_kubernetes_metadata" + - "output.elasticsearch" + +command: + cd /usr/share/filebeat && filebeat test output: + exit-status: 0 + stdout: + - "elasticsearch: http://upgrade-master:9200" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/values.yaml new file mode 100644 index 000000000..8b230601e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/examples/upgrade/values.yaml @@ -0,0 +1,4 @@ +--- +extraEnvs: + - name: ELASTICSEARCH_HOSTS + value: upgrade-master:9200 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/NOTES.txt new file mode 100644 index 000000000..d4cf00bfa --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/NOTES.txt @@ -0,0 +1,2 @@ +1. Watch all containers come up. + $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "filebeat.fullname" . }} -w diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/_helpers.tpl new file mode 100644 index 000000000..a52a93788 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "filebeat.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "filebeat.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Use the fullname if the serviceAccount value is not set +*/}} +{{- define "filebeat.serviceAccount" -}} +{{- if .Values.serviceAccount }} +{{- .Values.serviceAccount -}} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/clusterrole.yaml new file mode 100644 index 000000000..754dfd578 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/clusterrole.yaml @@ -0,0 +1,12 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "filebeat.serviceAccount" . }}-cluster-role + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +rules: {{ toYaml .Values.clusterRoleRules | nindent 2 -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..887775c2c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "filebeat.serviceAccount" . }}-cluster-role-binding + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +roleRef: + kind: ClusterRole + name: {{ template "filebeat.serviceAccount" . }}-cluster-role + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ template "filebeat.serviceAccount" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/configmap.yaml new file mode 100644 index 000000000..559abe1ed --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/configmap.yaml @@ -0,0 +1,53 @@ +{{- if .Values.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if and .Values.daemonset.enabled .Values.daemonset.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-daemonset-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.daemonset.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} + +{{- if and .Values.deployment.enabled .Values.deployment.filebeatConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "filebeat.fullname" . }}-deployment-config + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.deployment.filebeatConfig }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/daemonset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/daemonset.yaml new file mode 100644 index 000000000..d6cd7610c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/daemonset.yaml @@ -0,0 +1,201 @@ +{{- if .Values.daemonset.enabled }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.daemonset.annotations }} + annotations: + {{- range $key, $value := .Values.daemonset.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + selector: + matchLabels: + app: "{{ template "filebeat.fullname" . }}" + release: {{ .Release.Name | quote }} + updateStrategy: + {{- if eq .Values.updateStrategy "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.daemonset.maxUnavailable }} + {{- end }} + type: {{ .Values.updateStrategy }} + template: + metadata: + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.filebeatConfig .Values.daemonset.filebeatConfig }} + configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + name: "{{ template "filebeat.fullname" . }}" + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- if .Values.daemonset.labels }} + {{- range $key, $value := .Values.daemonset.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + tolerations: {{ toYaml ( .Values.tolerations | default .Values.daemonset.tolerations ) | nindent 8 }} + nodeSelector: {{ toYaml ( .Values.nodeSelector | default .Values.daemonset.nodeSelector ) | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + affinity: {{ toYaml ( .Values.affinity | default .Values.daemonset.affinity ) | nindent 8 }} + serviceAccountName: {{ template "filebeat.serviceAccount" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.daemonset.hostNetworking }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: {{ toYaml .Values.dnsConfig | nindent 8 }} + {{- end }} + {{- if .Values.hostAliases | default .Values.daemonset.hostAliases }} + hostAliases: {{ toYaml ( .Values.hostAliases | default .Values.daemonset.hostAliases ) | nindent 8 }} + {{- end }} + volumes: + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.daemonset.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-daemonset-config + {{- end }} + - name: data + hostPath: + path: {{ .Values.hostPathRoot }}/{{ template "filebeat.fullname" . }}-{{ .Release.Namespace }}-data + type: DirectoryOrCreate + - name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + - name: varlog + hostPath: + path: /var/log + - name: varrundockersock + hostPath: + path: /var/run/docker.sock + {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes ) | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + # All the other beats accept a string here while + # filebeat accepts a valid yaml array. We're keeping + # this as a backwards compatible change, while adding + # also a way to pass a string as other templates to + # make these implementations consistent. + # https://github.com/elastic/helm-charts/issues/490 + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 8 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 8 }} + {{- end }} + {{- end }} + containers: + - name: "filebeat" + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + args: + - "-e" + - "-E" + - "http.enabled=true" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + resources: +{{ toYaml ( .Values.resources | default .Values.daemonset.resources ) | indent 10 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.extraEnvs | default .Values.daemonset.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.daemonset.extraEnvs ) | indent 8 }} +{{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.daemonset.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.daemonset.securityContext ) | nindent 10 }} + volumeMounts: + {{- range .Values.secretMounts | default .Values.daemonset.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.daemonset.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} + {{- end }} + - name: data + mountPath: /usr/share/filebeat/data + - name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + - name: varlog + mountPath: /var/log + readOnly: true + # Necessary when using autodiscovery; avoid mounting it otherwise + # See: https://www.elastic.co/guide/en/beats/filebeat/7.17/configuration-autodiscover.html + - name: varrundockersock + mountPath: /var/run/docker.sock + readOnly: true + {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }} +{{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/deployment.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/deployment.yaml new file mode 100644 index 000000000..a8fd82649 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/deployment.yaml @@ -0,0 +1,157 @@ +# Deploy singleton instance in the whole cluster for some unique data sources, like aws input +{{- if .Values.deployment.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: '{{ .Release.Service }}' + release: {{ .Release.Name }} + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: "{{ template "filebeat.fullname" . }}" + release: {{ .Release.Name | quote }} + template: + metadata: + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{/* This forces a restart if the configmap has changed */}} + {{- if or .Values.filebeatConfig .Values.deployment.filebeatConfig }} + configChecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} + {{- end }} + labels: + app: '{{ template "filebeat.fullname" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version }}' + release: '{{ .Release.Name }}' + {{- if .Values.deployment.labels }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- else }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + tolerations: {{ toYaml ( .Values.tolerations | default .Values.deployment.tolerations ) | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + serviceAccountName: {{ template "filebeat.serviceAccount" . }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- if .Values.deployment.hostAliases }} + hostAliases: {{ toYaml .Values.deployment.hostAliases | nindent 8 }} + {{- end }} + volumes: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-config + {{- else if .Values.deployment.filebeatConfig }} + - name: filebeat-config + configMap: + defaultMode: 0600 + name: {{ template "filebeat.fullname" . }}-deployment-config + {{- end }} + {{- if .Values.extraVolumes | default .Values.deployment.extraVolumes }} +{{ toYaml ( .Values.extraVolumes | default .Values.deployment.extraVolumes ) | indent 6 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + # All the other beats accept a string here while + # filebeat accepts a valid yaml array. We're keeping + # this as a backwards compatible change, while adding + # also a way to pass a string as other templates to + # make these implementations consistent. + # https://github.com/elastic/helm-charts/issues/490 + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} + containers: + - name: "filebeat" + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + args: + - "-e" + - "-E" + - "http.enabled=true" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + resources: {{ toYaml ( .Values.resources | default .Values.deployment.resources ) | nindent 10 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.extraEnvs | default .Values.deployment.extraEnvs }} +{{ toYaml ( .Values.extraEnvs | default .Values.deployment.extraEnvs ) | indent 8 }} +{{- end }} + envFrom: {{ toYaml ( .Values.envFrom | default .Values.deployment.envFrom ) | nindent 10 }} + securityContext: {{ toYaml ( .Values.podSecurityContext | default .Values.deployment.securityContext ) | nindent 10 }} + volumeMounts: + {{- range .Values.secretMounts | default .Values.deployment.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{ else }} + {{- range $path, $config := .Values.deployment.filebeatConfig }} + - name: filebeat-config + mountPath: /usr/share/filebeat/{{ $path }} + readOnly: true + subPath: {{ $path }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts }} +{{ toYaml ( .Values.extraVolumeMounts | default .Values.deployment.extraVolumeMounts ) | indent 8 }} + {{- end }} + {{- if .Values.extraContainers }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/role.yaml new file mode 100644 index 000000000..fe3cf924f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/role.yaml @@ -0,0 +1,14 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "filebeat.serviceAccount" . }}-role + labels: + app: "{{ template "filebeat.fullname" . }}" +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: ["get", "create", "update"] +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/rolebinding.yaml new file mode 100644 index 000000000..ff1216841 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "filebeat.serviceAccount" . }}-role-binding + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +roleRef: + kind: Role + name: {{ template "filebeat.serviceAccount" . }}-role + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ template "filebeat.serviceAccount" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/serviceaccount.yaml new file mode 100644 index 000000000..8c0fcc60c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "filebeat.serviceAccount" . }} + annotations: + {{- with .Values.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app: "{{ template "filebeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/values.yaml new file mode 100644 index 000000000..400795b09 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/filebeat/values.yaml @@ -0,0 +1,243 @@ +--- +daemonset: + # Annotations to apply to the daemonset + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the daemonset + enabled: true + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + extraVolumes: + [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: + [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + hostNetworking: false + # Allows you to add any config files in /usr/share/filebeat + # such as filebeat.yml for daemonset + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + # Only used when updateStrategy is set to "RollingUpdate" + maxUnavailable: 1 + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # Various pod security context settings. Bear in mind that many of these have an impact on Filebeat functioning properly. + # + # - User that the container will execute as. Typically necessary to run as root (0) in order to properly collect host container logs. + # - Whether to execute the Filebeat containers as privileged containers. Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +deployment: + # Annotations to apply to the deployment + annotations: {} + # additionals labels + labels: {} + affinity: {} + # Include the deployment + enabled: false + # Extra environment variables for Filebeat container. + envFrom: [] + # - configMapRef: + # name: config-secret + extraEnvs: [] + # - name: MY_ENVIRONMENT_VAR + # value: the_value_goes_here + # Allows you to add any config files in /usr/share/filebeat + extraVolumes: [] + # - name: extras + # emptyDir: {} + extraVolumeMounts: [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + # such as filebeat.yml for deployment + filebeatConfig: + filebeat.yml: | + filebeat.inputs: + - type: tcp + max_message_size: 10MiB + host: "localhost:9000" + + output.elasticsearch: + host: '${NODE_NAME}' + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' + nodeSelector: {} + # A list of secrets and their paths to mount inside the pod + # This is useful for mounting certificates for security other sensitive values + secretMounts: [] + # - name: filebeat-certificates + # secretName: filebeat-certificates + # path: /usr/share/filebeat/certs + # + # - User that the container will execute as. + # Not necessary to run as root (0) as the Filebeat Deployment use cases do not need access to Kubernetes Node internals + # - Typically not necessarily unless running within environments such as OpenShift. + securityContext: + runAsUser: 0 + privileged: false + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "200Mi" + tolerations: [] + +# Replicas being used for the filebeat deployment +replicas: 1 + +extraContainers: "" +# - name: dummy-init +# image: busybox +# command: ['echo', 'hey'] + +extraInitContainers: [] +# - name: dummy-init + +# Root directory where Filebeat will write data to in order to persist registry data across pod restarts (file position and other metadata). +hostPathRoot: /var/lib + +dnsConfig: {} +# options: +# - name: ndots +# value: "2" +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" +image: "docker.elastic.co/beats/filebeat" +imageTag: "7.17.1" +imagePullPolicy: "IfNotPresent" +imagePullSecrets: [] + +livenessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + +readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + filebeat test output + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + +# Whether this chart should self-manage its service account, role, and associated role binding. +managedServiceAccount: true + +clusterRoleRules: + - apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "apps" + resources: + - replicasets + verbs: + - get + - list + - watch + +podAnnotations: + {} + # iam.amazonaws.com/role: es-cluster + +# Custom service account override that the pod will use +serviceAccount: "" + +# Annotations to add to the ServiceAccount that is created if the serviceAccount value isn't set. +serviceAccountAnnotations: + {} + # eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/k8s.clustername.namespace.serviceaccount + +# How long to wait for Filebeat pods to stop gracefully +terminationGracePeriod: 30 +# This is the PriorityClass settings as defined in +# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +priorityClassName: "" + +updateStrategy: RollingUpdate + +# Override various naming aspects of this chart +# Only edit these if you know what you're doing +nameOverride: "" +fullnameOverride: "" + +# DEPRECATED +affinity: {} +envFrom: [] +extraEnvs: [] +extraVolumes: [] +extraVolumeMounts: [] +# Allows you to add any config files in /usr/share/filebeat +# such as filebeat.yml for both daemonset and deployment +filebeatConfig: {} +nodeSelector: {} +podSecurityContext: {} +resources: {} +secretMounts: [] +tolerations: [] +labels: {} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/Chart.yaml new file mode 100644 index 000000000..63a0bd226 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +appVersion: v2.1.0 +deprecated: true +description: Uses fluent-bit Loki go plugin for gathering logs and sending them to + Loki +home: https://grafana.com/loki +icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png +kubeVersion: ^1.10.0-0 +maintainers: +- email: lokiproject@googlegroups.com + name: Loki Maintainers +name: fluent-bit +sources: +- https://github.com/grafana/loki +version: 2.3.1 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/README.md new file mode 100644 index 000000000..9a9aa7a05 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/README.md @@ -0,0 +1,126 @@ +# Fluent Bit Loki chart + +DEPRECATED. Please use the official Fluent-Bit chart at https://github.com/fluent/helm-charts. + +This chart install the Fluent Bit application to ship logs to Loki. It defines daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +> If you don't have `Helm` installed locally, or `Tiller` installed in your Kubernetes cluster, read the [Using Helm](https://docs.helm.sh/using_helm/) documentation to get started. +To install the chart with the release name `my-release` using our helm repository: + +```bash +helm repo add grafana https://grafana.github.io/helm-charts +helm upgrade --install my-release grafana/fluent-bit \ + --set loki.serviceName=loki.default.svc.cluster.local +``` + +If you deploy Loki with a custom namespace or service name, you must change the value above for `loki.serviceName` to the appropriate value. + +The command deploys Fluent Bit on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +To configure the chart to send to [Grafana Cloud](https://grafana.com/products/cloud) use: + +```bash +helm upgrade --install my-release grafana/fluent-bit \ + --set loki.serviceName=logs-us-west1.grafana.net,loki.servicePort=80,loki.serviceScheme=https \ + --set loki.user=2830,loki.password=1234 +``` + +> **Tip**: List all releases using `helm list` + +To install a custom tag use the following command: + +```bash +helm upgrade --install my-release grafana/fluent-bit \ + --set image.tag= +``` + +The full list of available tags on [docker hub](https://cloud.docker.com/u/grafana/repository/docker/grafana/fluent-bit-plugin-loki). + +Alternatively you can install the full [Loki stack](../loki-stack) (Loki + Fluent Bit) using: + +```bash +helm upgrade --install my-release grafana/loki-stack \ + --set fluent-bit.enabled=true,promtail.enabled=false +``` + +This will automatically configured the `loki.serviceName` configuration field to the newly created Loki instance. + +## RBAC + +By default, `rbac.create` is set to true. This enable RBAC support in Fluent Bit and must be true if RBAC is enabled in your cluster. + +The chart will take care of creating the required service accounts and roles for Fluent Bit. + +If you have RBAC disabled, or to put it another way, ABAC enabled, you should set this value to `false`. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Fluent Bit chart and their default values. + +For more details, read the [Fluent Bit documentation](../../../cmd/fluent-bit/README.md) + +| Parameter | Description | Default | +|--------------------------|----------------------------------------------------------------------------------------------------|----------------------------------| +| `loki.serviceName` | The address of the Loki service. | `"${RELEASE}-loki"` | +| `loki.servicePort` | The port of the Loki service. | `3100` | +| `loki.serviceScheme` | The scheme of the Loki service. | `http` | +| `loki.user` | The http basic auth username to access the Loki service. | | +| `loki.password` | The http basic auth password to access the Loki service. | | +| `config.port` | the Fluent Bit port to listen. (This is mainly used to serve metrics) | `2020` | +| `config.tenantID` | The tenantID used by default to push logs to Loki | `''` | +| `config.batchWait` | Time to wait before send a log batch to Loki, full or not. (unit: secs) | `1` | +| `config.batchSize` | Log batch size to send a log batch to Loki. (unit: bytes) | `10240` (10KiB) | +| `config.loglevel` | the Fluent Bit log level (debug,info,warn,error). | `warn` | +| `config.lineFormat` | The line format to use to send a record (json/key_value) | `json` | +| `config.k8sLoggingParser`| Allow Kubernetes Pods to suggest a pre-defined Parser. See [Official Fluent Bit documentation](https://docs.fluentbit.io/manual/filter/kubernetes#kubernetes-annotations). | `Off` | +| `config.k8sLoggingExclude`| Allow Kubernetes Pods to exclude their logs from the log processor. See [Official Fluent Bit documentation](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes) | `Off` +| `config.memBufLimit` | Override the default Mem_Buf_Limit [Official Fluent Bit documentation](https://docs.fluentbit.io/manual/administration/backpressure#mem_buf_limit) | `5MB` +| `config.removeKeys` | The list of key to remove from each record | `[removeKeys,stream]` | +| `config.labels` | A set of labels to send for every log | `'{job="fluent-bit"}'` | +| `config.autoKubernetesLabels` | If set to true, it will add all Kubernetes labels to Loki labels | `false` | +| `config.labelMap` | Mapping of labels from a record. See [Fluent Bit documentation](../../../cmd/fluent-bit/README.md) | | +| `config.parsers` | Definition of extras fluent bit parsers. See [Official Fluent Bit documentation](https://docs.fluentbit.io/manual/filter/parser). The format is a sequence of mappings where each key is the same as the one in the [PARSER] section of parsers.conf file | `[]` | +| `config.extraOutputs` | Definition of extras fluent bit outputs. See [Official Fluent Bit documentation](https://docs.fluentbit.io/manual/pipeline/outputs/). The format is a sequence of mappings where each key is the same as the one in the [OUTPUT] | `[]` | +| `affinity` | [affinity][affinity] settings for pod assignment | `{}` | +| `annotations` | Annotations to add to Kubernetes resources. | `{}` | +| `deploymentStrategy` | The deployment strategy to use with the daemonset | `RollingUpdate` | +| `image.repository` | The Fluent Bit docker image repository | `grafana/fluent-bit-plugin-loki` | +| `image.tag` | The Fluent Bit docker image tag | `0.1` | +| `image.pullPolicy` | The Fluent Bit docker image pull policy | `IfNotPresent` | +| `nodeSelector` | Fluent Bit [node labels][nodeSelector] for pod assignment | `{}` | +| `podLabels` | additional Fluent Bit pod labels | `{}` | +| `podAnnotations` | additional Fluent Bit pod annotations | `Prometheus discovery` | +| `rbac.create` | Activate support for RBAC | `true` | +| `resources` | Resource requests/limit | | +| `tolerations` | [Toleration][toleration] labels for pod assignment | `no schedule on master nodes` | +| `volumes` | [Volume]([volumes]) to mount | `host containers log` | +| `volumeMounts` | Volume mount mapping | | +| `serviceMonitor.enabled` | Create a [Prometheus Operator](operator) serviceMonitor resource for Fluent Bit | `false` | + + +[toleration]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[volumes]: https://kubernetes.io/docs/concepts/storage/volumes/ +[operator]: https://github.com/coreos/prometheus-operator diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/NOTES.txt new file mode 100644 index 000000000..636aa92ce --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/NOTES.txt @@ -0,0 +1,11 @@ +!WARNING! !WARNING! !WARNING! !WARNING! !WARNING! + +Please use the official fluent-bit chart + +https://github.com/fluent/helm-charts + +!WARNING! !WARNING! !WARNING! !WARNING! !WARNING! + +Verify the application is working by running these commands: + kubectl --namespace {{ .Release.Namespace }} port-forward daemonset/{{ include "fluent-bit-loki.fullname" . }} {{ .Values.config.port }} + curl http://127.0.0.1:{{ .Values.config.port }}/api/v1/metrics/prometheus diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/_helpers.tpl new file mode 100644 index 000000000..ddbbe85a1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "fluent-bit-loki.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fluent-bit-loki.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fluent-bit-loki.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "fluent-bit-loki.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "fluent-bit-loki.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +The service name to connect to Loki. Defaults to the same logic as "loki.fullname" +*/}} +{{- define "loki.serviceName" -}} +{{- if .Values.loki.serviceName -}} +{{- .Values.loki.serviceName -}} +{{- else if .Values.loki.fullnameOverride -}} +{{- .Values.loki.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "loki" .Values.loki.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "helm-toolkit.utils.joinListWithComma" -}} +{{- $local := dict "first" true -}} +{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/clusterrole.yaml new file mode 100644 index 000000000..6b1a27c2f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/clusterrole.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "fluent-bit-loki.fullname" . }}-clusterrole +rules: +- apiGroups: [""] # "" indicates the core API group + resources: + - namespaces + - pods + verbs: ["get", "watch", "list"] +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f825c97bf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "fluent-bit-loki.fullname" . }}-clusterrolebinding + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "fluent-bit-loki.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "fluent-bit-loki.fullname" . }}-clusterrole + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/configmap.yaml new file mode 100644 index 000000000..e9f3745b3 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/configmap.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fluent-bit-loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + fluent-bit.conf: |- + [SERVICE] + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_PORT {{ .Values.config.port }} + Flush 1 + Daemon Off + Log_Level {{ .Values.config.loglevel }} + Parsers_File parsers.conf + [INPUT] + Name tail + Tag kube.* + Path /var/log/containers/*.log + Parser docker + DB /run/fluent-bit/flb_kube.db + Mem_Buf_Limit {{ .Values.config.memBufLimit }} + Buffer_Chunk_size {{ .Values.config.bufChunkSize }} + Buffer_Max_size {{ .Values.config.bufMaxSize }} + [FILTER] + Name kubernetes + Match kube.* + Kube_URL https://kubernetes.default.svc:443 + Merge_Log On + K8S-Logging.Exclude {{ .Values.config.k8sLoggingExclude }} + K8S-Logging.Parser {{ .Values.config.k8sLoggingParser }} + [Output] + Name grafana-loki + Match * + {{- if and .Values.loki.user .Values.loki.password }} + Url {{ .Values.loki.serviceScheme }}://{{ .Values.loki.user }}:{{ .Values.loki.password }}@{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}{{ .Values.loki.servicePath }} + {{- else }} + Url {{ .Values.loki.serviceScheme }}://{{ include "loki.serviceName" . }}:{{ .Values.loki.servicePort }}{{ .Values.loki.servicePath }} + {{- end }} + TenantID {{ .Values.config.tenantID }} + BatchWait {{ .Values.config.batchWait }} + BatchSize {{ int .Values.config.batchSize }} + Labels {{ .Values.config.labels }} + RemoveKeys {{ include "helm-toolkit.utils.joinListWithComma" .Values.config.removeKeys }} + AutoKubernetesLabels {{ .Values.config.autoKubernetesLabels }} + LabelMapPath /fluent-bit/etc/labelmap.json + LineFormat {{ .Values.config.lineFormat }} + LogLevel {{ .Values.config.loglevel }} + {{- range $extraOutput := .Values.config.extraOutputs }} + [OUTPUT] + {{- range $key,$value := $extraOutput }} + {{ $key }} {{ $value }} + {{- end }} + {{- end }} + parsers.conf: |- + [PARSER] + Name docker + Format json + Time_Key time + Time_Format %Y-%m-%dT%H:%M:%S.%L + {{- range $parser:= .Values.config.parsers }} + [PARSER] + {{- range $key,$value := $parser }} + {{ $key }} {{ $value }} + {{- end }} + {{- end }} + + labelmap.json: |- + {{- .Values.config.labelMap | toPrettyJson | nindent 4}} + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/daemonset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/daemonset.yaml new file mode 100644 index 000000000..6652c2964 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/daemonset.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "fluent-bit-loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- toYaml .Values.annotations | nindent 4 }} +spec: + selector: + matchLabels: + app: {{ template "fluent-bit-loki.name" . }} + release: {{ .Release.Name }} + updateStrategy: + type: {{ .Values.deploymentStrategy }} + {{- if ne .Values.deploymentStrategy "RollingUpdate" }} + rollingUpdate: null + {{- end }} + template: + metadata: + labels: + app: {{ template "fluent-bit-loki.name" . }} + release: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "fluent-bit-loki.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - name: fluent-bit-loki + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: config + mountPath: /fluent-bit/etc + - name: run + mountPath: /run/fluent-bit + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - containerPort: {{ .Values.config.port }} + name: http-metrics + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + terminationGracePeriodSeconds: 10 + volumes: + - name: config + configMap: + name: {{ template "fluent-bit-loki.fullname" . }} + - name: run + hostPath: + path: /run/fluent-bit + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..a38514e67 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/podsecuritypolicy.yaml @@ -0,0 +1,34 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "fluent-bit-loki.fullname" . }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'secret' + - 'configMap' + - 'hostPath' + - 'projected' + - 'downwardAPI' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/role.yaml new file mode 100644 index 000000000..036c2889a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "fluent-bit-loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.rbac.pspEnabled }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "fluent-bit-loki.fullname" . }}] +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/rolebinding.yaml new file mode 100644 index 000000000..90315e85c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "fluent-bit-loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "fluent-bit-loki.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "fluent-bit-loki.serviceAccountName" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/service-headless.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/service-headless.yaml new file mode 100644 index 000000000..332d1063d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/service-headless.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fluent-bit-loki.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + clusterIP: None + ports: + - port: {{ .Values.config.port }} + protocol: TCP + name: http-metrics + targetPort: http-metrics + selector: + app: {{ template "fluent-bit-loki.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/serviceaccount.yaml new file mode 100644 index 000000000..7933b61e9 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "fluent-bit-loki.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/servicemonitor.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/servicemonitor.yaml new file mode 100644 index 000000000..162f96018 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/templates/servicemonitor.yaml @@ -0,0 +1,35 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "fluent-bit-loki.fullname" . }} + labels: + app: {{ template "fluent-bit-loki.name" . }} + chart: {{ template "fluent-bit-loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.serviceMonitor.additionalLabels }} +{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} + {{- if .Values.serviceMonitor.annotations }} + annotations: +{{ toYaml .Values.serviceMonitor.annotations | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "fluent-bit-loki.name" . }} + release: {{ .Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + endpoints: + - port: http-metrics + path: /api/v1/metrics/prometheus + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/values.yaml new file mode 100644 index 000000000..6cacf729d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/fluent-bit/values.yaml @@ -0,0 +1,122 @@ +--- +loki: + serviceName: "" # Defaults to "${RELEASE}-loki" if not set + servicePort: 3100 + serviceScheme: http + servicePath: /api/prom/push + # user: user + # password: pass +config: + port: 2020 + tenantID: '""' + batchWait: 1 + batchSize: 1048576 + loglevel: warn + lineFormat: json + k8sLoggingExclude: "Off" + k8sLoggingParser: "Off" + memBufLimit: "5MB" + bufChunkSize: "32k" + bufMaxSize: "32k" + removeKeys: + - kubernetes + - stream + autoKubernetesLabels: false + labels: '{job="fluent-bit"}' + labelMap: + kubernetes: + namespace_name: namespace + labels: + app: app + release: release + host: node + container_name: container + pod_name: instance + stream: stream + # parsers: # Allow to define custom parsers. The key here is the same as the one in the [PARSER] section of parsers.conf file. + # - Name: json + # Format: json + # Time_Key: time + # Time_Format: "%d/%b/%Y:%H:%M:%S %z" + + # extraOutputs: # Allow to define extra outputs in addition to the one automatically created + # - Name: stdout + # Format: json + # json_date_format: time + +affinity: {} + +annotations: {} + +deploymentStrategy: RollingUpdate + +image: + repository: grafana/fluent-bit-plugin-loki + tag: 2.1.0-amd64 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be present in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # pullSecrets: + # - myRegistrKeySecretName + +nameOverride: fluent-bit-loki + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +nodeSelector: {} + +## Pod Labels +podLabels: {} + +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "2020" + prometheus.io/path: /api/v1/metrics/prometheus + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +rbac: + create: true + pspEnabled: true + +resources: + limits: + memory: 100Mi + requests: + cpu: 100m + memory: 100Mi + +serviceAccount: + create: true + name: + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: +- key: node-role.kubernetes.io/master + effect: NoSchedule + +# Extra volumes to scrape logs from +volumes: +- name: varlog + hostPath: + path: /var/log +- name: varlibdockercontainers + hostPath: + path: /var/lib/docker/containers + +volumeMounts: +- name: varlog + mountPath: /var/log +- name: varlibdockercontainers + mountPath: /var/lib/docker/containers + readOnly: true + +serviceMonitor: + enabled: false + interval: "" + additionalLabels: {} + annotations: {} + # scrapeTimeout: 10s diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/.helmignore new file mode 100644 index 000000000..8cade1318 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/Chart.yaml new file mode 100644 index 000000000..9e570a42f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 8.4.2 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 6.24.1 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/README.md new file mode 100644 index 000000000..3d426b3d4 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/README.md @@ -0,0 +1,561 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `8.2.5` | +| `image.sha` | Image sha (optional) | `2acf04c016c77ca2e89af3536367ce847ee326effb933121881c7c89781051d3` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.enabled` | Enable grafana service | `true` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `headlessService` | Create a headless service | `false` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `""` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.15.6` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.securityContext` | Sidecar securityContext | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` | +| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | +| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | +| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.4.1` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | +| `imageRenderer.service.portName` | image-renderer service port name | `http` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaProtocol` | Protocol to use for image renderer callback url | `http` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | +| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` | + + + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +Volume can be type persistentVolumeClaim or hostPath but not both at same time. +If none existingClaim or hostPath argument is givent then type is emptyDir. + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false + - name: dashboards + mountPath: /var/lib/grafana/dashboards + hostPath: /usr/shared/grafana/dashboards + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance + +### High Availability for unified alerting + +If you want to run Grafana in a high availability cluster you need to enable +the headless service by setting `headlessService: true` in your `values.yaml` +file. + +As next step you have to setup the `grafana.ini` in your `values.yaml` in a way +that it will make use of the headless service to obtain all the IPs of the +cluster. You should replace ``{{ Name }}`` with the name of your helm deployment. + +```yaml +grafana.ini: + ... + unified_alerting: + enabled: true + ha_peers: {{ Name }}-headless:9094 + alerting: + enabled: false +``` diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/default-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/default-values.yaml new file mode 100644 index 000000000..fc2ba605a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-dashboard-json-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-dashboard-json-values.yaml new file mode 100644 index 000000000..e0c4e4168 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-dashboard-json-values.yaml @@ -0,0 +1,53 @@ +dashboards: + my-provider: + my-awesome-dashboard: + # An empty but valid dashboard + json: | + { + "__inputs": [], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "6.3.5" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [], + "schemaVersion": 19, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": ["5s"] + }, + "timezone": "", + "title": "Dummy Dashboard", + "uid": "IdcYQooWk", + "version": 1 + } + datasource: Prometheus diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-dashboard-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-dashboard-values.yaml new file mode 100644 index 000000000..7b662c5fd --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-dashboard-values.yaml @@ -0,0 +1,19 @@ +dashboards: + my-provider: + my-awesome-dashboard: + gnetId: 10000 + revision: 1 + datasource: Prometheus +dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: 'my-provider' + orgId: 1 + folder: '' + type: file + updateIntervalSeconds: 10 + disableDeletion: true + editable: true + options: + path: /var/lib/grafana/dashboards/my-provider diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-image-renderer-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-image-renderer-values.yaml new file mode 100644 index 000000000..32f307434 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/ci/with-image-renderer-values.yaml @@ -0,0 +1,19 @@ +podLabels: + customLableA: Aaaaa +imageRenderer: + enabled: true + env: + RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + RENDERING_MODE: clustered + podLabels: + customLableB: Bbbbb + networkPolicy: + limitIngress: true + limitEgress: true + resources: + limits: + cpu: 1000m + memory: 1000Mi + requests: + cpu: 500m + memory: 50Mi diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/dashboards/custom-dashboard.json b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/dashboards/custom-dashboard.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/NOTES.txt new file mode 100644 index 000000000..1fc8436d9 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/_helpers.tpl new file mode 100644 index 000000000..f0c06aadb --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/_helpers.tpl @@ -0,0 +1,163 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Looks if there's an existing secret and reuse its password. If not it generates +new password and use it. +*/}} +{{- define "grafana.password" -}} +{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} + {{- if $secret -}} + {{- index $secret "data" "admin-password" -}} + {{- else -}} + {{- (randAlphaNum 40) | b64enc | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "grafana.rbac.apiVersion" -}} + {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} + {{- print "rbac.authorization.k8s.io/v1" -}} + {{- else -}} + {{- print "rbac.authorization.k8s.io/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "grafana.ingress.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}} + {{- print "networking.k8s.io/v1" -}} + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "extensions/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return if ingress is stable. +*/}} +{{- define "grafana.ingress.isStable" -}} + {{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" -}} +{{- end -}} + +{{/* +Return if ingress supports ingressClassName. +*/}} +{{- define "grafana.ingress.supportsIngressClassName" -}} + {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} +{{- end -}} + +{{/* +Return if ingress supports pathType. +*/}} +{{- define "grafana.ingress.supportsPathType" -}} + {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/_pod.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/_pod.tpl new file mode 100644 index 000000000..855c010bf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/_pod.tpl @@ -0,0 +1,684 @@ + +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} + - name: {{ template "grafana.name" . }}-init-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: "LIST" + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end }} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: {{ quote .Values.sidecar.notifiers.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +{{- if not .Values.enableKubeBackwardCompatibility }} +enableServiceLinks: {{ .Values.enableServiceLinks }} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: {{ quote .Values.sidecar.dashboards.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + {{- if .Values.sidecar.dashboards.script }} + - name: SCRIPT + value: "{{ .Values.sidecar.dashboards.script }}" + {{- end }} + {{- if .Values.sidecar.dashboards.watchServerTimeout }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.dashboards.watchClientTimeout }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} + {{- if .Values.sidecar.dashboards.extraMounts }} + {{- toYaml .Values.sidecar.dashboards.extraMounts | trim | nindent 6}} + {{- end }} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.datasources.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.datasources.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.datasources.reloadURL }} + - name: REQ_METHOD + value: POST + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.plugins.enabled }} + - name: {{ template "grafana.name" . }}-sc-plugins + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.plugins.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.plugins.label }}" + {{- if .Values.sidecar.plugins.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.plugins.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/plugins" + - name: RESOURCE + value: {{ quote .Values.sidecar.plugins.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.plugins.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.plugins.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.plugins.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.plugins.reloadURL }} + - name: REQ_METHOD + value: POST + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-plugins-volume + mountPath: "/etc/grafana/provisioning/plugins" +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} +{{- range (keys .Values.datasources | sortAlpha) }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" + subPath: {{ . | quote }} +{{- end }} +{{- end }} +{{- if .Values.notifiers }} +{{- range (keys .Values.notifiers | sortAlpha) }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" + subPath: {{ . | quote }} +{{- end }} +{{- end }} +{{- if .Values.dashboardProviders }} +{{- range (keys .Values.dashboardProviders | sortAlpha) }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}" + subPath: {{ . | quote }} +{{- end }} +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.plugins.enabled }} + - name: sc-plugins-volume + mountPath: "/etc/grafana/provisioning/plugins" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.port }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{- if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{- end }} + - name: GF_PATHS_DATA + value: {{ (get .Values "grafana.ini").paths.data }} + - name: GF_PATHS_LOGS + value: {{ (get .Values "grafana.ini").paths.logs }} + - name: GF_PATHS_PLUGINS + value: {{ (get .Values "grafana.ini").paths.plugins }} + - name: GF_PATHS_PROVISIONING + value: {{ (get .Values "grafana.ini").paths.provisioning }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) }} + envFrom: + {{- if .Values.envFromSecret }} + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + {{- range .Values.envFromSecrets }} + - secretRef: + name: {{ .name }} + optional: {{ .optional | default false }} + {{- end }} + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +{{- with .Values.nodeSelector }} +nodeSelector: +{{ toYaml . | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +{{- with .Values.tolerations }} +tolerations: +{{ toYaml . | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.plugins.enabled }} + - name: sc-plugins-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + path: {{ .hostPath }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/clusterrole.yaml new file mode 100644 index 000000000..f09e06563 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4accbfac0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/configmap-dashboard-provider.yaml new file mode 100644 index 000000000..65d73858e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/configmap.yaml new file mode 100644 index 000000000..c72219fb8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/configmap.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/dashboards-json-configmap.yaml new file mode 100644 index 000000000..59e0be641 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/deployment.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/deployment.yaml new file mode 100644 index 000000000..8dbe5e107 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/deployment.yaml @@ -0,0 +1,50 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }} + replicas: {{ .Values.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/extra-manifests.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/extra-manifests.yaml new file mode 100644 index 000000000..a9bb3b6ba --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/headless-service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/headless-service.yaml new file mode 100644 index 000000000..1df42e967 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/headless-service.yaml @@ -0,0 +1,22 @@ +{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset"))}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/hpa.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/hpa.yaml new file mode 100644 index 000000000..9c186d74a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "grafana.name" . }} + helm.sh/chart: {{ template "grafana.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "grafana.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.autoscaling.metrics | indent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-deployment.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-deployment.yaml new file mode 100644 index 000000000..397699554 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-deployment.yaml @@ -0,0 +1,119 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{- toYaml .Values.imageRenderer.securityContext | nindent 8 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{- toYaml .Values.imageRenderer.hostAliases | nindent 8 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.imageRenderer.service.portName }} + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + {{- with .Values.imageRenderer.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-network-policy.yaml new file mode 100644 index 000000000..f8ca73aab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-service.yaml new file mode 100644 index 000000000..f29586c3a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/image-renderer-service.yaml @@ -0,0 +1,30 @@ +{{ if .Values.imageRenderer.enabled }} +{{ if .Values.imageRenderer.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} +{{ end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/ingress.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/ingress.yaml new file mode 100644 index 000000000..7699cecaa --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/ingress.yaml @@ -0,0 +1,78 @@ +{{- if .Values.ingress.enabled -}} +{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +apiVersion: {{ include "grafana.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{- if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $ingressApiIsStable }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $ingressApiIsStable }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/networkpolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/networkpolicy.yaml new file mode 100644 index 000000000..fc243828e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + ingress: + - ports: + - port: {{ .Values.service.targetPort }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "grafana.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: + {{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "grafana.labels" . | nindent 14 }} + role: read + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/poddisruptionbudget.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..61813a436 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..7de6c021d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/podsecuritypolicy.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + {{- if .Values.rbac.pspUseAppArmor }} + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + {{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, with DAC_OVERRIDE and CHOWN + - ALL + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/pvc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/pvc.yaml new file mode 100644 index 000000000..8d93f5c23 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/role.yaml new file mode 100644 index 000000000..6a1890fb9 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "grafana.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/rolebinding.yaml new file mode 100644 index 000000000..e0107255e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "grafana.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/secret-env.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/secret-env.yaml new file mode 100644 index 000000000..5c09313e6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/secret.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/secret.yaml new file mode 100644 index 000000000..c8aa750ac --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/secret.yaml @@ -0,0 +1,26 @@ +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +type: Opaque +data: + {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ template "grafana.password" . }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/service.yaml new file mode 100644 index 000000000..ba84ef970 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/service.yaml @@ -0,0 +1,51 @@ +{{ if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/serviceaccount.yaml new file mode 100644 index 000000000..7576eeef0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/servicemonitor.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/servicemonitor.yaml new file mode 100644 index 000000000..4b6437e69 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.service.portName }} + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + honorLabels: true + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/statefulset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/statefulset.yaml new file mode 100644 index 000000000..ad3dd0696 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/statefulset.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-configmap.yaml new file mode 100644 index 000000000..ff53aaf1b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml new file mode 100644 index 000000000..58b464983 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-role.yaml new file mode 100644 index 000000000..6b10677ae --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-rolebinding.yaml new file mode 100644 index 000000000..58fa5e78b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-serviceaccount.yaml new file mode 100644 index 000000000..5c3350733 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test.yaml new file mode 100644 index 000000000..cdc86e5f2 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/values.yaml new file mode 100644 index 000000000..8c3cd1c1f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/grafana/values.yaml @@ -0,0 +1,846 @@ +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspUseAppArmor: true + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + autoMount: true + +replicas: 1 + +## Create a headless service for the deployment +headlessService: false + +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: grafana/grafana + tag: 8.4.2 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "bats/bats" + tag: "v1.4.1" + imagePullPolicy: IfNotPresent + securityContext: {} + +securityContext: + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: curlimages/curl + tag: 7.73.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + enabled: true + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s >= 1.1= + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: "" +# extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## The names of secrets in the same kubernetes namespace which contain values to be added to the environment +## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. +envFromSecrets: [] +## - name: secret-name +## optional: true + +# Inject Kubernetes services as environment variables. +# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables +enableServiceLinks: true + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume-0 + # mountPath: /mnt/volume0 + # readOnly: true + # existingClaim: volume-claim + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # hostPath: /usr/shared/ + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: default +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/ + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: quay.io/kiwigrid/k8s-sidecar + tag: 1.15.6 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + securityContext: {} + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces. + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # Absolute path to shell script to execute after a configmap got reloaded + script: null + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + # Additional dashboard sidecar volume mounts + extraMounts: [] + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # Endpoint to send request to reload datasources + reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" + skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any datasources defined at startup time. + initDatasources: false + plugins: + enabled: false + # label that the configmaps with plugins are marked with + label: grafana_plugin + # value of label that the configmaps with plugins are set to + labelValue: null + # If specified, the sidecar will search for plugin config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # Endpoint to send request to reload plugins + reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" + skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any plugins defined at startup time. + initPlugins: false + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: grafana/grafana-image-renderer + # image-renderer Image tag + tag: latest + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # IGNORE_HTTPS_ERRORS: true + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # Enable the image-renderer service + enabled: true + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana + grafanaProtocol: http + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to grafana port defined. + ## When true, grafana will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed + ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the grafana. + ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + ## + explicitNamespacesSelector: {} + +# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option +enableKubeBackwardCompatibility: false + +# Create a dynamic manifests via values: +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: grafana-secrets + # spec: + # backendType: gcpSecretsManager + # data: + # - key: grafana-admin-password + # name: adminPassword diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/.helmignore new file mode 100644 index 000000000..e12c0b4b9 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/.helmignore @@ -0,0 +1,2 @@ +tests/ +.pytest_cache/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/Chart.yaml new file mode 100644 index 000000000..6c09b447c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +appVersion: 7.17.1 +description: Official Elastic helm chart for Logstash +home: https://github.com/elastic/helm-charts +icon: https://helm.elastic.co/icons/logstash.png +maintainers: +- email: helm-charts@elastic.co + name: Elastic +name: logstash +sources: +- https://github.com/elastic/logstash +version: 7.17.1 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/Makefile new file mode 100644 index 000000000..22218a1f6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/Makefile @@ -0,0 +1 @@ +include ../helpers/common.mk diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/README.md new file mode 100644 index 000000000..682925df8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/README.md @@ -0,0 +1,237 @@ +# Logstash Helm Chart + +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+helm-charts+master.svg)](https://devops-ci.elastic.co/job/elastic+helm-charts+master/) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/elastic)](https://artifacthub.io/packages/search?repo=elastic) + +This Helm chart is a lightweight way to configure and run our official +[Logstash Docker image][]. + +**Warning**: This functionality is in beta and is subject to change. +The design and code is less mature than official GA features and is being +provided as-is with no warranties. Alpha features are not subject to the support +SLA of official GA features (see [supported configurations][] for more details). + + + + + + + +- [Requirements](#requirements) +- [Installing](#installing) + - [Install released version using Helm repository](#install-released-version-using-helm-repository) + - [Install development version from a branch](#install-development-version-from-a-branch) +- [Upgrading](#upgrading) +- [Usage notes](#usage-notes) +- [Configuration](#configuration) +- [FAQ](#faq) + - [How to install OSS version of Logstash?](#how-to-install-oss-version-of-logstash) + - [How to install plugins?](#how-to-install-plugins) +- [Contributing](#contributing) + + + + + + +## Requirements + +* Kubernetes >= 1.14 +* [Helm][] >= 2.17.0 + +See [supported configurations][] for more details. + + +## Installing + +This chart is tested with the latest 7.17.1 version. + +### Install released version using Helm repository + +* Add the Elastic Helm charts repo: +`helm repo add elastic https://helm.elastic.co` + +* Install it: + - with Helm 3: `helm install logstash --version elastic/logstash` + - with Helm 2 (deprecated): `helm install --name logstash --version elastic/logstash` + +### Install development version from a branch + +* Clone the git repo: `git clone git@github.com:elastic/helm-charts.git` + +* Checkout the branch : `git checkout 7.17` + +* Install it: + - with Helm 3: `helm install logstash ./helm-charts/logstash --set imageTag=7.17.1` + - with Helm 2 (deprecated): `helm install --name logstash ./helm-charts/logstash --set imageTag=7.17.1` + + +## Upgrading + +Please always check [CHANGELOG.md][] and [BREAKING_CHANGES.md][] before +upgrading to a new chart version. + + +## Usage notes + +* This repo includes a number of [examples][] configurations which can be used +as a reference. They are also used in the automated testing of this chart +* Automated testing of this chart is currently only run against GKE (Google +Kubernetes Engine). +* The chart deploys a StatefulSet and by default will do an automated rolling +update of your cluster. It does this by waiting for the cluster health to become +green after each instance is updated. If you prefer to update manually you can +set `OnDelete` [updateStrategy][]. +* It is important to verify that the JVM heap size in `logstashJavaOpts` and to +set the CPU/Memory `resources` to something suitable for your cluster. +* We have designed this chart to be very un-opinionated about how to configure +Logstash. It exposes ways to set environment variables and mount secrets inside +of the container. Doing this makes it much easier for this chart to support +multiple versions with minimal changes. +* `logstash.yml` configuration files can be set either by a ConfigMap using +`logstashConfig` in `values.yml` or by environment variables using `extraEnvs` +in `values.yml` , however Logstash Docker image can't mix both methods as +defining settings with environment variables causes `logstash.yml` to be +modified in place while using ConfigMap bind-mount the same file (more details +in this [note][]). +* When overriding `logstash.yml`, `http.host: 0.0.0.0` should always be included +to make default probes work. If restricting HTTP API to 127.0.0.1 is required by +using `http.host: 127.0.0.1`, default probes should be disabled or overridden +(see [values.yaml][] for the good syntax). +* An ingress is provided that can be used to expose the HTTP port. This can be +useful for the [http input plugin][], for instance. + + +## Configuration + +| Parameter | Description | Default | +|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------| +| `antiAffinityTopologyKey` | The [anti-affinity][] topology key]. By default this will prevent multiple Logstash nodes from running on the same Kubernetes node | `kubernetes.io/hostname` | +| `antiAffinity` | Setting this to hard enforces the [anti-affinity][] rules. If it is set to soft it will be done "best effort". Other values will be ignored | `hard` | +| `envFrom` | Templatable string to be passed to the [environment from variables][] which will be appended to the `envFrom:` definition for the container | `[]` | +| `extraContainers` | Templatable string of additional containers to be passed to the `tpl` function | `[]` | +| `extraEnvs` | Extra [environment variables][] which will be appended to the `env:` definition for the container | `[]` | +| `extraInitContainers` | Templatable string of additional `initContainers` to be passed to the `tpl` function | `[]` | +| `extraPorts` | An array of extra ports to open on the pod | `[]` | +| `extraVolumeMounts` | Templatable string of additional `volumeMounts` to be passed to the `tpl` function | `[]` | +| `extraVolumes` | Templatable string of additional `volumes` to be passed to the `tpl` function | `[]` | +| `fullnameOverride` | Overrides the full name of the resources. If not set the name will default to " `.Release.Name` - `.Values.nameOverride or .Chart.Name` " | `""` | +| `hostAliases` | Configurable [hostAliases][] | `[]` | +| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service | `9600` | +| `imagePullPolicy` | The Kubernetes [imagePullPolicy][] value | `IfNotPresent` | +| `imagePullSecrets` | Configuration for [imagePullSecrets][] so that you can use a private registry for your image | `[]` | +| `imageTag` | The Logstash Docker image tag | `7.17.1` | +| `image` | The Logstash Docker image | `docker.elastic.co/logstash/logstash` | +| `labels` | Configurable [labels][] applied to all Logstash pods | `{}` | +| `ingress` | Configurable [ingress][] for external access to Logstash HTTP port. | see [values.yaml][] | +| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml][] for an example of the formatting | `{}` | +| `livenessProbe` | Configuration fields for the liveness [probe][] | see [values.yaml][] | +| `logstashConfig` | Allows you to add any config files in `/usr/share/logstash/config/` such as `logstash.yml` and `log4j2.properties` See [values.yaml][] for an example of the formatting | `{}` | +| `logstashJavaOpts` | Java options for Logstash. This is where you should configure the JVM heap size | `-Xmx1g -Xms1g` | +| `logstashPipeline` | Allows you to add any pipeline files in `/usr/share/logstash/pipeline/` | `{}` | +| `logstashPatternDir` | Allows you to define a custom directory to store pattern files | `/usr/share/logstash/patterns/` | +| `logstashPattern` | Allows you to add any pattern files in `logstashPatternDir` | `{}` | +| `maxUnavailable` | The [maxUnavailable][] value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` | +| `nameOverride` | Overrides the chart name for resources. If not set the name will default to `.Chart.Name` | `""` | +| `nodeAffinity` | Value for the [node affinity settings][] | `{}` | +| `podAffinity` | Value for the [pod affinity settings][] | `{}` | +| `nodeSelector` | Configurable [nodeSelector][] so that you can target specific nodes for your Logstash cluster | `{}` | +| `persistence` | Enables a persistent volume for Logstash data | see [values.yaml][] | +| `podAnnotations` | Configurable [annotations][] applied to all Logstash pods | `{}` | +| `podManagementPolicy` | By default Kubernetes [deploys StatefulSets serially][]. This deploys them in parallel so that they can discover each other | `Parallel` | +| `podSecurityContext` | Allows you to set the [securityContext][] for the pod | see [values.yaml][] | +| `podSecurityPolicy` | Configuration for create a pod security policy with minimal permissions to run this Helm chart with `create: true` Also can be used to reference an external pod security policy with `name: "externalPodSecurityPolicy"` | see [values.yaml][] | +| `priorityClassName` | The name of the [PriorityClass][]. No default is supplied as the PriorityClass must be created first | `""` | +| `rbac` | Configuration for creating a role, role binding and service account as part of this Helm chart with `create: true` Also can be used to reference an external service account with `serviceAccountName: "externalServiceAccountName"` | see [values.yaml][] | +| `readinessProbe` | Configuration fields for the readiness [probe][] | see [values.yaml][] | +| `replicas` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | `1` | +| `resources` | Allows you to set the [resources][] for the StatefulSet | see [values.yaml][] | +| `schedulerName` | Name of the [alternate scheduler][] | `""` | +| `secrets` | Allows you easily create a secret from as variables or file. For add secrets from file, add suffix `.filepath` to the key of secret key. The value will be encoded to base64. Useful for store certificates and other secrets. | See [values.yaml][] | +| `secretMounts` | Allows you easily mount a secret as a file inside the StatefulSet. Useful for mounting certificates and other secrets. See [values.yaml][] for an example | `[]` | +| `securityContext` | Allows you to set the [securityContext][] for the container | see [values.yaml][] | +| `service` | Configurable [service][] to expose the Logstash service. | see [values.yaml][] | +| `terminationGracePeriod` | The [terminationGracePeriod][] in seconds used when trying to stop the pod | `120` | +| `tolerations` | Configurable [tolerations][] | `[]` | +| `updateStrategy` | The [updateStrategy][] for the StatefulSet. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` | +| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for StatefulSets][]. You will want to adjust the storage (default `30Gi` ) and the `storageClassName` if you are using a different storage class | see [values.yaml][] | + + +## FAQ + +### How to install OSS version of Logstash? + +Deploying OSS version of Logstash can be done by setting `image` value to +[Logstash OSS Docker image][] + +An example of Logstash deployment using OSS version can be found in +[examples/oss][]. + +### How to install plugins? + +The recommended way to install plugins into our Docker images is to create a +[custom Docker image][]. + +The Dockerfile would look something like: + +``` +ARG logstash_version +FROM docker.elastic.co/logstash/logstash:${logstash_version} +RUN bin/logstash-plugin install logstash-output-kafka +``` + +And then updating the `image` in values to point to your custom image. + +There are a couple reasons we recommend this: + +1. Tying the availability of Logstash to the download service to install plugins +is not a great idea or something that we recommend. Especially in Kubernetes +where it is normal and expected for a container to be moved to another host at +random times. +2. Mutating the state of a running Docker image (by installing plugins) goes +against best practices of containers and immutable infrastructure. + + +## Contributing + +Please check [CONTRIBUTING.md][] before any contribution or for any questions +about our development and testing process. + +[7.17]: https://github.com/elastic/helm-charts/releases +[BREAKING_CHANGES.md]: https://github.com/elastic/helm-charts/blob/master/BREAKING_CHANGES.md +[CHANGELOG.md]: https://github.com/elastic/helm-charts/blob/master/CHANGELOG.md +[CONTRIBUTING.md]: https://github.com/elastic/helm-charts/blob/master/CONTRIBUTING.md +[alternate scheduler]: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods +[annotations]: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +[anti-affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +[deploys statefulsets serially]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +[custom docker image]: https://www.elastic.co/guide/en/logstash/7.17/docker-config.html#_custom_images +[environment variables]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config +[environment from variables]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +[examples]: https://github.com/elastic/helm-charts/tree/7.17/logstash/examples +[examples/oss]: https://github.com/elastic/helm-charts/tree/7.17/logstash/examples/oss +[helm]: https://helm.sh +[hostAliases]: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +[http input plugin]: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html +[imagePullPolicy]: https://kubernetes.io/docs/concepts/containers/images/#updating-images +[imagePullSecrets]: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +[ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ +[kubernetes secrets]: https://kubernetes.io/docs/concepts/configuration/secret/ +[labels]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +[logstash docker image]: https://www.elastic.co/guide/en/logstash/7.17/docker.html +[logstash oss docker image]: https://www.docker.elastic.co/r/logstash/logstash-oss +[maxUnavailable]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +[node affinity settings]: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/ +[pod affinity settings]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +[nodeSelector]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +[note]: https://www.elastic.co/guide/en/logstash/7.17/docker-config.html#docker-env-config +[priorityClass]: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +[probe]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +[resources]: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +[updateStrategy]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ +[securityContext]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +[service]: https://kubernetes.io/docs/concepts/services-networking/service/ +[supported configurations]: https://github.com/elastic/helm-charts/tree/7.17/README.md#supported-configurations +[terminationGracePeriod]: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +[tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[values.yaml]: https://github.com/elastic/helm-charts/tree/7.17/logstash/values.yaml +[volumeClaimTemplate for statefulsets]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/Makefile new file mode 100644 index 000000000..03d77f816 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/Makefile @@ -0,0 +1,14 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-logstash-default +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/README.md new file mode 100644 index 000000000..7183d78ef --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/README.md @@ -0,0 +1,17 @@ +# Default + +This example deploy Logstash 7.17.1 using [default values][]. + + +## Usage + +* Deploy Logstash chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/logstash/examples/default/test/goss.yaml +[default values]: https://github.com/elastic/helm-charts/tree/7.17/logstash/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/test/goss.yaml new file mode 100644 index 000000000..c0ca0d69e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/default/test/goss.yaml @@ -0,0 +1,41 @@ +user: + logstash: + exists: true + uid: 1000 + gid: 1000 + +http: + http://localhost:9600?pretty: + status: 200 + timeout: 2000 + body: + - '"version" : "7.17.1"' + - '"http_address" : "0.0.0.0:9600"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' + +file: + /usr/share/logstash/config/logstash.yml: + exists: true + mode: "0644" + owner: logstash + group: root + filetype: file + contains: + - 'http.host: "0.0.0.0"' + - 'xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]' + /usr/share/logstash/pipeline/logstash.conf: + exists: true + mode: "0644" + owner: logstash + group: root + filetype: file + contains: + - "input {" + - "beats {" + - "port => 5044" + - "output {" + - "stdout {" + - "codec => rubydebug" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/Makefile new file mode 100644 index 000000000..6b914df90 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/Makefile @@ -0,0 +1,15 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-logstash-elasticsearch +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) + kubectl delete $$(kubectl get pvc -l release=$(RELEASE) -o name) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/README.md new file mode 100644 index 000000000..64174ba09 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/README.md @@ -0,0 +1,28 @@ +# Elasticsearch + +This example deploy Logstash 7.17.1 which connects to Elasticsearch (see +[values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart][]. + +* Deploy Logstash chart: `make install` + +* You can now setup a port forward to query Logstash indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart]: https://github.com/elastic/helm-charts/tree/7.17/elasticsearch/examples/default/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/logstash/examples/elasticsearch/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/7.17/logstash/examples/elasticsearch/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/test/goss.yaml new file mode 100644 index 000000000..4ffe5b379 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/test/goss.yaml @@ -0,0 +1,54 @@ +mount: + /usr/share/logstash/data: + exists: true + /usr/share/logstash/config/logstash.yml: + exists: true + opts: + - ro + /usr/share/logstash/pipeline/uptime.conf: + exists: true + opts: + - ro + +user: + logstash: + exists: true + uid: 1000 + gid: 1000 + +http: + http://localhost:9600?pretty: + status: 200 + timeout: 2000 + body: + - '"version" : "7.17.1"' + - '"http_address" : "0.0.0.0:9600"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' + http://elasticsearch-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "logstash" + +file: + /usr/share/logstash/config/logstash.yml: + exists: true + mode: "0644" + owner: root + group: logstash + filetype: file + contains: + - "http.host: 0.0.0.0" + - "xpack.monitoring.enabled: false" + /usr/share/logstash/pipeline/uptime.conf: + exists: true + mode: "0644" + owner: root + group: logstash + filetype: file + contains: + - 'input { exec { command => "uptime" interval => 30 } }' + - 'output { elasticsearch { hosts => ["http://elasticsearch-master:9200"] index => "logstash" } }' diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/values.yaml new file mode 100644 index 000000000..c51d1a4d1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/elasticsearch/values.yaml @@ -0,0 +1,12 @@ +persistence: + enabled: true + +logstashConfig: + logstash.yml: | + http.host: 0.0.0.0 + xpack.monitoring.enabled: false + +logstashPipeline: + uptime.conf: | + input { exec { command => "uptime" interval => 30 } } + output { elasticsearch { hosts => ["http://elasticsearch-master:9200"] index => "logstash" } } diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/Makefile new file mode 100644 index 000000000..8f96d8286 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/Makefile @@ -0,0 +1,14 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-logstash-oss +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/README.md new file mode 100644 index 000000000..4a1e64c96 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/README.md @@ -0,0 +1,17 @@ +# OSS + +This example deploy Logstash 7.17.1 using [Logstash OSS][] version. + + +## Usage + +* Deploy Logstash chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[logstash oss]: https://www.elastic.co/downloads/logstash-oss +[goss integration tests]: https://github.com/elastic/helm-charts/tree/7.17/logstash/examples/oss/test/goss.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/test/goss.yaml new file mode 100644 index 000000000..a426001eb --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/test/goss.yaml @@ -0,0 +1,40 @@ +user: + logstash: + exists: true + uid: 1000 + gid: 1000 + +http: + http://localhost:9600?pretty: + status: 200 + timeout: 2000 + body: + - '"version" : "7.17.1"' + - '"http_address" : "0.0.0.0:9600"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' + +file: + /usr/share/logstash/config/logstash.yml: + exists: true + mode: "0644" + owner: logstash + group: root + filetype: file + contains: + - 'http.host: "0.0.0.0"' + /usr/share/logstash/pipeline/logstash.conf: + exists: true + mode: "0644" + owner: logstash + group: root + filetype: file + contains: + - "input {" + - "beats {" + - "port => 5044" + - "output {" + - "stdout {" + - "codec => rubydebug" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/values.yaml new file mode 100644 index 000000000..5a2616cfb --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/oss/values.yaml @@ -0,0 +1,2 @@ +--- +image: "docker.elastic.co/logstash/logstash-oss" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/Makefile new file mode 100644 index 000000000..d5bfcb2f8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/Makefile @@ -0,0 +1,15 @@ +default: test + +include ../../../helpers/examples.mk + +RELEASE := helm-logstash-security +TIMEOUT := 1200s + +install: + helm upgrade --wait --timeout=$(TIMEOUT) --install --values values.yaml $(RELEASE) ../../ + +test: install goss + +purge: + helm del $(RELEASE) + kubectl delete $$(kubectl get pvc -l release=$(RELEASE) -o name) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/README.md new file mode 100644 index 000000000..0f9af83dd --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/README.md @@ -0,0 +1,28 @@ +# Security + +This example deploy Logstash 7.7.1 which connects to Elasticsearch using TLS +(see [values][]). + + +## Usage + +* Deploy [Elasticsearch Helm chart with security][]. + +* Deploy Logstash chart: `make install` + +* You can now setup a port forward to query Logstash indices: + + ``` + kubectl port-forward svc/elasticsearch-master 9200 + curl localhost:9200/_cat/indices + ``` + + +## Testing + +You can also run [goss integration tests][] using `make test` + + +[elasticsearch helm chart with security]: https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/security/ +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/logstash/examples/security/test/goss.yaml +[values]: https://github.com/elastic/helm-charts/tree/master/logstash/examples/security/values.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/test/goss.yaml new file mode 100644 index 000000000..d095a2aa5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/test/goss.yaml @@ -0,0 +1,62 @@ +mount: + /usr/share/logstash/data: + exists: true + /usr/share/logstash/config/logstash.yml: + exists: true + opts: + - ro + /usr/share/logstash/pipeline/uptime.conf: + exists: true + opts: + - ro + +user: + logstash: + exists: true + uid: 1000 + gid: 1000 + +http: + http://localhost:9600?pretty: + status: 200 + timeout: 2000 + body: + - '"version" : "7.17.1"' + - '"http_address" : "0.0.0.0:9600"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' + https://security-master:9200/_cat/indices: + status: 200 + timeout: 2000 + body: + - "logstash" + allow-insecure: true + username: "{{ .Env.ELASTICSEARCH_USERNAME }}" + password: "{{ .Env.ELASTICSEARCH_PASSWORD }}" + +file: + /usr/share/logstash/config/logstash.yml: + exists: true + mode: "0644" + owner: root + group: logstash + filetype: file + contains: + - "http.host: 0.0.0.0" + - "xpack.monitoring.enabled: true" + - 'xpack.monitoring.elasticsearch.hosts: ["https://security-master:9200"]' + - "xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/elastic-certificate.crt" + /usr/share/logstash/pipeline/uptime.conf: + exists: true + mode: "0644" + owner: root + group: logstash + filetype: file + contains: + - 'input { exec { command => "uptime" interval => 30 } }' + - "output { elasticsearch {" + - 'hosts => ["https://security-master:9200"]' + - 'cacert => "/usr/share/logstash/config/certs/elastic-certificate.crt"' + - 'index => "logstash"' diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/values.yaml new file mode 100644 index 000000000..1457d7865 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/security/values.yaml @@ -0,0 +1,40 @@ +persistence: + enabled: true + +logstashConfig: + logstash.yml: | + http.host: 0.0.0.0 + xpack.monitoring.enabled: true + xpack.monitoring.elasticsearch.username: '${ELASTICSEARCH_USERNAME}' + xpack.monitoring.elasticsearch.password: '${ELASTICSEARCH_PASSWORD}' + xpack.monitoring.elasticsearch.hosts: ["https://security-master:9200"] + xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/elastic-certificate.crt + +logstashPipeline: + uptime.conf: | + input { exec { command => "uptime" interval => 30 } } + output { elasticsearch { + hosts => ["https://security-master:9200"] + cacert => "/usr/share/logstash/config/certs/elastic-certificate.crt" + user => '${ELASTICSEARCH_USERNAME}' + password => '${ELASTICSEARCH_PASSWORD}' + index => "logstash" + } + } + +secretMounts: + - name: elastic-certificate-crt + secretName: elastic-certificate-crt + path: /usr/share/logstash/config/certs + +extraEnvs: + - name: 'ELASTICSEARCH_USERNAME' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: username + - name: 'ELASTICSEARCH_PASSWORD' + valueFrom: + secretKeyRef: + name: elastic-credentials + key: password diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/Makefile b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/Makefile new file mode 100644 index 000000000..e5ee63671 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/Makefile @@ -0,0 +1,16 @@ +default: test + +include ../../../helpers/examples.mk + +CHART := logstash +RELEASE := helm-logstash-upgrade +FROM := 7.9.0 # upgrade from version < 7.9.0 is failing due to headless service breaking change + +install: + ../../../helpers/upgrade.sh --chart $(CHART) --release $(RELEASE) --from $(FROM) + kubectl rollout status statefulset $(RELEASE)-logstash + +test: install goss + +purge: + helm del $(RELEASE) diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/README.md new file mode 100644 index 000000000..c8986a070 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/README.md @@ -0,0 +1,19 @@ +# Upgrade + +This example will deploy Logstash chart using an old chart version, +then upgrade it. + + +## Usage + +* Add the Elastic Helm charts repo: `helm repo add elastic https://helm.elastic.co` + +* Deploy and upgrade Logstash chart with the default values: `make install` + + +## Testing + +You can also run [goss integration tests][] using `make test`. + + +[goss integration tests]: https://github.com/elastic/helm-charts/tree/master/logstash/examples/upgrade/test/goss.yaml diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/test/goss.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/test/goss.yaml new file mode 100644 index 000000000..c0ca0d69e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/test/goss.yaml @@ -0,0 +1,41 @@ +user: + logstash: + exists: true + uid: 1000 + gid: 1000 + +http: + http://localhost:9600?pretty: + status: 200 + timeout: 2000 + body: + - '"version" : "7.17.1"' + - '"http_address" : "0.0.0.0:9600"' + - '"status" : "green"' + - '"workers" : 1' + - '"batch_size" : 125' + - '"batch_delay" : 50' + +file: + /usr/share/logstash/config/logstash.yml: + exists: true + mode: "0644" + owner: logstash + group: root + filetype: file + contains: + - 'http.host: "0.0.0.0"' + - 'xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]' + /usr/share/logstash/pipeline/logstash.conf: + exists: true + mode: "0644" + owner: logstash + group: root + filetype: file + contains: + - "input {" + - "beats {" + - "port => 5044" + - "output {" + - "stdout {" + - "codec => rubydebug" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/values.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/examples/upgrade/values.yaml @@ -0,0 +1 @@ +--- diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/NOTES.txt new file mode 100644 index 000000000..215c0e927 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/NOTES.txt @@ -0,0 +1,2 @@ +1. Watch all cluster members come up. + $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "logstash.fullname" . }} -w diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/_helpers.tpl new file mode 100644 index 000000000..f015b26c1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/_helpers.tpl @@ -0,0 +1,27 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logstash.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "logstash.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Use the fullname if the serviceAccount value is not set +*/}} +{{- define "logstash.serviceAccount" -}} +{{- .Values.rbac.serviceAccountName | default (include "logstash.fullname" .) -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-config.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-config.yaml new file mode 100644 index 000000000..638038435 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-config.yaml @@ -0,0 +1,17 @@ +{{- if .Values.logstashConfig }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "logstash.fullname" . }}-config + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.logstashConfig }} + {{ $path }}: | +{{ tpl $config $ | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-pattern.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-pattern.yaml new file mode 100644 index 000000000..0eb58593d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-pattern.yaml @@ -0,0 +1,17 @@ +{{- if .Values.logstashPattern }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "logstash.fullname" . }}-pattern + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.logstashPattern }} + {{ $path }}: | +{{ tpl $config $ | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-pipeline.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-pipeline.yaml new file mode 100644 index 000000000..2a92bd4a1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/configmap-pipeline.yaml @@ -0,0 +1,17 @@ +{{- if .Values.logstashPipeline }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "logstash.fullname" . }}-pipeline + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +data: +{{- range $path, $config := .Values.logstashPipeline }} + {{ $path }}: | +{{ tpl $config $ | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/ingress.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/ingress.yaml new file mode 100644 index 000000000..cf23fb328 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/ingress.yaml @@ -0,0 +1,68 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "logstash.fullname" . -}} +{{- $httpPort := .Values.httpPort -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $pathtype := .Values.ingress.pathtype -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ $fullName | quote}} + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} + {{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- if .ingressPath }} + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- else }} +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end }} +{{- end}} + rules: + {{- range .Values.ingress.hosts }} + {{- /* + TODO: deprecate $ingressPath for Logstash 8.0.0 + */}} + {{- if $ingressPath }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $httpPort }} + {{- else }} + - host: {{ .host }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ $pathtype }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ .servicePort | default $httpPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/poddisruptionbudget.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..a08982321 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if .Values.maxUnavailable }} +{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +apiVersion: policy/v1 +{{- else}} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: "{{ template "logstash.fullname" . }}-pdb" + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +spec: + maxUnavailable: {{ .Values.maxUnavailable }} + selector: + matchLabels: + app: "{{ template "logstash.fullname" . }}" +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..c6f9dbf73 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/podsecuritypolicy.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podSecurityPolicy.create -}} +{{- $fullName := include "logstash.fullname" . -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +apiVersion: policy/v1 +{{- else}} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodSecurityPolicy +metadata: + name: {{ default $fullName .Values.podSecurityPolicy.name | quote }} + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +spec: +{{ toYaml .Values.podSecurityPolicy.spec | indent 2 }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/role.yaml new file mode 100644 index 000000000..489311b2b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/role.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "logstash.fullname" . -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $fullName | quote }} + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +rules: + - apiGroups: + - extensions + resources: + - podsecuritypolicies + resourceNames: + {{- if eq .Values.podSecurityPolicy.name "" }} + - {{ $fullName | quote }} + {{- else }} + - {{ .Values.podSecurityPolicy.name | quote }} + {{- end }} + verbs: + - use +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/rolebinding.yaml new file mode 100644 index 000000000..c822428bc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "logstash.fullname" . -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullName | quote }} + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +subjects: + - kind: ServiceAccount + name: "{{ template "logstash.serviceAccount" . }}" + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: {{ $fullName | quote }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/secret.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/secret.yaml new file mode 100644 index 000000000..0abf78650 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/secret.yaml @@ -0,0 +1,27 @@ +{{- if .Values.secrets }} +{{- $fullName := include "logstash.fullname" . -}} +{{- range .Values.secrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-%s" $fullName .name | quote }} + labels: + app: {{ $fullName | quote }} + chart: {{ $.Chart.Name | quote }} + heritage: {{ $.Release.Service | quote }} + release: {{ $.Release.Name | quote }} + {{- range $key, $value := $.Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +data: +{{- range $key, $val := .value }} + {{- if hasSuffix "filepath" $key }} + {{ $key | replace ".filepath" "" }}: {{ $.Files.Get $val | b64enc | quote }} + {{ else }} + {{ $key }}: {{ $val | b64enc | quote }} + {{- end }} +{{- end }} +type: Opaque +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/service-headless.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/service-headless.yaml new file mode 100644 index 000000000..47148dfb0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/service-headless.yaml @@ -0,0 +1,20 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: "{{ template "logstash.fullname" . }}-headless" + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + app: "{{ template "logstash.fullname" . }}" + ports: + - name: http + port: {{ .Values.httpPort }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/service.yaml new file mode 100644 index 000000000..7b9161769 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/service.yaml @@ -0,0 +1,32 @@ +{{- if .Values.service }} +--- +kind: Service +apiVersion: v1 +metadata: + name: "{{ template "logstash.fullname" . }}" + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +spec: + type: {{ .Values.service.type }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} +{{- end }} + selector: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + release: {{ .Release.Name | quote }} + ports: +{{ toYaml .Values.service.ports | indent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/serviceaccount.yaml new file mode 100644 index 000000000..98a6f92bc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create -}} +{{- $fullName := include "logstash.fullname" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "logstash.serviceAccount" . }}" + annotations: + {{- with .Values.rbac.serviceAccountAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- if .Values.rbac.annotations }} + annotations: + {{- range $key, $value := .Values.rbac.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/statefulset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/statefulset.yaml new file mode 100644 index 000000000..239fac33f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/templates/statefulset.yaml @@ -0,0 +1,237 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "logstash.fullname" . }} + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + serviceName: {{ template "logstash.fullname" . }}-headless + selector: + matchLabels: + app: "{{ template "logstash.fullname" . }}" + release: {{ .Release.Name | quote }} + replicas: {{ .Values.replicas }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: + type: {{ .Values.updateStrategy }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ template "logstash.fullname" . }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 8 }} + {{- end }} + spec: +{{ toYaml .Values.volumeClaimTemplate | indent 6 }} + {{- end }} + template: + metadata: + name: "{{ template "logstash.fullname" . }}" + labels: + app: "{{ template "logstash.fullname" . }}" + chart: "{{ .Chart.Name }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- /* This forces a restart if the configmap has changed */}} + {{- if .Values.logstashConfig }} + configchecksum: {{ include (print .Template.BasePath "/configmap-config.yaml") . | sha256sum | trunc 63 }} + {{- end }} + {{- /* This forces a restart if the configmap has changed */}} + {{- if .Values.logstashPipeline }} + pipelinechecksum: {{ include (print .Template.BasePath "/configmap-pipeline.yaml") . | sha256sum | trunc 63 }} + {{- end }} + {{- if .Values.logstashPattern }} + patternchecksum: {{ include (print .Template.BasePath "/configmap-pattern.yaml") . | sha256sum | trunc 63 }} + {{- end }} + {{- if .Values.secrets }} + secretschecksum: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum | trunc 63 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + securityContext: +{{ toYaml .Values.podSecurityContext | indent 8 }} + {{- if or .Values.rbac.create .Values.rbac.serviceAccountName }} + serviceAccountName: "{{ template "logstash.serviceAccount" . }}" + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity .Values.podAffinity }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + affinity: + {{- end }} + {{- if eq .Values.antiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "{{ template "logstash.fullname" .}}" + topologyKey: {{ .Values.antiAffinityTopologyKey }} + {{- else if eq .Values.antiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: {{ .Values.antiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "{{ template "logstash.fullname" . }}" + {{- end }} + {{- with .Values.nodeAffinity }} + nodeAffinity: +{{ toYaml . | indent 10 }} + {{- end }} + {{- with .Values.podAffinity }} + podAffinity: +{{ toYaml . | indent 10 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + volumes: + {{- range .Values.secretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- end }} + {{- if .Values.logstashConfig }} + - name: logstashconfig + configMap: + name: {{ template "logstash.fullname" . }}-config + {{- end }} + {{- if .Values.logstashPipeline }} + - name: logstashpipeline + configMap: + name: {{ template "logstash.fullname" . }}-pipeline + {{- end }} + {{- if .Values.logstashPattern }} + - name: logstashpattern + configMap: + name: {{ template "logstash.fullname" . }}-pattern + {{- end }} + {{- if .Values.extraVolumes }} + {{- if eq "string" (printf "%T" .Values.extraVolumes) }} +{{ tpl .Values.extraVolumes . | indent 8 }} + {{- else }} +{{ toYaml .Values.extraVolumes | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end}} + {{- if .Values.hostAliases }} + hostAliases: {{ toYaml .Values.hostAliases | nindent 6 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- if eq "string" (printf "%T" .Values.extraInitContainers) }} +{{ tpl .Values.extraInitContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraInitContainers | indent 6 }} + {{- end }} + {{- end }} + containers: + - name: "{{ template "logstash.name" . }}" + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} + image: "{{ .Values.image }}:{{ .Values.imageTag }}" + imagePullPolicy: "{{ .Values.imagePullPolicy }}" + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + ports: + - name: http + containerPort: {{ .Values.httpPort }} + {{- if .Values.extraPorts }} + {{- toYaml .Values.extraPorts | nindent 8 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + env: + - name: LS_JAVA_OPTS + value: "{{ .Values.logstashJavaOpts }}" +{{- if .Values.extraEnvs }} +{{ toYaml .Values.extraEnvs | indent 10 }} +{{- end }} +{{- if .Values.envFrom }} + envFrom: +{{ toYaml .Values.envFrom | indent 10 }} +{{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: "{{ template "logstash.fullname" . }}" + mountPath: /usr/share/logstash/data + {{- end }} + {{- range .Values.secretMounts }} + - name: {{ .name }} + mountPath: {{ .path }} + {{- if .subPath }} + subPath: {{ .subPath }} + {{- end }} + {{- end }} + {{- range $path, $config := .Values.logstashConfig }} + - name: logstashconfig + mountPath: /usr/share/logstash/config/{{ $path }} + subPath: {{ $path }} + {{- end -}} + {{- range $path, $config := .Values.logstashPipeline }} + - name: logstashpipeline + mountPath: /usr/share/logstash/pipeline/{{ $path }} + subPath: {{ $path }} + {{- end -}} + {{- if .Values.logstashPattern }} + {{- $logstashPatternDir := .Values.logstashPatternDir -}} + {{- range $path, $config := .Values.logstashPattern }} + - name: logstashpattern + mountPath: {{ $logstashPatternDir }}{{ $path }} + subPath: {{ $path }} + {{- end -}} + {{- end -}} + {{- if .Values.extraVolumeMounts }} + {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} +{{ tpl .Values.extraVolumeMounts . | indent 10 }} + {{- else }} +{{ toYaml .Values.extraVolumeMounts | indent 10 }} + {{- end }} + {{- end }} +{{- if .Values.lifecycle }} + lifecycle: +{{ toYaml .Values.lifecycle | indent 10 }} +{{- end }} + {{- if .Values.extraContainers }} + {{- if eq "string" (printf "%T" .Values.extraContainers) }} +{{ tpl .Values.extraContainers . | indent 6 }} + {{- else }} +{{ toYaml .Values.extraContainers | indent 6 }} + {{- end }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/values.yaml new file mode 100644 index 000000000..094037751 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/logstash/values.yaml @@ -0,0 +1,295 @@ +--- +replicas: 1 + +# Allows you to add any config files in /usr/share/logstash/config/ +# such as logstash.yml and log4j2.properties +# +# Note that when overriding logstash.yml, `http.host: 0.0.0.0` should always be included +# to make default probes work. +logstashConfig: {} +# logstash.yml: | +# key: +# nestedkey: value +# log4j2.properties: | +# key = value + +# Allows you to add any pipeline files in /usr/share/logstash/pipeline/ +### ***warn*** there is a hardcoded logstash.conf in the image, override it first +logstashPipeline: {} +# logstash.conf: | +# input { +# exec { +# command => "uptime" +# interval => 30 +# } +# } +# output { stdout { } } + +# Allows you to add any pattern files in your custom pattern dir +logstashPatternDir: "/usr/share/logstash/patterns/" +logstashPattern: {} +# pattern.conf: | +# DPKG_VERSION [-+~<>\.0-9a-zA-Z]+ + +# Extra environment variables to append to this nodeGroup +# This will be appended to the current 'env:' key. You can use any of the kubernetes env +# syntax here +extraEnvs: [] +# - name: MY_ENVIRONMENT_VAR +# value: the_value_goes_here + +# Allows you to load environment variables from kubernetes secret or config map +envFrom: [] +# - secretRef: +# name: env-secret +# - configMapRef: +# name: config-map + +# Add sensitive data to k8s secrets +secrets: [] +# - name: "env" +# value: +# ELASTICSEARCH_PASSWORD: "LS1CRUdJTiBgUFJJVkFURSB" +# api_key: ui2CsdUadTiBasRJRkl9tvNnw +# - name: "tls" +# value: +# ca.crt: | +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# LS0tLS1CRUdJT0K +# cert.crt: "LS0tLS1CRUdJTiBlRJRklDQVRFLS0tLS0K" +# cert.key.filepath: "secrets.crt" # The path to file should be relative to the `values.yaml` file. + +# A list of secrets and their paths to mount inside the pod +secretMounts: [] + +hostAliases: [] +#- ip: "127.0.0.1" +# hostnames: +# - "foo.local" +# - "bar.local" + +image: "docker.elastic.co/logstash/logstash" +imageTag: "7.17.1" +imagePullPolicy: "IfNotPresent" +imagePullSecrets: [] + +podAnnotations: {} + +# additionals labels +labels: {} + +logstashJavaOpts: "-Xmx1g -Xms1g" + +resources: + requests: + cpu: "100m" + memory: "1536Mi" + limits: + cpu: "1000m" + memory: "1536Mi" + +volumeClaimTemplate: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + +rbac: + create: false + serviceAccountAnnotations: {} + serviceAccountName: "" + annotations: + {} + #annotation1: "value1" + #annotation2: "value2" + #annotation3: "value3" + +podSecurityPolicy: + create: false + name: "" + spec: + privileged: false + fsGroup: + rule: RunAsAny + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - persistentVolumeClaim + +persistence: + enabled: false + annotations: {} + +extraVolumes: + [] + # - name: extras + # emptyDir: {} + +extraVolumeMounts: + [] + # - name: extras + # mountPath: /usr/share/extras + # readOnly: true + +extraContainers: + [] + # - name: do-something + # image: busybox + # command: ['do', 'something'] + +extraInitContainers: + [] + # - name: do-something + # image: busybox + # command: ['do', 'something'] + +# This is the PriorityClass settings as defined in +# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass +priorityClassName: "" + +# By default this will make sure two pods don't end up on the same node +# Changing this to a region would allow you to spread pods across regions +antiAffinityTopologyKey: "kubernetes.io/hostname" + +# Hard means that by default pods will only be scheduled if there are enough nodes for them +# and that they will never end up on the same node. Setting this to soft will do this "best effort" +antiAffinity: "hard" + +# This is the node affinity settings as defined in +# https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +nodeAffinity: {} + +# This is inter-pod affinity settings as defined in +# https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +podAffinity: {} + +# The default is to deploy all pods serially. By setting this to parallel all pods are started at +# the same time when bootstrapping the cluster +podManagementPolicy: "Parallel" + +httpPort: 9600 + +# Custom ports to add to logstash +extraPorts: + [] + # - name: beats + # containerPort: 5001 + +updateStrategy: RollingUpdate + +# This is the max unavailable setting for the pod disruption budget +# The default value of 1 will make sure that kubernetes won't allow more than 1 +# of your pods to be unavailable during maintenance +maxUnavailable: 1 + +podSecurityContext: + fsGroup: 1000 + runAsUser: 1000 + +securityContext: + capabilities: + drop: + - ALL + # readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + +# How long to wait for logstash to stop gracefully +terminationGracePeriod: 120 + +# Probes +# Default probes are using `httpGet` which requires that `http.host: 0.0.0.0` is part of +# `logstash.yml`. If needed probes can be disabled or overridden using the following syntaxes: +# +# disable livenessProbe +# livenessProbe: null +# +# replace httpGet default readinessProbe by some exec probe +# readinessProbe: +# httpGet: null +# exec: +# command: +# - curl +# - localhost:9600 + +livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + +readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 3 + +## Use an alternate scheduler. +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" + +nodeSelector: {} +tolerations: [] + +nameOverride: "" +fullnameOverride: "" + +lifecycle: + {} + # preStop: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] + +service: + {} + # annotations: {} + # type: ClusterIP + # loadBalancerIP: "" + # ports: + # - name: beats + # port: 5044 + # protocol: TCP + # targetPort: 5044 + # - name: http + # port: 8080 + # protocol: TCP + # targetPort: 8080 + +ingress: + enabled: false + annotations: + {} + # kubernetes.io/tls-acme: "true" + className: "nginx" + pathtype: ImplementationSpecific + hosts: + - host: logstash-example.local + paths: + - path: /beats + servicePort: 5044 + - path: /http + servicePort: 8080 + tls: [] + # - secretName: logstash-example-tls + # hosts: + # - logstash-example.local diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/Chart.yaml new file mode 100644 index 000000000..1837dd22d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +appVersion: v2.5.0 +description: 'Loki: like Prometheus, but for logs.' +home: https://grafana.com/loki +icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png +kubeVersion: ^1.10.0-0 +maintainers: +- email: lokiproject@googlegroups.com + name: Loki Maintainers +name: loki +sources: +- https://github.com/grafana/loki +version: 2.11.0 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/README.md new file mode 100644 index 000000000..fa6338684 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/README.md @@ -0,0 +1,82 @@ +# Loki Helm Chart + +## Prerequisites + +Make sure you have Helm [installed](https://helm.sh/docs/using_helm/#installing-helm). + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + + +## Deploy Loki only + +```bash +helm upgrade --install loki grafana/loki +``` + +## Run Loki behind https ingress + +If Loki and Promtail are deployed on different clusters you can add an Ingress in front of Loki. +By adding a certificate you create an https endpoint. For extra security enable basic authentication on the Ingress. + +In Promtail set the following values to communicate with https and basic auth + +```yaml +loki: + serviceScheme: https + user: user + password: pass +``` + +Sample helm template for ingress: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: loki + annotations: + kubernetes.io/ingress.class: {{ .Values.ingress.class }} + ingress.kubernetes.io/auth-type: basic + ingress.kubernetes.io/auth-secret: {{ .Values.ingress.basic.secret }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: loki + port: + number: 3100 + path: / + pathType: Prefix + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.cert }} +``` + +## Use Loki Alerting + +You can add your own alerting rules with `alerting_groups` in `values.yaml`. This will create a ConfigMap with your rules and additional volumes and mounts for Loki. + +This does **not** enable the Loki `ruler` component which does the evaluation of your rules. The `values.yaml` file does contain a simple example. For more details take a look at the official [alerting docs](https://grafana.com/docs/loki/latest/rules/). + +## Enable retention policy (log deletion) + +Set Helm value `config.compactor.retention_enabled` to enable retention using the default policy, which deletes logs after 31 days. + +```yaml +config: + compactor: + retention_enabled: true +``` + +See [the documentation](https://grafana.com/docs/loki/latest/operations/storage/retention/) for additional options. diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/NOTES.txt new file mode 100644 index 000000000..abe023a70 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/NOTES.txt @@ -0,0 +1,3 @@ +Verify the application is working by running these commands: + kubectl --namespace {{ .Release.Namespace }} port-forward service/{{ include "loki.fullname" . }} {{ .Values.service.port }} + curl http://127.0.0.1:{{ .Values.service.port }}/api/prom/label diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/_helpers.tpl new file mode 100644 index 000000000..d873a0fea --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/_helpers.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "loki.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "loki.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "loki.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "loki.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "loki.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the app name of loki clients. Defaults to the same logic as "loki.fullname", and default client expects "promtail". +*/}} +{{- define "client.name" -}} +{{- if .Values.client.name -}} +{{- .Values.client.name -}} +{{- else if .Values.client.fullnameOverride -}} +{{- .Values.client.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "promtail" .Values.client.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Generate a right Ingress apiVersion +*/}} +{{- define "ingress.apiVersion" -}} +{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}} +networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +networking.k8s.io/v1beta1 +{{- else -}} +extensions/v1 +{{- end }} +{{- end -}} + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/configmap-alert.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/configmap-alert.yaml new file mode 100644 index 000000000..07fab47a6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/configmap-alert.yaml @@ -0,0 +1,17 @@ +{{- if or (.Values.useExistingAlertingGroup.enabled) (gt (len .Values.alerting_groups) 0) }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "loki.fullname" . }}-alerting-rules + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ template "loki.fullname" . }}-alerting-rules.yaml: |- + groups: + {{- toYaml .Values.alerting_groups | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/ingress.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/ingress.yaml new file mode 100644 index 000000000..2a0314ea1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/ingress.yaml @@ -0,0 +1,55 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "loki.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $apiVersion := include "ingress.apiVersion" . -}} +apiVersion: {{ $apiVersion }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + {{- if eq $apiVersion "networking.k8s.io/v1" }} + pathType: Prefix + {{- end }} + backend: + {{- if eq $apiVersion "networking.k8s.io/v1" }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/networkpolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/networkpolicy.yaml new file mode 100644 index 000000000..5d7383229 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/networkpolicy.yaml @@ -0,0 +1,26 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + name: {{ template "loki.fullname" . }} + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} + ingress: + - from: + - podSelector: + matchLabels: + app: {{ template "client.name" . }} + release: {{ .Release.Name }} + - ports: + - port: {{ .Values.service.port }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/pdb.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/pdb.yaml new file mode 100644 index 000000000..c64ad507e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + chart: {{ template "loki.chart" . }} +spec: + selector: + matchLabels: + app: {{ template "loki.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..ce1c1c109 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/podsecuritypolicy.yaml @@ -0,0 +1,41 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'configMap' + - 'emptyDir' + - 'persistentVolumeClaim' + - 'secret' + - 'projected' + - 'downwardAPI' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/prometheusrule.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/prometheusrule.yaml new file mode 100644 index 000000000..effe6f152 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.serviceMonitor.enabled .Values.serviceMonitor.prometheusRule.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "loki.fullname" . }} +{{- if .Values.serviceMonitor.prometheusRule.namespace }} + namespace: {{ .Values.serviceMonitor.prometheusRule.namespace | quote }} +{{- end }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- if .Values.serviceMonitor.prometheusRule.additionalLabels }} + {{- toYaml .Values.serviceMonitor.prometheusRule.additionalLabels | nindent 4 }} + {{- end }} +spec: +{{- if .Values.serviceMonitor.prometheusRule.rules }} + groups: + - name: {{ template "loki.fullname" . }} + rules: {{- toYaml .Values.serviceMonitor.prometheusRule.rules | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/role.yaml new file mode 100644 index 000000000..b7bfb29d6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/role.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.rbac.pspEnabled }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "loki.fullname" . }}] +{{- end }} +{{- end }} + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/rolebinding.yaml new file mode 100644 index 000000000..41fc5039f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "loki.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "loki.serviceAccountName" . }} +{{- end }} + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/secret.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/secret.yaml new file mode 100644 index 000000000..1f6db2d84 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.config.existingSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + loki.yaml: {{ tpl (toYaml .Values.config) . | b64enc}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/service-headless.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/service-headless.yaml new file mode 100644 index 000000000..1efdde60f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/service-headless.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "loki.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + variant: headless +spec: + clusterIP: None + ports: + - port: {{ .Values.service.port }} + protocol: TCP + name: http-metrics + targetPort: {{ .Values.service.targetPort }} +{{- if .Values.extraPorts }} +{{ toYaml .Values.extraPorts | indent 4}} +{{- end }} + selector: + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/service.yaml new file mode 100644 index 000000000..d6ee92d97 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/service.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + type: {{ .Values.service.type }} +{{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} + clusterIP: {{ .Values.service.clusterIP }} +{{- end }} +{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} +{{- end }} +{{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + name: http-metrics + targetPort: {{ .Values.service.targetPort }} +{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{ .Values.service.nodePort }} +{{- end }} +{{- if .Values.extraPorts }} +{{ toYaml .Values.extraPorts | indent 4}} +{{- end }} + selector: + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/serviceaccount.yaml new file mode 100644 index 000000000..510972c6a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} + name: {{ template "loki.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/servicemonitor.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/servicemonitor.yaml new file mode 100644 index 000000000..0a4867294 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "loki.fullname" . }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.serviceMonitor.additionalLabels }} +{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} + {{- if .Values.serviceMonitor.annotations }} + annotations: +{{ toYaml .Values.serviceMonitor.annotations | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "loki.name" . }} + release: {{ .Release.Name | quote }} + variant: headless + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + endpoints: + - port: http-metrics + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.serviceMonitor.path }} + path: {{ .Values.serviceMonitor.path }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/statefulset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/statefulset.yaml new file mode 100644 index 000000000..8942f51b0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/templates/statefulset.yaml @@ -0,0 +1,154 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "loki.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki.name" . }} + chart: {{ template "loki.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- toYaml .Values.annotations | nindent 4 }} +spec: + podManagementPolicy: {{ .Values.podManagementPolicy }} + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "loki.name" . }} + release: {{ .Release.Name }} + serviceName: {{ template "loki.fullname" . }}-headless + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + template: + metadata: + labels: + app: {{ template "loki.name" . }} + name: {{ template "loki.fullname" . }} + release: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- if not .Values.config.existingSecret }} + checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "loki.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + initContainers: + {{- toYaml .Values.initContainers | nindent 8 }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "-config.file=/etc/loki/loki.yaml" + {{- range $key, $value := .Values.extraArgs }} + - "-{{ $key }}={{ $value }}" + {{- end }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | nindent 12}} + {{- end }} + - name: config + mountPath: /etc/loki + - name: storage + mountPath: "/data" + subPath: {{ .Values.persistence.subPath }} + {{- if or (.Values.useExistingAlertingGroup.enabled) (gt (len .Values.alerting_groups) 0) }} + - name: rules + mountPath: /rules/fake + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.config.server.http_listen_port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + securityContext: + readOnlyRootFilesystem: true + env: + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 12 }} + {{- end }} + {{- if .Values.tracing.jaegerAgentHost }} + - name: JAEGER_AGENT_HOST + value: "{{ .Values.tracing.jaegerAgentHost }}" + {{- end }} +{{- if .Values.extraContainers }} +{{ toYaml .Values.extraContainers | indent 8}} +{{- end }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + volumes: + - name: tmp + emptyDir: {} + {{- if or (.Values.useExistingAlertingGroup.enabled) (gt (len .Values.alerting_groups) 0) }} + - name: rules + configMap: + {{- if .Values.useExistingAlertingGroup.enabled }} + name: {{ .Values.useExistingAlertingGroup.configmapName }} + {{- else }} + name: {{ template "loki.fullname" . }}-alerting-rules + {{- end }} + {{- end }} + - name: config + secret: + {{- if .Values.config.existingSecret }} + secretName: {{ .Values.config.existingSecret }} + {{- else }} + secretName: {{ template "loki.fullname" . }} + {{- end }} +{{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes | indent 8}} +{{- end }} + {{- if not .Values.persistence.enabled }} + - name: storage + emptyDir: {} + {{- else if .Values.persistence.existingClaim }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: storage + annotations: + {{- toYaml .Values.persistence.annotations | nindent 8 }} + spec: + accessModes: + {{- toYaml .Values.persistence.accessModes | nindent 8 }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- if .Values.persistence.selector }} + selector: + {{- toYaml .Values.persistence.selector | nindent 8 }} + {{- end }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/values.yaml new file mode 100644 index 000000000..99b8302f6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/loki/values.yaml @@ -0,0 +1,324 @@ +image: + repository: grafana/loki + tag: 2.5.0 + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchExpressions: +# - key: app +# operator: In +# values: +# - loki +# topologyKey: "kubernetes.io/hostname" + +## StatefulSet annotations +annotations: {} + +# enable tracing for debug, need install jaeger and specify right jaeger_agent_host +tracing: + jaegerAgentHost: + +config: + # existingSecret: + auth_enabled: false + ingester: + chunk_idle_period: 3m + chunk_block_size: 262144 + chunk_retain_period: 1m + max_transfer_retries: 0 + wal: + dir: /data/loki/wal + lifecycler: + ring: + kvstore: + store: inmemory + replication_factor: 1 + + ## Different ring configs can be used. E.g. Consul + # ring: + # store: consul + # replication_factor: 1 + # consul: + # host: "consul:8500" + # prefix: "" + # http_client_timeout: "20s" + # consistent_reads: true + limits_config: + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h + schema_config: + configs: + - from: 2020-10-24 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + server: + http_listen_port: 3100 + storage_config: + boltdb_shipper: + active_index_directory: /data/loki/boltdb-shipper-active + cache_location: /data/loki/boltdb-shipper-cache + cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space + shared_store: filesystem + filesystem: + directory: /data/loki/chunks + chunk_store_config: + max_look_back_period: 0s + table_manager: + retention_deletes_enabled: false + retention_period: 0s + compactor: + working_directory: /data/loki/boltdb-shipper-compactor + shared_store: filesystem +# Needed for Alerting: https://grafana.com/docs/loki/latest/rules/ +# This is just a simple example, for more details: https://grafana.com/docs/loki/latest/configuration/#ruler_config +# ruler: +# storage: +# type: local +# local: +# directory: /rules +# rule_path: /tmp/scratch +# alertmanager_url: http://alertmanager.svc.namespace:9093 +# ring: +# kvstore: +# store: inmemory +# enable_api: true + +## Additional Loki container arguments, e.g. log level (debug, info, warn, error) +extraArgs: {} + # log.level: debug + +livenessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +networkPolicy: + enabled: false + +## The app name of loki clients +client: {} + # name: + +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +nodeSelector: {} + +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## If you set enabled as "True", you need : +## - create a pv which above 10Gi and has same namespace with loki +## - keep storageClassName same with below setting +persistence: + enabled: false + accessModes: + - ReadWriteOnce + size: 10Gi + annotations: {} + # selector: + # matchLabels: + # app.kubernetes.io/name: loki + # subPath: "" + # existingClaim: + +## Pod Labels +podLabels: {} + +## Pod Annotations +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "http-metrics" + +podManagementPolicy: OrderedReady + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +rbac: + create: true + pspEnabled: true + +readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 45 + +replicas: 1 + +resources: {} +# limits: +# cpu: 200m +# memory: 256Mi +# requests: +# cpu: 100m +# memory: 128Mi + +securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + +service: + type: ClusterIP + nodePort: + port: 3100 + annotations: {} + labels: {} + targetPort: http-metrics + +serviceAccount: + create: true + name: + annotations: {} + automountServiceAccountToken: true + +terminationGracePeriodSeconds: 4800 + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# The values to set in the PodDisruptionBudget spec +# If not set then a PodDisruptionBudget will not be created +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +updateStrategy: + type: RollingUpdate + +serviceMonitor: + enabled: false + interval: "" + additionalLabels: {} + annotations: {} + # scrapeTimeout: 10s + # path: /metrics + prometheusRule: + enabled: false + additionalLabels: {} + # namespace: + rules: [] + # Some examples from https://awesome-prometheus-alerts.grep.to/rules.html#loki + # - alert: LokiProcessTooManyRestarts + # expr: changes(process_start_time_seconds{job=~"loki"}[15m]) > 2 + # for: 0m + # labels: + # severity: warning + # annotations: + # summary: Loki process too many restarts (instance {{ $labels.instance }}) + # description: "A loki process had too many restarts (target {{ $labels.instance }})\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + # - alert: LokiRequestErrors + # expr: 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[1m])) by (namespace, job, route) / sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route) > 10 + # for: 15m + # labels: + # severity: critical + # annotations: + # summary: Loki request errors (instance {{ $labels.instance }}) + # description: "The {{ $labels.job }} and {{ $labels.route }} are experiencing errors\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + # - alert: LokiRequestPanic + # expr: sum(increase(loki_panic_total[10m])) by (namespace, job) > 0 + # for: 5m + # labels: + # severity: critical + # annotations: + # summary: Loki request panic (instance {{ $labels.instance }}) + # description: "The {{ $labels.job }} is experiencing {{ printf \"%.2f\" $value }}% increase of panics\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + # - alert: LokiRequestLatency + # expr: (histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket{route!~"(?i).*tail.*"}[5m])) by (le))) > 1 + # for: 5m + # labels: + # severity: critical + # annotations: + # summary: Loki request latency (instance {{ $labels.instance }}) + # description: "The {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf \"%.2f\" $value }}s 99th percentile latency\n VALUE = {{ $value }}\n LABELS = {{ $labels }}" + + +initContainers: [] +## Init containers to be added to the loki pod. +# - name: my-init-container +# image: busybox:latest +# command: ['sh', '-c', 'echo hello'] + +extraContainers: [] +## Additional containers to be added to the loki pod. +# - name: reverse-proxy +# image: angelbarrera92/basic-auth-reverse-proxy:dev +# args: +# - "serve" +# - "--upstream=http://localhost:3100" +# - "--auth-config=/etc/reverse-proxy-conf/authn.yaml" +# ports: +# - name: http +# containerPort: 11811 +# protocol: TCP +# volumeMounts: +# - name: reverse-proxy-auth-config +# mountPath: /etc/reverse-proxy-conf + + +extraVolumes: [] +## Additional volumes to the loki pod. +# - name: reverse-proxy-auth-config +# secret: +# secretName: reverse-proxy-auth-config + +## Extra volume mounts that will be added to the loki container +extraVolumeMounts: [] + +extraPorts: [] +## Additional ports to the loki services. Useful to expose extra container ports. +# - port: 11811 +# protocol: TCP +# name: http +# targetPort: http + +# Extra env variables to pass to the loki container +env: [] + +# Specify Loki Alerting rules based on this documentation: https://grafana.com/docs/loki/latest/rules/ +# When specified, you also need to add a ruler config section above. An example is shown in the alerting docs. +alerting_groups: [] +# - name: example +# rules: +# - alert: HighThroughputLogStreams +# expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000 +# for: 2m + +useExistingAlertingGroup: + enabled: false + configmapName: "" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/.helmignore new file mode 100644 index 000000000..825c00779 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +OWNERS diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/Chart.lock b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/Chart.lock new file mode 100644 index 000000000..20259ef6f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 4.4.3 +digest: sha256:12753c953cca46b23980c65586d19c2016b959712a08e476660417f299810e3d +generated: "2022-03-23T22:52:43.250972737Z" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/Chart.yaml new file mode 100644 index 000000000..26ef7d1f4 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: 2.34.0 +dependencies: +- condition: kubeStateMetrics.enabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 4.4.* +description: Prometheus is a monitoring system and time series database. +home: https://prometheus.io/ +icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png +maintainers: +- email: gianrubio@gmail.com + name: gianrubio +- email: zanhsieh@gmail.com + name: zanhsieh +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: monotek23@gmail.com + name: monotek +- email: naseem@transit.app + name: naseemkullah +name: prometheus +sources: +- https://github.com/prometheus/alertmanager +- https://github.com/prometheus/prometheus +- https://github.com/prometheus/pushgateway +- https://github.com/prometheus/node_exporter +- https://github.com/kubernetes/kube-state-metrics +type: application +version: 15.5.4 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/README.md new file mode 100644 index 000000000..d8a1e9ab2 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/README.md @@ -0,0 +1,226 @@ +# Prometheus + +[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true. + +This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +helm install [RELEASE_NAME] prometheus-community/prometheus +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Dependencies + +By default this chart installs additional, dependent charts: + +- [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) + +To disable the dependency during installation, set `kubeStateMetrics.enabled` to `false`. + +_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### To 15.0 + +Version 15.0.0 changes the relabeling config, aligning it with the [Prometheus community conventions](https://github.com/prometheus/prometheus/pull/9832). If you've made manual changes to the relabeling config, you have to adapt your changes. + +Before you update please execute the following command, to be able to update kube-state-metrics: + +```bash +kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics --cascade=orphan +``` + +### To 9.0 + +Version 9.0 adds a new option to enable or disable the Prometheus Server. This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. To install the server `server.enabled` must be set to `true`. + +### To 5.0 + +As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data. + +Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/). + +Users of this chart will need to update their alerting rules to the new format before they can upgrade. + +### Example Migration + +Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following: + +1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below: + + ```yaml + alertmanager: + enabled: false + alertmanagerFiles: + alertmanager.yml: "" + kubeStateMetrics: + enabled: false + nodeExporter: + enabled: false + pushgateway: + enabled: false + server: + extraArgs: + storage.local.retention: 720h + serverFiles: + alerts: "" + prometheus.yml: "" + rules: "" + ``` + +1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target. + + ```yaml + prometheus.yml: + ... + remote_read: + - url: http://prometheus-old/api/v1/read + ... + ``` + + Old data will be available when you query the new prometheus instance. + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +helm show values prometheus-community/prometheus +``` + +You may similarly use the above configuration commands on each chart [dependency](#dependencies) to see it's configurations. + +### Scraping Pod Metrics via Annotations + +This chart uses a default configuration that causes prometheus to scrape a variety of kubernetes resource types, provided they have the correct annotations. In this section we describe how to configure pods to be scraped; for information on how other resource types can be scraped you can do a `helm template` to get the kubernetes resource definitions, and then reference the prometheus configuration in the ConfigMap against the prometheus documentation for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config). + +In order to get prometheus to scrape pods, you must add annotations to the the pods as below: + +```yaml +metadata: + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: /metrics + prometheus.io/port: "8080" +``` + +You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. `prometheus.io/port` should be set to the port that your pod serves metrics from. Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be enclosed in double quotes. + +### Sharing Alerts Between Services + +Note that when [installing](#install-chart) or [upgrading](#upgrading-chart) you may use multiple values override files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example, + +```yaml +# values.yaml +# ... + +# service1-alert.yaml +serverFiles: + alerts: + service1: + - alert: anAlert + # ... + +# service2-alert.yaml +serverFiles: + alerts: + service2: + - alert: anAlert + # ... +``` + +```console +helm install [RELEASE_NAME] prometheus-community/prometheus -f values.yaml -f service1-alert.yaml -f service2-alert.yaml +``` + +### RBAC Configuration + +Roles and RoleBindings resources will be created automatically for `server` service. + +To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account. + +> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own. + +### ConfigMap Files + +AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod. + +Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod. + +### Ingress TLS + +If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism. + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```console +kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file: + +```yaml +server: + ingress: + ## If true, Prometheus server Ingress will be created + ## + enabled: true + + ## Prometheus server Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - prometheus.domain.com + + ## Prometheus server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: prometheus-server-tls + hosts: + - prometheus.domain.com +``` + +### NetworkPolicy + +Enabling Network Policy for Prometheus will secure connections to Alert Manager and Kube State Metrics by only accepting connections from Prometheus Server. All inbound connections to Prometheus Server are still allowed. + +To enable network policy for Prometheus, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true. + +If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need to manually create a networkpolicy which allows it. diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/Chart.yaml new file mode 100644 index 000000000..e9e40c719 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +appVersion: 2.3.0 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +- email: davidcalvertfr@gmail.com + name: dotdc +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +type: application +version: 4.4.3 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/README.md new file mode 100644 index 000000000..7c2e16918 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/README.md @@ -0,0 +1,68 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + + +## Upgrading to v3.0.0 + +v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. + +The upgraded chart now the following changes: +* Dropped support for helm v2 (helm v3 or later is required) +* collectors key was renamed to resources +* namespace key was renamed to namespaces + + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values prometheus-community/kube-state-metrics +``` + +You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt new file mode 100644 index 000000000..5a646e0cc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl new file mode 100644 index 000000000..976b27337 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/_helpers.tpl @@ -0,0 +1,82 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kube-state-metrics.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Generate basic labels +*/}} +{{- define "kube-state-metrics.labels" }} +helm.sh/chart: {{ template "kube-state-metrics.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: metrics +app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }} +{{- include "kube-state-metrics.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels }} +{{- end }} +{{- if .Values.releaseLabel }} +release: {{ .Release.Name }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kube-state-metrics.selectorLabels" }} +app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf9f628d0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml new file mode 100644 index 000000000..5e666c552 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/deployment.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +spec: + selector: + matchLabels: + {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} + replicas: {{ .Values.replicas }} + {{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] + {{- end }} + template: + metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 8 }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + {{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + args: + {{- if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.service.port }} + - --port={{ .Values.service.port | default 8080}} + {{- end }} + {{- if .Values.collectors }} + - --resources={{ .Values.collectors | join "," }} + {{- end }} + {{- if .Values.metricLabelsAllowlist }} + - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }} + {{- end }} + {{- if .Values.metricAnnotationsAllowList }} + - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }} + {{- end }} + {{- if .Values.metricAllowlist }} + - --metric-allowlist={{ .Values.metricAllowlist | join "," }} + {{- end }} + {{- if .Values.metricDenylist }} + - --metric-denylist={{ .Values.metricDenylist | join "," }} + {{- end }} + {{- if .Values.namespaces }} + - --namespaces={{ tpl (.Values.namespaces | join ",") $ }} + {{- end }} + {{- if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) + {{- end }} + {{- if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config + {{- end }} + {{- if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} + {{- end }} + - --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }} + {{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: {{ .Values.service.port | default 8080}} + name: "http" + {{- if .Values.selfMonitor.enabled }} + - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + name: "metrics" + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port | default 8080}} + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.port | default 8080}} + initialDelaySeconds: 5 + timeoutSeconds: 5 + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.containerSecurityContext }} + securityContext: +{{ toYaml .Values.containerSecurityContext | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/kubeconfig-secret.yaml new file mode 100644 index 000000000..6af008450 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/kubeconfig-secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/pdb.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/pdb.yaml new file mode 100644 index 000000000..cbcf3a37e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/pdb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..3299056ab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -0,0 +1,39 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..69047d4ff --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrole.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..03c56d575 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/role.yaml new file mode 100644 index 000000000..e514e3c01 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/role.yaml @@ -0,0 +1,187 @@ +{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- range (ternary (split "," .Values.namespaces) (list "") (eq $.Values.rbac.useClusterRole false)) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq $.Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + {{- include "kube-state-metrics.labels" $ | indent 4 }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq $.Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if has "certificatesigningrequests" $.Values.collectors }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if has "configmaps" $.Values.collectors }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if has "cronjobs" $.Values.collectors }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if has "daemonsets" $.Values.collectors }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "deployments" $.Values.collectors }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if has "endpoints" $.Values.collectors }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if has "horizontalpodautoscalers" $.Values.collectors }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if has "ingresses" $.Values.collectors }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if has "jobs" $.Values.collectors }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if has "limitranges" $.Values.collectors }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if has "mutatingwebhookconfigurations" $.Values.collectors }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if has "namespaces" $.Values.collectors }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if has "networkpolicies" $.Values.collectors }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if has "nodes" $.Values.collectors }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if has "persistentvolumeclaims" $.Values.collectors }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if has "persistentvolumes" $.Values.collectors }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if has "poddisruptionbudgets" $.Values.collectors }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "pods" $.Values.collectors }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if has "replicasets" $.Values.collectors }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "replicationcontrollers" $.Values.collectors }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if has "resourcequotas" $.Values.collectors }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if has "secrets" $.Values.collectors }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "services" $.Values.collectors }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if has "statefulsets" $.Values.collectors }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if has "storageclasses" $.Values.collectors }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if has "validatingwebhookconfigurations" $.Values.collectors }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if has "volumeattachments" $.Values.collectors }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if has "verticalpodautoscalers" $.Values.collectors }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/rolebinding.yaml new file mode 100644 index 000000000..135094f7b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespaces) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "kube-state-metrics.labels" $ | indent 4 }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/service.yaml new file mode 100644 index 000000000..853cf469e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port | default 8080}} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: {{ .Values.service.port | default 8080}} + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + {{- include "kube-state-metrics.selectorLabels" . | indent 4 }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml new file mode 100644 index 000000000..e1229eb95 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml new file mode 100644 index 000000000..93a5870f6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -0,0 +1,66 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- with .Values.prometheus.monitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }} + selector: + matchLabels: + {{- if .Values.prometheus.monitor.selectorOverride -}} + {{ toYaml .Values.prometheus.monitor.selectorOverride | nindent 6 }} + {{ else }} + {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} + {{- end }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.interval }} + interval: {{ .Values.prometheus.monitor.interval }} + {{- end }} + {{- if .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} + {{- if .Values.prometheus.monitor.proxyUrl }} + proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} + {{- end }} + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if .Values.prometheus.monitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.monitor.relabelings }} + relabelings: + {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.interval }} + interval: {{ .Values.prometheus.monitor.interval }} + {{- end }} + {{- if .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} + {{- if .Values.prometheus.monitor.proxyUrl }} + proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} + {{- end }} + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{- if .Values.prometheus.monitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.monitor.relabelings }} + relabelings: + {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100644 index 000000000..489de147c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 000000000..73b37a4f6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + {{- include "kube-state-metrics.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.serviceAccountName" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/values.yaml new file mode 100644 index 000000000..aced5cf4f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/charts/kube-state-metrics/values.yaml @@ -0,0 +1,224 @@ +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics + tag: v2.3.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +## Additional labels to add to all resources +customLabels: {} + # app: kube-state-metrics + +## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box +releaseLabel: false + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + jobLabel: "" + interval: "" + scrapeTimeout: "" + proxyUrl: "" + selectorOverride: {} + honorLabels: false + metricRelabelings: [] + relabelings: [] + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Specify security settings for a Container +## Allows overrides and additional options compared to (Pod) securityContext +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +containerSecurityContext: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Comma-separated list of metrics to be exposed. +# This list comprises of exact metric names and/or regex patterns. +# The allowlist and denylist are mutually exclusive. +metricAllowlist: [] + +# Comma-separated list of metrics not to be enabled. +# This list comprises of exact metric names and/or regex patterns. +# The allowlist and denylist are mutually exclusive. +metricDenylist: [] + +# Comma-separated list of additional Kubernetes label keys that will be used in the resource's +# labels metric. By default the metric contains only name and namespace labels. +# To include additional labels, provide a list of resource names in their plural form and Kubernetes +# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. +# A single '*' can be provided per resource instead to allow any labels, but that has +# severe performance implications (Example: '=pods=[*]'). +metricLabelsAllowlist: [] + # - namespaces=[k8s-label-1,k8s-label-n] + +# Comma-separated list of Kubernetes annotations keys that will be used in the resource' +# labels metric. By default the metric contains only name and namespace labels. +# To include additional annotations provide a list of resource names in their plural form and Kubernetes +# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. +# A single '*' can be provided per resource instead to allow any annotations, but that has +# severe performance implications (Example: '=pods=[*]'). +metricAnnotationsAllowList: [] + # - pods=[k8s-annotation-1,k8s-annotation-n] + +# Available collectors for kube-state-metrics. +# By default, all available resources are enabled, comment out to disable. +collectors: + - certificatesigningrequests + - configmaps + - cronjobs + - daemonsets + - deployments + - endpoints + - horizontalpodautoscalers + - ingresses + - jobs + - limitranges + - mutatingwebhookconfigurations + - namespaces + - networkpolicies + - nodes + - persistentvolumeclaims + - persistentvolumes + - poddisruptionbudgets + - pods + - replicasets + - replicationcontrollers + - resourcequotas + - secrets + - services + - statefulsets + - storageclasses + - validatingwebhookconfigurations + - volumeattachments + # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. +namespaces: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overridden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/NOTES.txt new file mode 100644 index 000000000..0e8868f0b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/NOTES.txt @@ -0,0 +1,112 @@ +{{- if .Values.server.enabled -}} +The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster: +{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{ if .Values.server.ingress.enabled -}} +From outside the cluster, the server URL(s) are: +{{- range .Values.server.ingress.hosts }} +http://{{ . }} +{{- end }} +{{- else }} +Get the Prometheus server URL by running these commands in the same shell: +{{- if contains "NodePort" .Values.server.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.server.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }} +{{- else if contains "ClusterIP" .Values.server.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090 +{{- end }} +{{- end }} + +{{- if .Values.server.persistentVolume.enabled }} +{{- else }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Server pod is terminated. ##### +################################################################################# +{{- end }} +{{- end }} + +{{ if .Values.alertmanager.enabled }} +The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster: +{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{ if .Values.alertmanager.ingress.enabled -}} +From outside the cluster, the alertmanager URL(s) are: +{{- range .Values.alertmanager.ingress.hosts }} +http://{{ . }} +{{- end }} +{{- else }} +Get the Alertmanager URL by running these commands in the same shell: +{{- if contains "NodePort" .Values.alertmanager.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }} +{{- else if contains "ClusterIP" .Values.alertmanager.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093 +{{- end }} +{{- end }} + +{{- if .Values.alertmanager.persistentVolume.enabled }} +{{- else }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the AlertManager pod is terminated. ##### +################################################################################# +{{- end }} +{{- end }} + +{{- if .Values.nodeExporter.podSecurityPolicy.enabled }} +{{- else }} +################################################################################# +###### WARNING: Pod Security Policy has been moved to a global property. ##### +###### use .Values.podSecurityPolicy.enabled with pod-based ##### +###### annotations ##### +###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) ##### +################################################################################# +{{- end }} + +{{ if .Values.pushgateway.enabled }} +The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster: +{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +{{ if .Values.pushgateway.ingress.enabled -}} +From outside the cluster, the pushgateway URL(s) are: +{{- range .Values.pushgateway.ingress.hosts }} +http://{{ . }} +{{- end }} +{{- else }} +Get the PushGateway URL by running these commands in the same shell: +{{- if contains "NodePort" .Values.pushgateway.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }} +{{- else if contains "ClusterIP" .Values.pushgateway.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091 +{{- end }} +{{- end }} +{{- end }} + +For more information on running Prometheus, visit: +https://prometheus.io/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/_helpers.tpl new file mode 100644 index 000000000..065065c56 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/_helpers.tpl @@ -0,0 +1,282 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create unified labels for prometheus components +*/}} +{{- define "prometheus.common.matchLabels" -}} +app: {{ template "prometheus.name" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{- define "prometheus.common.metaLabels" -}} +chart: {{ template "prometheus.chart" . }} +heritage: {{ .Release.Service }} +{{- end -}} + +{{- define "prometheus.alertmanager.labels" -}} +{{ include "prometheus.alertmanager.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.alertmanager.matchLabels" -}} +component: {{ .Values.alertmanager.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.nodeExporter.labels" -}} +{{ include "prometheus.nodeExporter.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.nodeExporter.matchLabels" -}} +component: {{ .Values.nodeExporter.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.pushgateway.labels" -}} +{{ include "prometheus.pushgateway.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.pushgateway.matchLabels" -}} +component: {{ .Values.pushgateway.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{- define "prometheus.server.labels" -}} +{{ include "prometheus.server.matchLabels" . }} +{{ include "prometheus.common.metaLabels" . }} +{{- end -}} + +{{- define "prometheus.server.matchLabels" -}} +component: {{ .Values.server.name | quote }} +{{ include "prometheus.common.matchLabels" . }} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified alertmanager name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} + +{{- define "prometheus.alertmanager.fullname" -}} +{{- if .Values.alertmanager.fullnameOverride -}} +{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified node-exporter name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.nodeExporter.fullname" -}} +{{- if .Values.nodeExporter.fullnameOverride -}} +{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified Prometheus server name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.server.fullname" -}} +{{- if .Values.server.fullnameOverride -}} +{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified pushgateway name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "prometheus.pushgateway.fullname" -}} +{{- if .Values.pushgateway.fullnameOverride -}} +{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Get KubeVersion removing pre-release information. +*/}} +{{- define "prometheus.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version (regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" .Capabilities.KubeVersion.Version) -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "prometheus.deployment.apiVersion" -}} +{{- print "apps/v1" -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "prometheus.daemonset.apiVersion" -}} +{{- print "apps/v1" -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "prometheus.networkPolicy.apiVersion" -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "prometheus.podSecurityPolicy.apiVersion" -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "ingress.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "prometheus.kubeVersion" .)) -}} + {{- print "networking.k8s.io/v1" -}} + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "extensions/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return if ingress is stable. +*/}} +{{- define "ingress.isStable" -}} + {{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}} +{{- end -}} + +{{/* +Return if ingress supports ingressClassName. +*/}} +{{- define "ingress.supportsIngressClassName" -}} + {{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}} +{{- end -}} +{{/* +Return if ingress supports pathType. +*/}} +{{- define "ingress.supportsPathType" -}} + {{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the alertmanager component +*/}} +{{- define "prometheus.serviceAccountName.alertmanager" -}} +{{- if .Values.serviceAccounts.alertmanager.create -}} + {{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.alertmanager.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the nodeExporter component +*/}} +{{- define "prometheus.serviceAccountName.nodeExporter" -}} +{{- if .Values.serviceAccounts.nodeExporter.create -}} + {{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.nodeExporter.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the pushgateway component +*/}} +{{- define "prometheus.serviceAccountName.pushgateway" -}} +{{- if .Values.serviceAccounts.pushgateway.create -}} + {{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.pushgateway.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for the server component +*/}} +{{- define "prometheus.serviceAccountName.server" -}} +{{- if .Values.serviceAccounts.server.create -}} + {{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.server.name }} +{{- end -}} +{{- end -}} + +{{/* +Define the prometheus.namespace template if set with forceNamespace or .Release.Namespace is set +*/}} +{{- define "prometheus.namespace" -}} +{{- if .Values.forceNamespace -}} +{{ printf "namespace: %s" .Values.forceNamespace }} +{{- else -}} +{{ printf "namespace: %s" .Release.Namespace }} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/clusterrole.yaml new file mode 100644 index 000000000..c732ff4e5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/clusterrole.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole (not .Values.alertmanager.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +rules: +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.alertmanager.fullname" . }} +{{- else }} + [] +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml new file mode 100644 index 000000000..6f13e98b5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{ include "prometheus.namespace" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if (not .Values.alertmanager.useExistingRole) }} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{- else }} + name: {{ .Values.alertmanager.useExistingRole }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/cm.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/cm.yaml new file mode 100644 index 000000000..cb09bf067 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/cm.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +data: +{{- $root := . -}} +{{- range $key, $value := .Values.alertmanagerFiles }} + {{- if $key | regexMatch ".*\\.ya?ml$" }} + {{ $key }}: | +{{ toYaml $value | default "{}" | indent 4 }} + {{- else }} + {{ $key }}: {{ toYaml $value | indent 4 }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/deploy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/deploy.yaml new file mode 100644 index 000000000..48a3c8489 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/deploy.yaml @@ -0,0 +1,204 @@ +{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}} +apiVersion: {{ template "prometheus.deployment.apiVersion" . }} +kind: Deployment +metadata: +{{- if .Values.alertmanager.deploymentAnnotations }} + annotations: + {{ toYaml .Values.alertmanager.deploymentAnnotations | nindent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + selector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + replicas: {{ .Values.alertmanager.replicaCount }} + {{- if .Values.alertmanager.strategy }} + strategy: +{{ toYaml .Values.alertmanager.strategy | trim | indent 4 }} + {{ if eq .Values.alertmanager.strategy.type "Recreate" }}rollingUpdate: null{{ end }} +{{- end }} + template: + metadata: + {{- if .Values.alertmanager.podAnnotations }} + annotations: + {{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 8 }} + {{- if .Values.alertmanager.podLabels}} + {{ toYaml .Values.alertmanager.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.alertmanager.schedulerName }} + schedulerName: "{{ .Values.alertmanager.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} + {{- if .Values.alertmanager.extraInitContainers }} + initContainers: +{{ toYaml .Values.alertmanager.extraInitContainers | indent 8 }} + {{- end }} +{{- if .Values.alertmanager.priorityClassName }} + priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} + image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" + env: + {{- range $key, $value := .Values.alertmanager.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/{{ .Values.alertmanager.configFileName }} + - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} + {{- if .Values.alertmanager.service.enableMeshPeer }} + - --cluster.listen-address=0.0.0.0:6783 + - --cluster.advertise-address=[$(POD_IP)]:6783 + {{- else }} + - --cluster.listen-address= + {{- end }} + {{- range $key, $value := .Values.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.alertmanager.baseURL }} + - --web.external-url={{ .Values.alertmanager.baseURL }} + {{- end }} + {{- range .Values.alertmanager.clusterPeers }} + - --cluster.peer={{ . }} + {{- end }} + + ports: + - containerPort: 9093 + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.prefixURL }}/-/ready + port: 9093 + {{- if .Values.alertmanager.probeHeaders }} + httpHeaders: + {{- range .Values.alertmanager.probeHeaders }} + - name: {{ .name }} + value: {{ .value }} + {{- end }} + {{- end }} + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: +{{ toYaml .Values.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" + subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.alertmanager.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + + {{- if .Values.configmapReload.alertmanager.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} + image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.alertmanager.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + resources: +{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} + {{- end }} + {{- with .Values.alertmanager.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.securityContext | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: +{{ toYaml .Values.alertmanager.tolerations | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.affinity }} + affinity: +{{ toYaml .Values.alertmanager.affinity | indent 8 }} + {{- end }} + volumes: + - name: config-volume + {{- if empty .Values.alertmanager.configFromSecret }} + configMap: + name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + secret: + secretName: {{ .Values.alertmanager.configFromSecret }} + {{- end }} + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- with .optional }} + optional: {{ . }} + {{- end }} + {{- end }} + {{- range .Values.alertmanager.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + - name: storage-volume + {{- if .Values.alertmanager.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + emptyDir: + {{- if .Values.alertmanager.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} + {{- end -}} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/headless-svc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/headless-svc.yaml new file mode 100644 index 000000000..8c402c408 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/headless-svc.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.alertmanager.statefulSet.headless.annotations }} + annotations: +{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- if .Values.alertmanager.statefulSet.headless.labels }} +{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }}-headless +{{ include "prometheus.namespace" . | indent 2 }} +spec: + clusterIP: None + ports: + - name: http + port: {{ .Values.alertmanager.statefulSet.headless.servicePort }} + protocol: TCP + targetPort: 9093 +{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} + - name: meshpeer + port: 6783 + protocol: TCP + targetPort: 6783 +{{- end }} + selector: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/ingress.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/ingress.yaml new file mode 100644 index 000000000..2a7b67c08 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/ingress.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}} +{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}} +{{- $releaseName := .Release.Name -}} +{{- $serviceName := include "prometheus.alertmanager.fullname" . }} +{{- $servicePort := .Values.alertmanager.service.servicePort -}} +{{- $ingressPath := .Values.alertmanager.ingress.path -}} +{{- $ingressPathType := .Values.alertmanager.ingress.pathType -}} +{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}} +apiVersion: {{ template "ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.alertmanager.ingress.annotations }} + annotations: +{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }} + {{ $key }}: {{ $value }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + {{- if and $ingressSupportsIngressClassName .Values.alertmanager.ingress.ingressClassName }} + ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} + {{- end }} + rules: + {{- range .Values.alertmanager.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $ingressApiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} +{{- if .Values.alertmanager.ingress.tls }} + tls: +{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/netpol.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/netpol.yaml new file mode 100644 index 000000000..e44ade60e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/netpol.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}} +apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 12 }} + - ports: + - port: 9093 +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/pdb.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/pdb.yaml new file mode 100644 index 000000000..41a92f364 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/pdb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alertmanager.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus.alertmanager.labels" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/psp.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/psp.yaml new file mode 100644 index 000000000..64fb13003 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/psp.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.alertmanager.fullname" . }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + annotations: +{{- if .Values.alertmanager.podSecurityPolicy.annotations }} +{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'secret' + allowedHostPaths: + - pathPrefix: /etc + readOnly: true + - pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }} + hostNetwork: false + hostPID: false + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: true +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/pvc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/pvc.yaml new file mode 100644 index 000000000..160e296a5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/pvc.yaml @@ -0,0 +1,37 @@ +{{- if not .Values.alertmanager.statefulSet.enabled -}} +{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}} +{{- if not .Values.alertmanager.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.alertmanager.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + accessModes: +{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }} +{{- if .Values.alertmanager.persistentVolume.storageClass }} +{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }} + volumeBindingMode: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.alertmanager.persistentVolume.size }}" +{{- if .Values.alertmanager.persistentVolume.selector }} + selector: + {{- toYaml .Values.alertmanager.persistentVolume.selector | nindent 4 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/role.yaml new file mode 100644 index 000000000..ce60eaf0a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/role.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) (not .Values.alertmanager.useExistingRole) -}} +{{- range $.Values.alertmanager.namespaces }} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + labels: + {{- include "prometheus.alertmanager.labels" $ | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" $ }} + namespace: {{ . }} +rules: +{{- if $.Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.alertmanager.fullname" $ }} +{{- else }} + [] +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/rolebinding.yaml new file mode 100644 index 000000000..906d6522d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/rolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) -}} +{{ range $.Values.alertmanager.namespaces }} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + labels: + {{- include "prometheus.alertmanager.labels" $ | nindent 4 }} + name: {{ template "prometheus.alertmanager.fullname" $ }} + namespace: {{ . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.alertmanager" $ }} +{{ include "prometheus.namespace" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.alertmanager.useExistingRole) }} + name: {{ template "prometheus.alertmanager.fullname" $ }} +{{- else }} + name: {{ $.Values.alertmanager.useExistingRole }} +{{- end }} +{{- end }} +{{ end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/service.yaml new file mode 100644 index 000000000..9edc9ac65 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/service.yaml @@ -0,0 +1,53 @@ +{{- if .Values.alertmanager.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.alertmanager.service.annotations }} + annotations: +{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} +{{- if .Values.alertmanager.service.labels }} +{{ toYaml .Values.alertmanager.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: +{{- if .Values.alertmanager.service.clusterIP }} + clusterIP: {{ .Values.alertmanager.service.clusterIP }} +{{- end }} +{{- if .Values.alertmanager.service.externalIPs }} + externalIPs: +{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.alertmanager.service.servicePort }} + protocol: TCP + targetPort: 9093 + {{- if .Values.alertmanager.service.nodePort }} + nodePort: {{ .Values.alertmanager.service.nodePort }} + {{- end }} +{{- if .Values.alertmanager.service.enableMeshPeer }} + - name: meshpeer + port: 6783 + protocol: TCP + targetPort: 6783 +{{- end }} + selector: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }} +{{- if .Values.alertmanager.service.sessionAffinity }} + sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }} +{{- end }} + type: "{{ .Values.alertmanager.service.type }}" +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/serviceaccount.yaml new file mode 100644 index 000000000..a5d996a85 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{ include "prometheus.namespace" . | indent 2 }} + annotations: +{{ toYaml .Values.serviceAccounts.alertmanager.annotations | indent 4 }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/sts.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/sts.yaml new file mode 100644 index 000000000..4f247dc48 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/alertmanager/sts.yaml @@ -0,0 +1,181 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: +{{- if .Values.alertmanager.statefulSet.annotations }} + annotations: + {{ toYaml .Values.alertmanager.statefulSet.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 4 }} + {{- if .Values.alertmanager.statefulSet.labels}} + {{ toYaml .Values.alertmanager.statefulSet.labels | nindent 4 }} + {{- end}} + name: {{ template "prometheus.alertmanager.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless + selector: + matchLabels: + {{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }} + replicas: {{ .Values.alertmanager.replicaCount }} + podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }} + template: + metadata: + {{- if .Values.alertmanager.podAnnotations }} + annotations: + {{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "prometheus.alertmanager.labels" . | nindent 8 }} + {{- if .Values.alertmanager.podLabels}} + {{ toYaml .Values.alertmanager.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.alertmanager.affinity }} + affinity: +{{ toYaml .Values.alertmanager.affinity | indent 8 }} +{{- end }} +{{- if .Values.alertmanager.schedulerName }} + schedulerName: "{{ .Values.alertmanager.schedulerName }}" +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }} +{{- if .Values.alertmanager.priorityClassName }} + priorityClassName: "{{ .Values.alertmanager.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }} + image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}" + env: + {{- range $key, $value := .Values.alertmanager.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + args: + - --config.file=/etc/config/alertmanager.yml + - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} + {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} + - --cluster.advertise-address=[$(POD_IP)]:6783 + - --cluster.listen-address=0.0.0.0:6783 + {{- range $n := until (.Values.alertmanager.replicaCount | int) }} + - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 + {{- end }} + {{- else }} + - --cluster.listen-address= + {{- end }} + {{- range $key, $value := .Values.alertmanager.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.alertmanager.baseURL }} + - --web.external-url={{ .Values.alertmanager.baseURL }} + {{- end }} + + ports: + - containerPort: 9093 + {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} + - containerPort: 6783 + {{- end }} + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.prefixURL }}/#/status + port: 9093 + initialDelaySeconds: 30 + timeoutSeconds: 30 + resources: +{{ toYaml .Values.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}" + subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}" + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.configmapReload.alertmanager.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }} + image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload + resources: +{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.securityContext | indent 8 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: +{{ toYaml .Values.alertmanager.tolerations | indent 8 }} + {{- end }} + volumes: + - name: config-volume + {{- if empty .Values.alertmanager.configFromSecret }} + configMap: + name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }} + {{- else }} + secret: + secretName: {{ .Values.alertmanager.configFromSecret }} + {{- end }} + {{- range .Values.alertmanager.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- with .optional }} + optional: {{ . }} + {{- end }} + {{- end }} +{{- if .Values.alertmanager.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + {{- if .Values.alertmanager.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.alertmanager.persistentVolume.size }}" + {{- if .Values.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: storage-volume + emptyDir: + {{- if .Values.alertmanager.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/daemonset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/daemonset.yaml new file mode 100644 index 000000000..667be9f49 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/daemonset.yaml @@ -0,0 +1,146 @@ +{{- if .Values.nodeExporter.enabled -}} +apiVersion: {{ template "prometheus.daemonset.apiVersion" . }} +kind: DaemonSet +metadata: +{{- if .Values.nodeExporter.deploymentAnnotations }} + annotations: +{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + name: {{ template "prometheus.nodeExporter.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + selector: + matchLabels: + {{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }} + {{- if .Values.nodeExporter.updateStrategy }} + updateStrategy: +{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + {{- if .Values.nodeExporter.podAnnotations }} + annotations: +{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }} + {{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 8 }} +{{- if .Values.nodeExporter.pod.labels }} +{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }} +{{- end }} + spec: + serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }} + {{- if .Values.nodeExporter.extraInitContainers }} + initContainers: +{{ toYaml .Values.nodeExporter.extraInitContainers | indent 8 }} + {{- end }} +{{- if .Values.nodeExporter.priorityClassName }} + priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }} + image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}" + imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}" + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + {{- if .Values.nodeExporter.hostRootfs }} + - --path.rootfs=/host/root + {{- end }} + {{- if .Values.nodeExporter.hostNetwork }} + - --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }} + {{- end }} + {{- range $key, $value := .Values.nodeExporter.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + ports: + - name: metrics + {{- if .Values.nodeExporter.hostNetwork }} + containerPort: {{ .Values.nodeExporter.service.hostPort }} + {{- else }} + containerPort: 9100 + {{- end }} + hostPort: {{ .Values.nodeExporter.service.hostPort }} + resources: +{{ toYaml .Values.nodeExporter.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- if .Values.nodeExporter.hostRootfs }} + - name: root + mountPath: /host/root + mountPropagation: HostToContainer + readOnly: true + {{- end }} + {{- range .Values.nodeExporter.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- if .mountPropagation }} + mountPropagation: {{ .mountPropagation }} + {{- end }} + {{- end }} + {{- range .Values.nodeExporter.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.nodeExporter.hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.nodeExporter.hostPID }} + hostPID: true + {{- end }} + {{- if .Values.nodeExporter.tolerations }} + tolerations: +{{ toYaml .Values.nodeExporter.tolerations | indent 8 }} + {{- end }} + {{- if .Values.nodeExporter.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }} + {{- end }} + {{- with .Values.nodeExporter.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.nodeExporter.securityContext }} + securityContext: +{{ toYaml .Values.nodeExporter.securityContext | indent 8 }} + {{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- if .Values.nodeExporter.hostRootfs }} + - name: root + hostPath: + path: / + {{- end }} + {{- range .Values.nodeExporter.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.nodeExporter.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/psp.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/psp.yaml new file mode 100644 index 000000000..bd9c73bee --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/psp.yaml @@ -0,0 +1,55 @@ +{{- if and .Values.nodeExporter.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.nodeExporter.fullname" . }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + annotations: +{{- if .Values.nodeExporter.podSecurityPolicy.annotations }} +{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'configMap' + - 'hostPath' + - 'secret' + allowedHostPaths: + - pathPrefix: /proc + readOnly: true + - pathPrefix: /sys + readOnly: true + - pathPrefix: / + readOnly: true + {{- range .Values.nodeExporter.extraHostPathMounts }} + - pathPrefix: {{ .hostPath }} + readOnly: {{ .readOnly }} + {{- end }} + hostNetwork: {{ .Values.nodeExporter.hostNetwork }} + hostPID: {{ .Values.nodeExporter.hostPID }} + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + hostPorts: + - min: 1 + max: 65535 +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/role.yaml new file mode 100644 index 000000000..d8ef3ed90 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/role.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} +{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "prometheus.nodeExporter.fullname" . }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} +{{ include "prometheus.namespace" . | indent 2 }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus.nodeExporter.fullname" . }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/rolebinding.yaml new file mode 100644 index 000000000..06914b70a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.nodeExporter.enabled .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "prometheus.nodeExporter.fullname" . }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} +{{ include "prometheus.namespace" . | indent 2 }} +roleRef: + kind: Role + name: {{ template "prometheus.nodeExporter.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} +{{ include "prometheus.namespace" . | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/serviceaccount.yaml new file mode 100644 index 000000000..0cf91afba --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} +{{ include "prometheus.namespace" . | indent 2 }} + annotations: +{{ toYaml .Values.serviceAccounts.nodeExporter.annotations | indent 4 }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/svc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/svc.yaml new file mode 100644 index 000000000..26d1eaa21 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/node-exporter/svc.yaml @@ -0,0 +1,47 @@ +{{- if .Values.nodeExporter.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.nodeExporter.service.annotations }} + annotations: +{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} +{{- if .Values.nodeExporter.service.labels }} +{{ toYaml .Values.nodeExporter.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.nodeExporter.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: +{{- if .Values.nodeExporter.service.clusterIP }} + clusterIP: {{ .Values.nodeExporter.service.clusterIP }} +{{- end }} +{{- if .Values.nodeExporter.service.externalIPs }} + externalIPs: +{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.nodeExporter.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }} +{{- end }} +{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: metrics + {{- if .Values.nodeExporter.hostNetwork }} + port: {{ .Values.nodeExporter.service.hostPort }} + protocol: TCP + targetPort: {{ .Values.nodeExporter.service.hostPort }} + {{- else }} + port: {{ .Values.nodeExporter.service.servicePort }} + protocol: TCP + targetPort: 9100 + {{- end }} + selector: + {{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }} + type: "{{ .Values.nodeExporter.service.type }}" +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/clusterrole.yaml new file mode 100644 index 000000000..76ecf053f --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/clusterrole.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +rules: +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.pushgateway.fullname" . }} +{{- else }} + [] +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml new file mode 100644 index 000000000..15770ee50 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.pushgateway.enabled .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.pushgateway" . }} +{{ include "prometheus.namespace" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus.pushgateway.fullname" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/deploy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/deploy.yaml new file mode 100644 index 000000000..ffdbfcc42 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/deploy.yaml @@ -0,0 +1,119 @@ +{{- if .Values.pushgateway.enabled -}} +apiVersion: {{ template "prometheus.deployment.apiVersion" . }} +kind: Deployment +metadata: +{{- if .Values.pushgateway.deploymentAnnotations }} + annotations: + {{ toYaml .Values.pushgateway.deploymentAnnotations | nindent 4 }} +{{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + selector: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + matchLabels: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} + replicas: {{ .Values.pushgateway.replicaCount }} + {{- if .Values.pushgateway.strategy }} + strategy: +{{ toYaml .Values.pushgateway.strategy | trim | indent 4 }} + {{ if eq .Values.pushgateway.strategy.type "Recreate" }}rollingUpdate: null{{ end }} +{{- end }} + template: + metadata: + {{- if .Values.pushgateway.podAnnotations }} + annotations: + {{ toYaml .Values.pushgateway.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 8 }} + {{- if .Values.pushgateway.podLabels }} + {{ toYaml .Values.pushgateway.podLabels | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }} + {{- if .Values.pushgateway.extraInitContainers }} + initContainers: +{{ toYaml .Values.pushgateway.extraInitContainers | indent 8 }} + {{- end }} +{{- if .Values.pushgateway.priorityClassName }} + priorityClassName: "{{ .Values.pushgateway.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }} + image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}" + imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}" + args: + {{- range $key, $value := .Values.pushgateway.extraArgs }} + {{- $stringvalue := toString $value }} + {{- if eq $stringvalue "true" }} + - --{{ $key }} + {{- else }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- end }} + ports: + - containerPort: 9091 + livenessProbe: + httpGet: + {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} + path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy + {{- else }} + path: /-/healthy + {{- end }} + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + readinessProbe: + httpGet: + {{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }} + path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready + {{- else }} + path: /-/ready + {{- end }} + port: 9091 + initialDelaySeconds: 10 + timeoutSeconds: 10 + resources: +{{ toYaml .Values.pushgateway.resources | indent 12 }} + {{- if .Values.pushgateway.persistentVolume.enabled }} + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}" + subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.nodeSelector }} + nodeSelector: +{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }} + {{- end }} + {{- with .Values.pushgateway.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.securityContext }} + securityContext: +{{ toYaml .Values.pushgateway.securityContext | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.tolerations }} + tolerations: +{{ toYaml .Values.pushgateway.tolerations | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.affinity }} + affinity: +{{ toYaml .Values.pushgateway.affinity | indent 8 }} + {{- end }} + {{- if .Values.pushgateway.persistentVolume.enabled }} + volumes: + - name: storage-volume + persistentVolumeClaim: + claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} + {{- end -}} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/ingress.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/ingress.yaml new file mode 100644 index 000000000..2ff72abd5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/ingress.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}} +{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}} +{{- $releaseName := .Release.Name -}} +{{- $serviceName := include "prometheus.pushgateway.fullname" . }} +{{- $servicePort := .Values.pushgateway.service.servicePort -}} +{{- $ingressPath := .Values.pushgateway.ingress.path -}} +{{- $ingressPathType := .Values.pushgateway.ingress.pathType -}} +{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}} +apiVersion: {{ template "ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.pushgateway.ingress.annotations }} + annotations: +{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}} +{{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + {{- if and $ingressSupportsIngressClassName .Values.pushgateway.ingress.ingressClassName }} + ingressClassName: {{ .Values.pushgateway.ingress.ingressClassName }} + {{- end }} + rules: + {{- range .Values.pushgateway.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $ingressApiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} +{{- if .Values.pushgateway.ingress.tls }} + tls: +{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/netpol.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/netpol.yaml new file mode 100644 index 000000000..c8d1fb37e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/netpol.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}} +apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ template "prometheus.pushgateway.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }} + ingress: + - from: + - podSelector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 12 }} + - ports: + - port: 9091 +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/pdb.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/pdb.yaml new file mode 100644 index 000000000..50beb486d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/pdb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.pushgateway.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus.pushgateway.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus.pushgateway.labels" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/psp.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/psp.yaml new file mode 100644 index 000000000..1ca3267f8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/psp.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.pushgateway.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.pushgateway.fullname" . }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + annotations: +{{- if .Values.pushgateway.podSecurityPolicy.annotations }} +{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'persistentVolumeClaim' + - 'secret' + allowedHostPaths: + - pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }} + hostNetwork: false + hostPID: false + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: true +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/pvc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/pvc.yaml new file mode 100644 index 000000000..d5d64ddcc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/pvc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.pushgateway.persistentVolume.enabled -}} +{{- if not .Values.pushgateway.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.pushgateway.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + accessModes: +{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} +{{- if .Values.pushgateway.persistentVolume.storageClass }} +{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }} + volumeBindingMode: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.pushgateway.persistentVolume.size }}" +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/service.yaml new file mode 100644 index 000000000..f05f17c42 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/service.yaml @@ -0,0 +1,41 @@ +{{- if .Values.pushgateway.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.pushgateway.service.annotations }} + annotations: +{{ toYaml .Values.pushgateway.service.annotations | indent 4}} +{{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} +{{- if .Values.pushgateway.service.labels }} +{{ toYaml .Values.pushgateway.service.labels | indent 4}} +{{- end }} + name: {{ template "prometheus.pushgateway.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: +{{- if .Values.pushgateway.service.clusterIP }} + clusterIP: {{ .Values.pushgateway.service.clusterIP }} +{{- end }} +{{- if .Values.pushgateway.service.externalIPs }} + externalIPs: +{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.pushgateway.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }} +{{- end }} +{{- if .Values.pushgateway.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.pushgateway.service.servicePort }} + protocol: TCP + targetPort: 9091 + selector: + {{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }} + type: "{{ .Values.pushgateway.service.type }}" +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/serviceaccount.yaml new file mode 100644 index 000000000..8c0b876f3 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.pushgateway" . }} +{{ include "prometheus.namespace" . | indent 2 }} + annotations: +{{ toYaml .Values.serviceAccounts.pushgateway.annotations | indent 4 }} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/vpa.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/vpa.yaml new file mode 100644 index 000000000..0ac54f9fe --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/pushgateway/vpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.pushgateway.enabled -}} +{{- if .Values.pushgateway.verticalAutoscaler.enabled -}} +apiVersion: autoscaling.k8s.io/v1beta2 +kind: VerticalPodAutoscaler +metadata: + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }}-vpa +{{ include "prometheus.namespace" . | indent 2 }} +spec: + targetRef: + apiVersion: "apps/v1" + kind: Deployment + name: {{ template "prometheus.pushgateway.fullname" . }} + updatePolicy: + updateMode: {{ .Values.pushgateway.verticalAutoscaler.updateMode | default "Off" | quote }} + resourcePolicy: + containerPolicies: {{ .Values.pushgateway.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} +{{- end -}} {{/* if .Values.pushgateway.verticalAutoscaler.enabled */}} +{{- end -}} {{/* .Values.pushgateway.enabled */}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/clusterrole.yaml new file mode 100644 index 000000000..2520235ab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/clusterrole.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.useExistingClusterRoleName) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +rules: +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ template "prometheus.server.fullname" . }} +{{- end }} + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/clusterrolebinding.yaml new file mode 100644 index 000000000..5a79611ff --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.namespaces) (empty .Values.server.useExistingClusterRoleName) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.server" . }} +{{ include "prometheus.namespace" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus.server.fullname" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/cm.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/cm.yaml new file mode 100644 index 000000000..a0a813ae2 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/cm.yaml @@ -0,0 +1,85 @@ +{{- if .Values.server.enabled -}} +{{- if (empty .Values.server.configMapOverrideName) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +data: +{{- $root := . -}} +{{- range $key, $value := .Values.ruleFiles }} + {{ $key }}: {{- toYaml $value | indent 2 }} +{{- end }} +{{- range $key, $value := .Values.serverFiles }} + {{ $key }}: | +{{- if eq $key "prometheus.yml" }} + global: +{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} +{{- if $root.Values.server.remoteWrite }} + remote_write: +{{ $root.Values.server.remoteWrite | toYaml | indent 4 }} +{{- end }} +{{- if $root.Values.server.remoteRead }} + remote_read: +{{ $root.Values.server.remoteRead | toYaml | indent 4 }} +{{- end }} +{{- end }} +{{- if eq $key "alerts" }} +{{- if and (not (empty $value)) (empty $value.groups) }} + groups: +{{- range $ruleKey, $ruleValue := $value }} + - name: {{ $ruleKey -}}.rules + rules: +{{ $ruleValue | toYaml | trimSuffix "\n" | indent 6 }} +{{- end }} +{{- else }} +{{ toYaml $value | indent 4 }} +{{- end }} +{{- else }} +{{ toYaml $value | default "{}" | indent 4 }} +{{- end }} +{{- if eq $key "prometheus.yml" -}} +{{- if $root.Values.extraScrapeConfigs }} +{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }} +{{- end -}} +{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }} + alerting: +{{- if $root.Values.alertRelabelConfigs }} +{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} +{{- end }} + alertmanagers: +{{- if $root.Values.server.alertmanagers }} +{{ toYaml $root.Values.server.alertmanagers | indent 8 }} +{{- else }} + - kubernetes_sd_configs: + - role: pod + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if $root.Values.alertmanager.prefixURL }} + path_prefix: {{ $root.Values.alertmanager.prefixURL }} + {{- end }} + relabel_configs: + - source_labels: [__meta_kubernetes_namespace] + regex: {{ $root.Release.Namespace }} + action: keep + - source_labels: [__meta_kubernetes_pod_label_app] + regex: {{ template "prometheus.name" $root }} + action: keep + - source_labels: [__meta_kubernetes_pod_label_component] + regex: alertmanager + action: keep + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe] + regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }} + action: keep + - source_labels: [__meta_kubernetes_pod_container_port_number] + regex: "9093" + action: keep +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/deploy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/deploy.yaml new file mode 100644 index 000000000..9b7aee014 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/deploy.yaml @@ -0,0 +1,316 @@ +{{- if .Values.server.enabled -}} +{{- if not .Values.server.statefulSet.enabled -}} +apiVersion: {{ template "prometheus.deployment.apiVersion" . }} +kind: Deployment +metadata: +{{- if .Values.server.deploymentAnnotations }} + annotations: + {{ toYaml .Values.server.deploymentAnnotations | nindent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + selector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + replicas: {{ .Values.server.replicaCount }} + {{- if .Values.server.strategy }} + strategy: +{{ toYaml .Values.server.strategy | trim | indent 4 }} + {{ if eq .Values.server.strategy.type "Recreate" }}rollingUpdate: null{{ end }} +{{- end }} + template: + metadata: + {{- if .Values.server.podAnnotations }} + annotations: + {{ toYaml .Values.server.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 8 }} + {{- if .Values.server.podLabels}} + {{ toYaml .Values.server.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.server.priorityClassName }} + priorityClassName: "{{ .Values.server.priorityClassName }}" +{{- end }} +{{- if .Values.server.schedulerName }} + schedulerName: "{{ .Values.server.schedulerName }}" +{{- end }} +{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.GitVersion }} + {{- if or (.Values.server.enableServiceLinks) (eq (.Values.server.enableServiceLinks | toString) "") }} + enableServiceLinks: true + {{- else }} + enableServiceLinks: false + {{- end }} +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} + {{- if .Values.server.extraInitContainers }} + initContainers: +{{ toYaml .Values.server.extraInitContainers | indent 8 }} + {{- end }} + containers: + {{- if .Values.configmapReload.prometheus.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + resources: +{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" + imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" + {{- if .Values.server.env }} + env: +{{ toYaml .Values.server.env | indent 12}} + {{- end }} + args: + {{- if .Values.server.defaultFlagsOverride }} + {{ toYaml .Values.server.defaultFlagsOverride | nindent 12}} + {{- else }} + {{- if .Values.server.retention }} + - --storage.tsdb.retention.time={{ .Values.server.retention }} + {{- end }} + - --config.file={{ .Values.server.configPath }} + {{- if .Values.server.storagePath }} + - --storage.tsdb.path={{ .Values.server.storagePath }} + {{- else }} + - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} + {{- end }} + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + {{- range .Values.server.extraFlags }} + - --{{ . }} + {{- end }} + {{- range $key, $value := .Values.server.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.server.prefixURL }} + - --web.route-prefix={{ .Values.server.prefixURL }} + {{- end }} + {{- if .Values.server.baseURL }} + - --web.external-url={{ .Values.server.baseURL }} + {{- end }} + {{- end }} + ports: + - containerPort: 9090 + {{- if .Values.server.hostPort }} + hostPort: {{ .Values.server.hostPort }} + {{- end }} + readinessProbe: + {{- if not .Values.server.tcpSocketProbeEnabled }} + httpGet: + path: {{ .Values.server.prefixURL }}/-/ready + port: 9090 + scheme: {{ .Values.server.probeScheme }} + {{- if .Values.server.probeHeaders }} + httpHeaders: + {{- range .Values.server.probeHeaders}} + - name: {{ .name }} + value: {{ .value }} + {{- end }} + {{- end }} + {{- else }} + tcpSocket: + port: 9090 + {{- end }} + initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} + periodSeconds: {{ .Values.server.readinessProbePeriodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} + failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }} + successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }} + livenessProbe: + {{- if not .Values.server.tcpSocketProbeEnabled }} + httpGet: + path: {{ .Values.server.prefixURL }}/-/healthy + port: 9090 + scheme: {{ .Values.server.probeScheme }} + {{- if .Values.server.probeHeaders }} + httpHeaders: + {{- range .Values.server.probeHeaders}} + - name: {{ .name }} + value: {{ .value }} + {{- end }} + {{- end }} + {{- else }} + tcpSocket: + port: 9090 + {{- end }} + initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} + periodSeconds: {{ .Values.server.livenessProbePeriodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} + failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }} + successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }} + {{- if .Values.server.startupProbe.enabled }} + startupProbe: + {{- if not .Values.server.tcpSocketProbeEnabled }} + httpGet: + path: {{ .Values.server.prefixURL }}/-/healthy + port: 9090 + scheme: {{ .Values.server.probeScheme }} + {{- if .Values.server.probeHeaders }} + httpHeaders: + {{- range .Values.server.probeHeaders}} + - name: {{ .name }} + value: {{ .value }} + {{- end }} + {{- end }} + {{- else }} + tcpSocket: + port: 9090 + {{- end }} + failureThreshold: {{ .Values.server.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.server.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.startupProbe.timeoutSeconds }} + {{- end }} + resources: +{{ toYaml .Values.server.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: {{ .Values.server.persistentVolume.mountPath }} + subPath: "{{ .Values.server.persistentVolume.subPath }}" + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.server.extraVolumeMounts }} + {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.server.sidecarContainers }} + {{- range $name, $spec := .Values.server.sidecarContainers }} + - name: {{ $name }} + {{- if kindIs "string" $spec }} + {{- tpl $spec $ | nindent 10 }} + {{- else }} + {{- toYaml $spec | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + hostNetwork: {{ .Values.server.hostNetwork }} + {{- if .Values.server.dnsPolicy }} + dnsPolicy: {{ .Values.server.dnsPolicy }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{ toYaml .Values.server.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.server.hostAliases }} + hostAliases: +{{ toYaml .Values.server.hostAliases | indent 8 }} + {{- end }} + {{- if .Values.server.dnsConfig }} + dnsConfig: +{{ toYaml .Values.server.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.server.securityContext }} + securityContext: +{{ toYaml .Values.server.securityContext | indent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{ toYaml .Values.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{ toYaml .Values.server.affinity | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + volumes: + - name: config-volume + {{- if empty .Values.server.configFromSecret }} + configMap: + name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- else }} + secret: + secretName: {{ .Values.server.configFromSecret }} + {{- end }} + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- with .optional }} + optional: {{ . }} + {{- end }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- with .optional }} + optional: {{ . }} + {{- end }} + {{- end }} +{{- if .Values.server.extraVolumes }} +{{ toYaml .Values.server.extraVolumes | indent 8}} +{{- end }} + - name: storage-volume + {{- if .Values.server.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- else }} + emptyDir: + {{- if .Values.server.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/headless-svc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/headless-svc.yaml new file mode 100644 index 000000000..d519f4e0e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/headless-svc.yaml @@ -0,0 +1,37 @@ +{{- if .Values.server.enabled -}} +{{- if .Values.server.statefulSet.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.server.statefulSet.headless.annotations }} + annotations: +{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- if .Values.server.statefulSet.headless.labels }} +{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }}-headless +{{ include "prometheus.namespace" . | indent 2 }} +spec: + clusterIP: None + ports: + - name: http + port: {{ .Values.server.statefulSet.headless.servicePort }} + protocol: TCP + targetPort: 9090 + {{- if .Values.server.statefulSet.headless.gRPC.enabled }} + - name: grpc + port: {{ .Values.server.statefulSet.headless.gRPC.servicePort }} + protocol: TCP + targetPort: 10901 + {{- if .Values.server.statefulSet.headless.gRPC.nodePort }} + nodePort: {{ .Values.server.statefulSet.headless.gRPC.nodePort }} + {{- end }} + {{- end }} + + selector: + {{- include "prometheus.server.matchLabels" . | nindent 4 }} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/ingress.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/ingress.yaml new file mode 100644 index 000000000..000f39cab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.server.enabled -}} +{{- if .Values.server.ingress.enabled -}} +{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}} +{{- $releaseName := .Release.Name -}} +{{- $serviceName := include "prometheus.server.fullname" . }} +{{- $servicePort := .Values.server.service.servicePort -}} +{{- $ingressPath := .Values.server.ingress.path -}} +{{- $ingressPathType := .Values.server.ingress.pathType -}} +{{- $extraPaths := .Values.server.ingress.extraPaths -}} +apiVersion: {{ template "ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: +{{ toYaml .Values.server.ingress.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- range $key, $value := .Values.server.ingress.extraLabels }} + {{ $key }}: {{ $value }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + {{- if and $ingressSupportsIngressClassName .Values.server.ingress.ingressClassName }} + ingressClassName: {{ .Values.server.ingress.ingressClassName }} + {{- end }} + rules: + {{- range .Values.server.ingress.hosts }} + {{- $url := splitList "/" . }} + - host: {{ first $url }} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $ingressApiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} +{{- if .Values.server.ingress.tls }} + tls: +{{ toYaml .Values.server.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/netpol.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/netpol.yaml new file mode 100644 index 000000000..c8870e9ff --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/netpol.yaml @@ -0,0 +1,18 @@ +{{- if .Values.server.enabled -}} +{{- if .Values.networkPolicy.enabled }} +apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + ingress: + - ports: + - port: 9090 +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/pdb.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/pdb.yaml new file mode 100644 index 000000000..364cb5b49 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/pdb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.server.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + {{- include "prometheus.server.labels" . | nindent 6 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/psp.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/psp.yaml new file mode 100644 index 000000000..e2b885f16 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/psp.yaml @@ -0,0 +1,51 @@ +{{- if and .Values.server.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus.server.fullname" . }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + annotations: +{{- if .Values.server.podSecurityPolicy.annotations }} +{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + allowedCapabilities: + - 'CHOWN' + volumes: + - 'configMap' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: /etc + readOnly: true + - pathPrefix: {{ .Values.server.persistentVolume.mountPath }} + {{- range .Values.server.extraHostPathMounts }} + - pathPrefix: {{ .hostPath }} + readOnly: {{ .readOnly }} + {{- end }} + hostNetwork: false + hostPID: false + hostIPC: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/pvc.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/pvc.yaml new file mode 100644 index 000000000..a7355365c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/pvc.yaml @@ -0,0 +1,39 @@ +{{- if .Values.server.enabled -}} +{{- if not .Values.server.statefulSet.enabled -}} +{{- if .Values.server.persistentVolume.enabled -}} +{{- if not .Values.server.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.server.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + accessModes: +{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} +{{- if .Values.server.persistentVolume.storageClass }} +{{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.server.persistentVolume.volumeBindingMode }} + volumeBindingMode: "{{ .Values.server.persistentVolume.volumeBindingMode }}" +{{- end }} + resources: + requests: + storage: "{{ .Values.server.persistentVolume.size }}" +{{- if .Values.server.persistentVolume.selector }} + selector: + {{- toYaml .Values.server.persistentVolume.selector | nindent 4 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/rolebinding.yaml new file mode 100644 index 000000000..93ce3ee13 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.server.enabled .Values.rbac.create .Values.server.useExistingClusterRoleName .Values.server.namespaces -}} +{{ range $.Values.server.namespaces -}} +--- +apiVersion: {{ template "rbac.apiVersion" $ }} +kind: RoleBinding +metadata: + labels: + {{- include "prometheus.server.labels" $ | nindent 4 }} + name: {{ template "prometheus.server.fullname" $ }} + namespace: {{ . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName.server" $ }} +{{ include "prometheus.namespace" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $.Values.server.useExistingClusterRoleName }} +{{ end -}} +{{ end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/service.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/service.yaml new file mode 100644 index 000000000..68f988927 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/service.yaml @@ -0,0 +1,60 @@ +{{- if .Values.server.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.server.service.annotations }} + annotations: +{{ toYaml .Values.server.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} +{{- if .Values.server.service.labels }} +{{ toYaml .Values.server.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: +{{- if .Values.server.service.clusterIP }} + clusterIP: {{ .Values.server.service.clusterIP }} +{{- end }} +{{- if .Values.server.service.externalIPs }} + externalIPs: +{{ toYaml .Values.server.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} +{{- end }} +{{- if .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.server.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: http + port: {{ .Values.server.service.servicePort }} + protocol: TCP + targetPort: 9090 + {{- if .Values.server.service.nodePort }} + nodePort: {{ .Values.server.service.nodePort }} + {{- end }} + {{- if .Values.server.service.gRPC.enabled }} + - name: grpc + port: {{ .Values.server.service.gRPC.servicePort }} + protocol: TCP + targetPort: 10901 + {{- if .Values.server.service.gRPC.nodePort }} + nodePort: {{ .Values.server.service.gRPC.nodePort }} + {{- end }} + {{- end }} + selector: + {{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }} + statefulset.kubernetes.io/pod-name: {{ template "prometheus.server.fullname" . }}-{{ .Values.server.service.statefulsetReplica.replica }} + {{- else -}} + {{- include "prometheus.server.matchLabels" . | nindent 4 }} +{{- if .Values.server.service.sessionAffinity }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} +{{- end }} + {{- end }} + type: "{{ .Values.server.service.type }}" +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/serviceaccount.yaml new file mode 100644 index 000000000..9c0502ab7 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.server.enabled -}} +{{- if .Values.serviceAccounts.server.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.serviceAccountName.server" . }} +{{ include "prometheus.namespace" . | indent 2 }} + annotations: +{{ toYaml .Values.serviceAccounts.server.annotations | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/sts.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/sts.yaml new file mode 100644 index 000000000..0bc3ff7fc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/sts.yaml @@ -0,0 +1,298 @@ +{{- if .Values.server.enabled -}} +{{- if .Values.server.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: +{{- if .Values.server.statefulSet.annotations }} + annotations: + {{ toYaml .Values.server.statefulSet.annotations | nindent 4 }} +{{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + {{- if .Values.server.statefulSet.labels}} + {{ toYaml .Values.server.statefulSet.labels | nindent 4 }} + {{- end}} + name: {{ template "prometheus.server.fullname" . }} +{{ include "prometheus.namespace" . | indent 2 }} +spec: + serviceName: {{ template "prometheus.server.fullname" . }}-headless + selector: + matchLabels: + {{- include "prometheus.server.matchLabels" . | nindent 6 }} + replicas: {{ .Values.server.replicaCount }} + podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }} + template: + metadata: + {{- if .Values.server.podAnnotations }} + annotations: + {{ toYaml .Values.server.podAnnotations | nindent 8 }} + {{- end }} + labels: + {{- include "prometheus.server.labels" . | nindent 8 }} + {{- if .Values.server.podLabels}} + {{ toYaml .Values.server.podLabels | nindent 8 }} + {{- end}} + spec: +{{- if .Values.server.priorityClassName }} + priorityClassName: "{{ .Values.server.priorityClassName }}" +{{- end }} +{{- if .Values.server.schedulerName }} + schedulerName: "{{ .Values.server.schedulerName }}" +{{- end }} +{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.GitVersion }} + {{- if or (.Values.server.enableServiceLinks) (eq (.Values.server.enableServiceLinks | toString) "") }} + enableServiceLinks: true + {{- else }} + enableServiceLinks: false + {{- end }} +{{- end }} + serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }} + {{- if .Values.server.extraInitContainers }} + initContainers: +{{ toYaml .Values.server.extraInitContainers | indent 8 }} + {{- end }} + containers: + {{- if .Values.configmapReload.prometheus.enabled }} + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }} + image: "{{ .Values.configmapReload.prometheus.image.repository }}:{{ .Values.configmapReload.prometheus.image.tag }}" + imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}" + args: + - --volume-dir=/etc/config + - --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload + {{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraVolumeDirs }} + - --volume-dir={{ . }} + {{- end }} + resources: +{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- end }} + + - name: {{ template "prometheus.name" . }}-{{ .Values.server.name }} + image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}" + imagePullPolicy: "{{ .Values.server.image.pullPolicy }}" + {{- if .Values.server.env }} + env: +{{ toYaml .Values.server.env | indent 12}} + {{- end }} + args: + {{- if .Values.server.defaultFlagsOverride }} + {{ toYaml .Values.server.defaultFlagsOverride | nindent 12}} + {{- else }} + {{- if .Values.server.prefixURL }} + - --web.route-prefix={{ .Values.server.prefixURL }} + {{- end }} + {{- if .Values.server.retention }} + - --storage.tsdb.retention.time={{ .Values.server.retention }} + {{- end }} + - --config.file={{ .Values.server.configPath }} + {{- if .Values.server.storagePath }} + - --storage.tsdb.path={{ .Values.server.storagePath }} + {{- else }} + - --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }} + {{- end }} + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + {{- range .Values.server.extraFlags }} + - --{{ . }} + {{- end }} + {{- range $key, $value := .Values.server.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + {{- if .Values.server.baseURL }} + - --web.external-url={{ .Values.server.baseURL }} + {{- end }} + {{- end }} + ports: + - containerPort: 9090 + {{- if .Values.server.hostPort }} + hostPort: {{ .Values.server.hostPort }} + {{- end }} + readinessProbe: + {{- if not .Values.server.tcpSocketProbeEnabled }} + httpGet: + path: {{ .Values.server.prefixURL }}/-/ready + port: 9090 + scheme: {{ .Values.server.probeScheme }} + {{- else }} + tcpSocket: + port: 9090 + {{- end }} + initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }} + periodSeconds: {{ .Values.server.readinessProbePeriodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbeTimeout }} + failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }} + successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }} + livenessProbe: + {{- if not .Values.server.tcpSocketProbeEnabled }} + httpGet: + path: {{ .Values.server.prefixURL }}/-/healthy + port: 9090 + scheme: {{ .Values.server.probeScheme }} + {{- else }} + tcpSocket: + port: 9090 + {{- end }} + initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }} + periodSeconds: {{ .Values.server.livenessProbePeriodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbeTimeout }} + failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }} + successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }} + resources: +{{ toYaml .Values.server.resources | indent 12 }} + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: {{ .Values.server.persistentVolume.mountPath }} + subPath: "{{ .Values.server.persistentVolume.subPath }}" + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.server.extraVolumeMounts }} + {{ toYaml .Values.server.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.server.sidecarContainers }} + {{- range $name, $spec := .Values.server.sidecarContainers }} + - name: {{ $name }} + {{- if kindIs "string" $spec }} + {{- tpl $spec $ | nindent 10 }} + {{- else }} + {{- toYaml $spec | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + hostNetwork: {{ .Values.server.hostNetwork }} + {{- if .Values.server.dnsPolicy }} + dnsPolicy: {{ .Values.server.dnsPolicy }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{ toYaml .Values.server.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.server.hostAliases }} + hostAliases: +{{ toYaml .Values.server.hostAliases | indent 8 }} + {{- end }} + {{- if .Values.server.dnsConfig }} + dnsConfig: +{{ toYaml .Values.server.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.server.securityContext }} + securityContext: +{{ toYaml .Values.server.securityContext | indent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{ toYaml .Values.server.tolerations | indent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{ toYaml .Values.server.affinity | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + volumes: + - name: config-volume + {{- if empty .Values.server.configFromSecret }} + configMap: + name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }} + {{- else }} + secret: + secretName: {{ .Values.server.configFromSecret }} + {{- end }} + {{- range .Values.server.extraHostPathMounts }} + - name: {{ .name }} + hostPath: + path: {{ .hostPath }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraConfigmapMounts }} + - name: {{ $.Values.server.name }}-{{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} + {{- range .Values.server.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + {{- with .optional }} + optional: {{ . }} + {{- end }} + {{- end }} + {{- range .Values.configmapReload.prometheus.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- with .optional }} + optional: {{ . }} + {{- end }} + {{- end }} +{{- if .Values.server.extraVolumes }} +{{ toYaml .Values.server.extraVolumes | indent 8}} +{{- end }} +{{- if .Values.server.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-volume + {{- if .Values.server.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }} + {{- end }} + spec: + accessModes: +{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }} + resources: + requests: + storage: "{{ .Values.server.persistentVolume.size }}" + {{- if .Values.server.persistentVolume.storageClass }} + {{- if (eq "-" .Values.server.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.server.persistentVolume.storageClass }}" + {{- end }} + {{- end }} +{{- else }} + - name: storage-volume + emptyDir: + {{- if .Values.server.emptyDir.sizeLimit }} + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + {} + {{- end -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/vpa.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/vpa.yaml new file mode 100644 index 000000000..981a9b485 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/templates/server/vpa.yaml @@ -0,0 +1,24 @@ +{{- if .Values.server.enabled -}} +{{- if .Values.server.verticalAutoscaler.enabled -}} +apiVersion: autoscaling.k8s.io/v1beta2 +kind: VerticalPodAutoscaler +metadata: + labels: + {{- include "prometheus.server.labels" . | nindent 4 }} + name: {{ template "prometheus.server.fullname" . }}-vpa +{{ include "prometheus.namespace" . | indent 2 }} +spec: + targetRef: + apiVersion: "apps/v1" +{{- if .Values.server.statefulSet.enabled }} + kind: StatefulSet +{{- else }} + kind: Deployment +{{- end }} + name: {{ template "prometheus.server.fullname" . }} + updatePolicy: + updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }} + resourcePolicy: + containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }} +{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}} +{{- end -}} {{/* .Values.server.enabled */}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/values.yaml new file mode 100644 index 000000000..eafb3e825 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/prometheus/values.yaml @@ -0,0 +1,1825 @@ +rbac: + create: true + +podSecurityPolicy: + enabled: false + +imagePullSecrets: +# - name: "image-pull-secret" + +## Define serviceAccount names for components. Defaults to component's fully qualified name. +## +serviceAccounts: + alertmanager: + create: true + name: + annotations: {} + nodeExporter: + create: true + name: + annotations: {} + pushgateway: + create: true + name: + annotations: {} + server: + create: true + name: + annotations: {} + +alertmanager: + ## If false, alertmanager will not be installed + ## + enabled: true + + ## Use a ClusterRole (and ClusterRoleBinding) + ## - If set to false - we define a Role and RoleBinding in the defined namespaces ONLY + ## This makes alertmanager work - for users who do not have ClusterAdmin privs, but wants alertmanager to operate on their own namespaces, instead of clusterwide. + useClusterRole: true + + ## Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. + useExistingRole: false + + ## alertmanager container name + ## + name: alertmanager + + ## alertmanager container image + ## + image: + repository: quay.io/prometheus/alertmanager + tag: v0.23.0 + pullPolicy: IfNotPresent + + ## alertmanager priorityClassName + ## + priorityClassName: "" + + ## Custom HTTP headers for Readiness Probe + ## + ## Useful for providing HTTP Basic Auth to healthchecks + probeHeaders: [] + + ## Additional alertmanager container arguments + ## + extraArgs: {} + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: [] + + ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug + ## so that the various internal URLs are still able to access as they are in the default case. + ## (Optional) + prefixURL: "" + + ## External URL which can access alertmanager + baseURL: "http://localhost:9093" + + ## Additional alertmanager container environment variable + ## For instance to add a http_proxy + ## + extraEnv: {} + + ## Additional alertmanager Secret mounts + # Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # subPath: "" + # secretName: alertmanager-secret-files + # readOnly: true + + ## Additional alertmanager Configmap mounts + extraConfigmapMounts: [] + # - name: template-files + # mountPath: /etc/config/templates.d + # configMap: alertmanager-template-files + # readOnly: true + + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}} + ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configMapOverrideName: "" + + ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config + ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configFromSecret: "" + + ## The configuration file name to be loaded to alertmanager + ## Must match the key within configuration loaded from ConfigMap/Secret + ## + configFileName: alertmanager.yml + + ingress: + ## If true, alertmanager Ingress will be created + ## + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + ## alertmanager Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## alertmanager Ingress additional labels + ## + extraLabels: {} + + ## alertmanager Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - alertmanager.domain.com + # - domain.com/alertmanager + + path: / + + # pathType is only for k8s >= 1.18 + pathType: Prefix + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## alertmanager Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-alerts-tls + # hosts: + # - alertmanager.domain.com + + ## Alertmanager Deployment Strategy type + # strategy: + # type: Recreate + + ## Node tolerations for alertmanager scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for alertmanager pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Pod affinity + ## + affinity: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + persistentVolume: + ## If true, alertmanager will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## alertmanager data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## alertmanager data Persistent Volume Claim annotations + ## + annotations: {} + + ## alertmanager data Persistent Volume existing claim name + ## Requires alertmanager.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## alertmanager data Persistent Volume mount root path + ## + mountPath: /data + + ## alertmanager data Persistent Volume size + ## + size: 2Gi + + ## alertmanager data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## alertmanager data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of alertmanager data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + ## Persistent Volume Claim Selector + ## Useful if Persistent Volumes have been provisioned in advance + ## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + ## + # selector: + # matchLabels: + # release: "stable" + # matchExpressions: + # - { key: environment, operator: In, values: [ dev ] } + + emptyDir: + ## alertmanager emptyDir volume size limit + ## + sizeLimit: "" + + ## Annotations to be added to alertmanager pods + ## + podAnnotations: {} + ## Tell prometheus to use a specific set of alertmanager pods + ## instead of all alertmanager pods found in the same namespace + ## Useful if you deploy multiple releases within the same namespace + ## + ## prometheus.io/probe: alertmanager-teamA + + ## Labels to be added to Prometheus AlertManager pods + ## + podLabels: {} + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) + ## + replicaCount: 1 + + ## Annotations to be added to deployment + ## + deploymentAnnotations: {} + + statefulSet: + ## If true, use a statefulset instead of a deployment for pod management. + ## This allows to scale replicas to more than 1 pod + ## + enabled: false + + annotations: {} + labels: {} + podManagementPolicy: OrderedReady + + ## Alertmanager headless service to use for the statefulset + ## + headless: + annotations: {} + labels: {} + + ## Enabling peer mesh service end points for enabling the HA alert manager + ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md + enableMeshPeer: false + + servicePort: 80 + + ## alertmanager resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + # Custom DNS configuration to be added to alertmanager pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + + ## Security context to be added to alertmanager pods + ## + securityContext: + runAsUser: 65534 + runAsNonRoot: true + runAsGroup: 65534 + fsGroup: 65534 + + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Enabling peer mesh service end points for enabling the HA alert manager + ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md + # enableMeshPeer : true + + ## List of IP addresses at which the alertmanager service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + # nodePort: 30000 + sessionAffinity: None + type: ClusterIP + + ## List of initial peers + ## Ref: https://github.com/prometheus/alertmanager/blob/main/README.md#high-availability + clusterPeers: [] + +## Monitors ConfigMap changes and POSTs to a URL +## Ref: https://github.com/jimmidyson/configmap-reload +## +configmapReload: + prometheus: + ## If false, the configmap-reload container will not be deployed + ## + enabled: true + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: jimmidyson/configmap-reload + tag: v0.5.0 + pullPolicy: IfNotPresent + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + alertmanager: + ## If false, the configmap-reload container will not be deployed + ## + enabled: true + + ## configmap-reload container name + ## + name: configmap-reload + + ## configmap-reload container image + ## + image: + repository: jimmidyson/configmap-reload + tag: v0.5.0 + pullPolicy: IfNotPresent + + ## Additional configmap-reload container arguments + ## + extraArgs: {} + ## Additional configmap-reload volume directories + ## + extraVolumeDirs: [] + + + ## Additional configmap-reload mounts + ## + extraConfigmapMounts: [] + # - name: prometheus-alerts + # mountPath: /etc/alerts.d + # subPath: "" + # configMap: prometheus-alerts + # readOnly: true + + + ## configmap-reload resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + +kubeStateMetrics: + ## If false, kube-state-metrics sub-chart will not be installed + ## + enabled: true + +## kube-state-metrics sub-chart configurable values +## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics +## +# kube-state-metrics: + +nodeExporter: + ## If false, node-exporter will not be installed + ## + enabled: true + + ## If true, node-exporter pods share the host network namespace + ## + hostNetwork: true + + ## If true, node-exporter pods share the host PID namespace + ## + hostPID: true + + ## If true, node-exporter pods mounts host / at /host/root + ## + hostRootfs: true + + ## node-exporter container name + ## + name: node-exporter + + ## node-exporter container image + ## + image: + repository: quay.io/prometheus/node-exporter + tag: v1.3.0 + pullPolicy: IfNotPresent + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## node-exporter priorityClassName + ## + priorityClassName: "" + + ## Custom Update Strategy + ## + updateStrategy: + type: RollingUpdate + + ## Additional node-exporter container arguments + ## + extraArgs: {} + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: [] + + ## Additional node-exporter hostPath mounts + ## + extraHostPathMounts: [] + # - name: textfile-dir + # mountPath: /srv/txt_collector + # hostPath: /var/lib/node-exporter + # readOnly: true + # mountPropagation: HostToContainer + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /prometheus + # configMap: certs-configmap + # readOnly: true + + ## Node tolerations for node-exporter scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for node-exporter pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to node-exporter pods + ## + podAnnotations: {} + + ## Labels to be added to node-exporter pods + ## + pod: + labels: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## node-exporter resource limits & requests + ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + + # Custom DNS configuration to be added to node-exporter pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + + ## Security context to be added to node-exporter pods + ## + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + + service: + annotations: + prometheus.io/scrape: "true" + labels: {} + + # Exposed as a headless service: + # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services + clusterIP: None + + ## List of IP addresses at which the node-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + hostPort: 9100 + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9100 + type: ClusterIP + +server: + ## Prometheus server container name + ## + enabled: true + + ## Use a ClusterRole (and ClusterRoleBinding) + ## - If set to false - we define a RoleBinding in the defined namespaces ONLY + ## + ## NB: because we need a Role with nonResourceURL's ("/metrics") - you must get someone with Cluster-admin privileges to define this role for you, before running with this setting enabled. + ## This makes prometheus work - for users who do not have ClusterAdmin privs, but wants prometheus to operate on their own namespaces, instead of clusterwide. + ## + ## You MUST also set namespaces to the ones you have access to and want monitored by Prometheus. + ## + # useExistingClusterRoleName: nameofclusterrole + + ## namespaces to monitor (instead of monitoring all - clusterwide). Needed if you want to run without Cluster-admin privileges. + # namespaces: + # - yournamespace + + name: server + + # sidecarContainers - add more containers to prometheus server + # Key/Value where Key is the sidecar `- name: ` + # Example: + # sidecarContainers: + # webserver: + # image: nginx + sidecarContainers: {} + + # sidecarTemplateValues - context to be used in template for sidecarContainers + # Example: + # sidecarTemplateValues: *your-custom-globals + # sidecarContainers: + # webserver: |- + # {{ include "webserver-container-template" . }} + # Template for `webserver-container-template` might looks like this: + # image: "{{ .Values.server.sidecarTemplateValues.repository }}:{{ .Values.server.sidecarTemplateValues.tag }}" + # ... + # + sidecarTemplateValues: {} + + ## Prometheus server container image + ## + image: + repository: quay.io/prometheus/prometheus + tag: v2.34.0 + pullPolicy: IfNotPresent + + ## prometheus server priorityClassName + ## + priorityClassName: "" + + ## EnableServiceLinks indicates whether information about services should be injected + ## into pod's environment variables, matching the syntax of Docker links. + ## WARNING: the field is unsupported and will be skipped in K8s prior to v1.13.0. + ## + enableServiceLinks: true + + ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug + ## so that the various internal URLs are still able to access as they are in the default case. + ## (Optional) + prefixURL: "" + + ## External URL which can access prometheus + ## Maybe same with Ingress host name + baseURL: "" + + ## Additional server container environment variables + ## + ## You specify this manually like you would a raw deployment manifest. + ## This means you can bind in environment variables from secrets. + ## + ## e.g. static environment variable: + ## - name: DEMO_GREETING + ## value: "Hello from the environment" + ## + ## e.g. secret environment variable: + ## - name: USERNAME + ## valueFrom: + ## secretKeyRef: + ## name: mysecret + ## key: username + env: [] + + # List of flags to override default parameters, e.g: + # - --enable-feature=agent + # - --storage.agent.retention.max-time=30m + defaultFlagsOverride: [] + + extraFlags: + - web.enable-lifecycle + ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as + ## deleting time series. This is disabled by default. + # - web.enable-admin-api + ## + ## storage.tsdb.no-lockfile flag controls BD locking + # - storage.tsdb.no-lockfile + ## + ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL) + # - storage.tsdb.wal-compression + + ## Path to a configuration file on prometheus server container FS + configPath: /etc/config/prometheus.yml + + ### The data directory used by prometheus to set --storage.tsdb.path + ### When empty server.persistentVolume.mountPath is used instead + storagePath: "" + + global: + ## How frequently to scrape targets by default + ## + scrape_interval: 1m + ## How long until a scrape request times out + ## + scrape_timeout: 10s + ## How frequently to evaluate rules + ## + evaluation_interval: 1m + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write + ## + remoteWrite: [] + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read + ## + remoteRead: [] + + ## Custom HTTP headers for Liveness/Readiness/Startup Probe + ## + ## Useful for providing HTTP Basic Auth to healthchecks + probeHeaders: [] + + ## Additional Prometheus server container arguments + ## + extraArgs: {} + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: [] + + ## Additional Prometheus server Volume mounts + ## + extraVolumeMounts: [] + + ## Additional Prometheus server Volumes + ## + extraVolumes: [] + + ## Additional Prometheus server hostPath mounts + ## + extraHostPathMounts: [] + # - name: certs-dir + # mountPath: /etc/kubernetes/certs + # subPath: "" + # hostPath: /etc/kubernetes/certs + # readOnly: true + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /prometheus + # subPath: "" + # configMap: certs-configmap + # readOnly: true + + ## Additional Prometheus server Secret mounts + # Defines additional mounts with secrets. Secrets must be manually created in the namespace. + extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # subPath: "" + # secretName: prom-secret-files + # readOnly: true + + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}} + ## Defining configMapOverrideName will cause templates/server-configmap.yaml + ## to NOT generate a ConfigMap resource + ## + configMapOverrideName: "" + + ingress: + ## If true, Prometheus server Ingress will be created + ## + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + ## Prometheus server Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## Prometheus server Ingress additional labels + ## + extraLabels: {} + + ## Prometheus server Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - prometheus.domain.com + # - domain.com/prometheus + + path: / + + # pathType is only for k8s >= 1.18 + pathType: Prefix + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## Prometheus server Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-server-tls + # hosts: + # - prometheus.domain.com + + ## Server Deployment Strategy type + # strategy: + # type: Recreate + + ## hostAliases allows adding entries to /etc/hosts inside the containers + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "example.com" + + ## Node tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for Prometheus server pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Pod affinity + ## + affinity: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + persistentVolume: + ## If true, Prometheus server will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## Prometheus server data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## Prometheus server data Persistent Volume annotations + ## + annotations: {} + + ## Prometheus server data Persistent Volume existing claim name + ## Requires server.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## Prometheus server data Persistent Volume mount root path + ## + mountPath: /data + + ## Prometheus server data Persistent Volume size + ## + size: 8Gi + + ## Prometheus server data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## Prometheus server data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of Prometheus server data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + ## Persistent Volume Claim Selector + ## Useful if Persistent Volumes have been provisioned in advance + ## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + ## + # selector: + # matchLabels: + # release: "stable" + # matchExpressions: + # - { key: environment, operator: In, values: [ dev ] } + + emptyDir: + ## Prometheus server emptyDir volume size limit + ## + sizeLimit: "" + + ## Annotations to be added to Prometheus server pods + ## + podAnnotations: {} + # iam.amazonaws.com/role: prometheus + + ## Labels to be added to Prometheus server pods + ## + podLabels: {} + + ## Prometheus AlertManager configuration + ## + alertmanagers: [] + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below) + ## + replicaCount: 1 + + ## Annotations to be added to deployment + ## + deploymentAnnotations: {} + + statefulSet: + ## If true, use a statefulset instead of a deployment for pod management. + ## This allows to scale replicas to more than 1 pod + ## + enabled: false + + annotations: {} + labels: {} + podManagementPolicy: OrderedReady + + ## Alertmanager headless service to use for the statefulset + ## + headless: + annotations: {} + labels: {} + servicePort: 80 + ## Enable gRPC port on service to allow auto discovery with thanos-querier + gRPC: + enabled: false + servicePort: 10901 + # nodePort: 10901 + + ## Prometheus server readiness and liveness probe initial delay and timeout + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + ## + tcpSocketProbeEnabled: false + probeScheme: HTTP + readinessProbeInitialDelay: 30 + readinessProbePeriodSeconds: 5 + readinessProbeTimeout: 4 + readinessProbeFailureThreshold: 3 + readinessProbeSuccessThreshold: 1 + livenessProbeInitialDelay: 30 + livenessProbePeriodSeconds: 15 + livenessProbeTimeout: 10 + livenessProbeFailureThreshold: 3 + livenessProbeSuccessThreshold: 1 + startupProbe: + enabled: false + periodSeconds: 5 + failureThreshold: 30 + timeoutSeconds: 10 + + ## Prometheus server resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 500m + # memory: 512Mi + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + # When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet + dnsPolicy: ClusterFirst + + # Use hostPort + # hostPort: 9090 + + ## Vertical Pod Autoscaler config + ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + verticalAutoscaler: + ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs) + enabled: false + # updateMode: "Auto" + # containerPolicies: + # - containerName: 'prometheus-server' + + # Custom DNS configuration to be added to prometheus server pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + ## Security context to be added to server pods + ## + securityContext: + runAsUser: 65534 + runAsNonRoot: true + runAsGroup: 65534 + fsGroup: 65534 + + service: + annotations: {} + labels: {} + clusterIP: "" + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 80 + sessionAffinity: None + type: ClusterIP + + ## Enable gRPC port on service to allow auto discovery with thanos-querier + gRPC: + enabled: false + servicePort: 10901 + # nodePort: 10901 + + ## If using a statefulSet (statefulSet.enabled=true), configure the + ## service to connect to a specific replica to have a consistent view + ## of the data. + statefulsetReplica: + enabled: false + replica: 0 + + ## Prometheus server pod termination grace period + ## + terminationGracePeriodSeconds: 300 + + ## Prometheus data retention period (default if not specified is 15 days) + ## + retention: "15d" + +pushgateway: + ## If false, pushgateway will not be installed + ## + enabled: true + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + ## pushgateway container name + ## + name: pushgateway + + ## pushgateway container image + ## + image: + repository: prom/pushgateway + tag: v1.4.2 + pullPolicy: IfNotPresent + + ## pushgateway priorityClassName + ## + priorityClassName: "" + + ## Additional pushgateway container arguments + ## + ## for example: persistence.file: /data/pushgateway.data + extraArgs: {} + + ## Additional InitContainers to initialize the pod + ## + extraInitContainers: [] + + ingress: + ## If true, pushgateway Ingress will be created + ## + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + ## pushgateway Ingress annotations + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: 'true' + + ## pushgateway Ingress hostnames with optional path + ## Must be provided if Ingress is enabled + ## + hosts: [] + # - pushgateway.domain.com + # - domain.com/pushgateway + + path: / + + # pathType is only for k8s >= 1.18 + pathType: Prefix + + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + + ## pushgateway Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-alerts-tls + # hosts: + # - pushgateway.domain.com + + ## Node tolerations for pushgateway scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal|Exists" + # value: "value" + # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)" + + ## Node labels for pushgateway pod assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Annotations to be added to pushgateway pods + ## + podAnnotations: {} + + ## Labels to be added to pushgateway pods + ## + podLabels: {} + + ## Specify if a Pod Security Policy for node-exporter must be created + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + ## + podSecurityPolicy: + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + replicaCount: 1 + + ## Annotations to be added to deployment + ## + deploymentAnnotations: {} + + ## PodDisruptionBudget settings + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ + ## + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + + ## pushgateway resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## Vertical Pod Autoscaler config + ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + verticalAutoscaler: + ## If true a VPA object will be created for the controller + enabled: false + # updateMode: "Auto" + # containerPolicies: + # - containerName: 'prometheus-pushgateway' + + # Custom DNS configuration to be added to push-gateway pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + + ## Security context to be added to push-gateway pods + ## + securityContext: + runAsUser: 65534 + runAsNonRoot: true + + service: + annotations: + prometheus.io/probe: pushgateway + labels: {} + clusterIP: "" + + ## List of IP addresses at which the pushgateway service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + servicePort: 9091 + type: ClusterIP + + ## pushgateway Deployment Strategy type + # strategy: + # type: Recreate + + persistentVolume: + ## If true, pushgateway will create/use a Persistent Volume Claim + ## + enabled: false + + ## pushgateway data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## pushgateway data Persistent Volume Claim annotations + ## + annotations: {} + + ## pushgateway data Persistent Volume existing claim name + ## Requires pushgateway.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## pushgateway data Persistent Volume mount root path + ## + mountPath: /data + + ## pushgateway data Persistent Volume size + ## + size: 2Gi + + ## pushgateway data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## pushgateway data Persistent Volume Binding Mode + ## If defined, volumeBindingMode: + ## If undefined (the default) or set to null, no volumeBindingMode spec is + ## set, choosing the default mode. + ## + # volumeBindingMode: "" + + ## Subdirectory of pushgateway data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + +## alertmanager ConfigMap entries +## +alertmanagerFiles: + alertmanager.yml: + global: {} + # slack_api_url: '' + + receivers: + - name: default-receiver + # slack_configs: + # - channel: '@you' + # send_resolved: true + + route: + group_wait: 10s + group_interval: 5m + receiver: default-receiver + repeat_interval: 3h + +## Prometheus server ConfigMap entries for rule files (allow prometheus labels interpolation) +ruleFiles: {} + +## Prometheus server ConfigMap entries +## +serverFiles: + + ## Alerts configuration + ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ + alerting_rules.yml: {} + # groups: + # - name: Instances + # rules: + # - alert: InstanceDown + # expr: up == 0 + # for: 5m + # labels: + # severity: page + # annotations: + # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.' + # summary: 'Instance {{ $labels.instance }} down' + ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml + alerts: {} + + ## Records configuration + ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/ + recording_rules.yml: {} + ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml + rules: {} + + prometheus.yml: + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + ## Below two files are DEPRECATED will be removed from this default values file + - /etc/config/rules + - /etc/config/alerts + + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + + # A scrape configuration for running Prometheus on a Kubernetes cluster. + # This uses separate scrape configs for cluster components (i.e. API server, node) + # and services to allow each to use different authentication configs. + # + # Kubernetes labels will be added as Prometheus labels on metrics via the + # `labelmap` relabeling action. + + # Scrape config for API servers. + # + # Kubernetes exposes API servers as endpoints to the default/kubernetes + # service so this uses `endpoints` role and uses relabelling to only keep + # the endpoints associated with the default/kubernetes service using the + # default named port `https`. This works for single API server deployments as + # well as HA API server deployments. + - job_name: 'kubernetes-apiservers' + + kubernetes_sd_configs: + - role: endpoints + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + # Keep only the default/kubernetes service endpoints for the https port. This + # will add targets for each API server which Kubernetes adds an endpoint to + # the default/kubernetes service. + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: default;kubernetes;https + + - job_name: 'kubernetes-nodes' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics + + + - job_name: 'kubernetes-nodes-cadvisor' + + # Default to scraping over https. If required, just disable this or change to + # `http`. + scheme: https + + # This TLS & bearer token file config is used to connect to the actual scrape + # endpoints for cluster components. This is separate to discovery auth + # configuration because discovery & scraping are two separate concerns in + # Prometheus. The discovery auth config is automatic if Prometheus runs inside + # the cluster. Otherwise, more config options have to be provided within the + # . + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + # If your node certificates are self-signed or use a different CA to the + # master CA, then disable certificate verification below. Note that + # certificate verification is an integral part of a secure infrastructure + # so this should only be disabled in a controlled environment. You can + # disable certificate verification by uncommenting the line below. + # + insecure_skip_verify: true + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + + kubernetes_sd_configs: + - role: node + + # This configuration will work only on kubelet 1.7.3+ + # As the scrape endpoints for cAdvisor have changed + # if you are using older version you need to change the replacement to + # replacement: /api/v1/nodes/$1:4194/proxy/metrics + # more info here https://github.com/coreos/prometheus-operator/issues/633 + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + + # Scrape config for service endpoints. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape`: Only scrape services that have a value of + # `true`, except if `prometheus.io/scrape-slow` is set to `true` as well. + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + # * `prometheus.io/param_`: If the metrics endpoint uses parameters + # then you can set any parameter + - job_name: 'kubernetes-service-endpoints' + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + # Scrape config for slow service endpoints; same as above, but with a larger + # timeout and a larger interval + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: If the metrics are exposed on a different port to the + # service then set this appropriately. + # * `prometheus.io/param_`: If the metrics endpoint uses parameters + # then you can set any parameter + - job_name: 'kubernetes-service-endpoints-slow' + + scrape_interval: 5m + scrape_timeout: 30s + + kubernetes_sd_configs: + - role: endpoints + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + - source_labels: [__meta_kubernetes_pod_node_name] + action: replace + target_label: node + + - job_name: 'prometheus-pushgateway' + honor_labels: true + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: pushgateway + + # Example scrape config for probing services via the Blackbox Exporter. + # + # The relabeling allows the actual service scrape endpoint to be configured + # via the following annotations: + # + # * `prometheus.io/probe`: Only probe services that have a value of `true` + - job_name: 'kubernetes-services' + + metrics_path: /probe + params: + module: [http_2xx] + + kubernetes_sd_configs: + - role: service + + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: service + + # Example scrape config for pods + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`, + # except if `prometheus.io/scrape-slow` is set to `true` as well. + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods' + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: drop + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + + # Example Scrape config for pods which should be scraped slower. An useful example + # would be stackriver-exporter which queries an API on every scrape of the pod + # + # The relabeling allows the actual pod scrape endpoint to be configured via the + # following annotations: + # + # * `prometheus.io/scrape-slow`: Only scrape pods that have a value of `true` + # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need + # to set this to `https` & most likely set the `tls_config` of the scrape config. + # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. + # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. + - job_name: 'kubernetes-pods-slow' + + scrape_interval: 5m + scrape_timeout: 30s + + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] + action: replace + regex: (https?) + target_label: __scheme__ + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod + - source_labels: [__meta_kubernetes_pod_phase] + regex: Pending|Succeeded|Failed|Completed + action: drop + +# adds additional scrape configs to prometheus.yml +# must be a string so you have to add a | after extraScrapeConfigs: +# example adds prometheus-blackbox-exporter scrape config +extraScrapeConfigs: + # - job_name: 'prometheus-blackbox-exporter' + # metrics_path: /probe + # params: + # module: [http_2xx] + # static_configs: + # - targets: + # - https://example.com + # relabel_configs: + # - source_labels: [__address__] + # target_label: __param_target + # - source_labels: [__param_target] + # target_label: instance + # - target_label: __address__ + # replacement: prometheus-blackbox-exporter:9115 + +# Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager +# useful in H/A prometheus with different external labels but the same alerts +alertRelabelConfigs: + # alert_relabel_configs: + # - source_labels: [dc] + # regex: (.+)\d+ + # target_label: dc + +networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + +# Force namespace of namespaced resources +forceNamespace: null diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/.helmignore b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/Chart.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/Chart.yaml new file mode 100644 index 000000000..756c1281a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +appVersion: 2.4.2 +description: Promtail is an agent which ships the contents of local logs to a Loki + instance +home: https://grafana.com/loki +icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png +maintainers: +- email: lokiproject@googlegroups.com + name: Loki Maintainers +- name: unguiculus +name: promtail +sources: +- https://github.com/grafana/loki +- https://grafana.com/oss/loki/ +- https://grafana.com/docs/loki/latest/ +type: application +version: 3.11.0 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/README.md b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/README.md new file mode 100644 index 000000000..4a68bd6ee --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/README.md @@ -0,0 +1,257 @@ +# promtail + +![Version: 3.11.0](https://img.shields.io/badge/Version-3.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.2](https://img.shields.io/badge/AppVersion-2.4.2-informational?style=flat-square) + +Promtail is an agent which ships the contents of local logs to a Loki instance + +## Source Code + +* +* +* + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add grafana https://grafana.github.io/helm-charts +``` + +## Upgrading + +A major chart version change indicates that there is an incompatible breaking change needing manual actions. + +### From Chart Versions < 3.0.0 + +#### Notable Changes + +* Helm 3 is required +* Labels have been updated to follow the official Kubernetes [label recommendations](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/) +* The default scrape configs have been updated to take new and old labels into consideration +* The config file must be specified as string which can be templated. + See below for details +* The config file is now stored in a Secret and no longer in a ConfigMap because it may contain sensitive data, such as basic auth credentials + +Due to the label changes, an existing installation cannot be upgraded without manual interaction. +There are basically two options: + +##### Option 1 + +Uninstall the old release and re-install the new one. +There will be no data loss. +Promtail will cleanly shut down and write the `positions.yaml`. +The new release which will pick up again from the existing `positions.yaml`. + +##### Option 2 + +* Add new selector labels to the existing pods: + + ``` + kubectl label pods -n -l app=promtail,release= app.kubernetes.io/name=promtail app.kubernetes.io/instance= + ``` + +* Perform a non-cascading deletion of the DaemonSet which will keep the pods running: + + ``` + kubectl delete daemonset -n -l app=promtail,release= --cascade=false + ``` + +* Perform a regular Helm upgrade on the existing release. + The new DaemonSet will pick up the existing pods and perform a rolling upgrade. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity configuration for pods | +| annotations | object | `{}` | Annotations for the DaemonSet | +| config | object | See `values.yaml` | Section for crafting Promtails config file. The only directly relevant value is `config.file` which is a templated string that references the other values and snippets below this key. | +| config.file | string | See `values.yaml` | Config file contents for Promtail. Must be configured as string. It is templated so it can be assembled from reusable snippets in order to avoid redundancy. | +| config.logLevel | string | `"info"` | The log level of the Promtail server Must be reference in `config.file` to configure `server.log_level` See default config in `values.yaml` | +| config.lokiAddress | string | `"http://loki-gateway/loki/api/v1/push"` | The Loki address to post logs to. Must be reference in `config.file` to configure `client.url`. See default config in `values.yaml` | +| config.serverPort | int | `3101` | The port of the Promtail server Must be reference in `config.file` to configure `server.http_listen_port` See default config in `values.yaml` | +| config.snippets | object | See `values.yaml` | A section of reusable snippets that can be reference in `config.file`. Custom snippets may be added in order to reduce redundancy. This is especially helpful when multiple `kubernetes_sd_configs` are use which usually have large parts in common. | +| config.snippets.extraClientConfigs | string | empty | You can put here any keys that will be directly added to the config file's 'client' block. | +| config.snippets.extraRelabelConfigs | list | `[]` | You can put here any additional relabel_configs to "kubernetes-pods" job | +| config.snippets.extraScrapeConfigs | string | empty | You can put here any additional scrape configs you want to add to the config file. | +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | The security context for containers | +| defaultVolumeMounts | list | See `values.yaml` | Default volume mounts. Corresponds to `volumes`. | +| defaultVolumes | list | See `values.yaml` | Default volumes that are mounted into pods. In most cases, these should not be changed. Use `extraVolumes`/`extraVolumeMounts` for additional custom volumes. | +| extraArgs | list | `[]` | | +| extraEnv | list | `[]` | Extra environment variables | +| extraEnvFrom | list | `[]` | Extra environment variables from secrets or configmaps | +| extraObjects | list | `[]` | Extra K8s manifests to deploy | +| extraPorts | object | `{}` | Configure additional ports and services. For each configured port, a corresponding service is created. See values.yaml for details | +| extraVolumeMounts | list | `[]` | | +| extraVolumes | list | `[]` | | +| fullnameOverride | string | `nil` | Overrides the chart's computed fullname | +| image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| image.registry | string | `"docker.io"` | The Docker registry | +| image.repository | string | `"grafana/promtail"` | Docker image repository | +| image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | +| imagePullSecrets | list | `[]` | Image pull secrets for Docker images | +| initContainer.enabled | bool | `false` | Specifies whether the init container for setting inotify max user instances is to be enabled | +| initContainer.fsInotifyMaxUserInstances | int | `128` | The inotify max user instances to configure | +| initContainer.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy for the init container image | +| initContainer.image.registry | string | `"docker.io"` | The Docker registry for the init container | +| initContainer.image.repository | string | `"busybox"` | Docker image repository for the init container | +| initContainer.image.tag | float | `1.33` | Docker tag for the init container | +| livenessProbe | object | `{}` | Liveness probe | +| nameOverride | string | `nil` | Overrides the chart's name | +| networkPolicy.enabled | bool | `false` | Specifies whether Network Policies should be created | +| networkPolicy.k8sApi.cidrs | list | `[]` | Specifies specific network CIDRs you want to limit access to | +| networkPolicy.k8sApi.port | int | `8443` | Specify the k8s API endpoint port | +| networkPolicy.metrics.cidrs | list | `[]` | Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes. | +| networkPolicy.metrics.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the metrics port | +| networkPolicy.metrics.podSelector | object | `{}` | Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also neeed the namespaceSelector. | +| nodeSelector | object | `{}` | Node selector for pods | +| podAnnotations | object | `{}` | Pod annotations | +| podLabels | object | `{}` | Pod labels | +| podSecurityContext | object | `{"runAsGroup":0,"runAsUser":0}` | The security context for pods | +| podSecurityPolicy | object | See `values.yaml` | PodSecurityPolicy configuration. | +| priorityClassName | string | `nil` | The name of the PriorityClass | +| rbac.create | bool | `true` | Specifies whether RBAC resources are to be created | +| rbac.pspEnabled | bool | `false` | Specifies whether a PodSecurityPolicy is to be created | +| readinessProbe | object | See `values.yaml` | Readiness probe | +| resources | object | `{}` | Resource requests and limits | +| serviceAccount.annotations | object | `{}` | Annotations for the service account | +| serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | +| serviceAccount.imagePullSecrets | list | `[]` | Image pull secrets for the service account | +| serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. If not set and `create` is true, a name is generated using the fullname template | +| serviceMonitor.annotations | object | `{}` | ServiceMonitor annotations | +| serviceMonitor.enabled | bool | `false` | If enabled, ServiceMonitor resources for Prometheus Operator are created | +| serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval | +| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources | +| serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources | +| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig | +| serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | +| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"}]` | Tolerations for pods. By default, pods will be scheduled on master/control-plane nodes. | +| updateStrategy | object | `{}` | The update strategy for the DaemonSet | + +## Configuration + +The config file for Promtail must be configured as string. +This is necessary because the contents are passed through the `tpl` function. +With this, the file can be templated and assembled from reusable YAML snippets. +It is common to have multiple `kubernetes_sd_configs` that, in turn, usually need the same `pipeline_stages`. +Thus, extracting reusable snippets helps reduce redundancy and avoid copy/paste errors. +See `values.yaml´ for details. +Also, the following examples make use of this feature. + +For additional reference, please refer to Promtail's docs: + +https://grafana.com/docs/loki/latest/clients/promtail/configuration/ + +### Syslog Support + +```yaml +extraPorts: + syslog: + name: tcp-syslog + containerPort: 1514 + service: + port: 80 + type: LoadBalancer + externalTrafficPolicy: Local + loadBalancerIP: 123.234.123.234 + +config: + snippets: + extraScrapeConfigs: | + # Add an additional scrape config for syslog + - job_name: syslog + syslog: + listen_address: 0.0.0.0:{{ .Values.extraPorts.syslog.containerPort }} + labels: + job: syslog + relabel_configs: + - source_labels: + - __syslog_message_hostname + target_label: host +``` + +### Journald Support + +```yaml +config: + snippets: + extraScrapeConfigs: | + # Add an additional scrape config for syslog + - job_name: journal + journal: + path: /var/log/journal + max_age: 12h + labels: + job: systemd-journal + relabel_configs: + - source_labels: + - '__journal__systemd_unit' + target_label: 'unit' + - source_labels: + - '__journal__hostname' + target_label: 'hostname' + +# Mount journal directory into promtail pods +extraVolumes: + - name: journal + hostPath: + path: /var/log/journal + +extraVolumeMounts: + - name: journal + mountPath: /var/log/journal + readOnly: true +``` + +### Push API Support + +``` +extraPorts: + httpPush: + name: http-push + containerPort: 3500 + grpcPush: + name: grpc-push + containerPort: 3600 + +config: + file: | + server: + log_level: {{ .Values.config.logLevel }} + http_listen_port: {{ .Values.config.serverPort }} + + client: + url: {{ .Values.config.lokiAddress }} + + positions: + filename: /run/promtail/positions.yaml + + scrape_configs: + {{- tpl .Values.config.snippets.scrapeConfigs . | nindent 2 }} + + - job_name: push1 + loki_push_api: + server: + http_listen_port: {{ .Values.extraPorts.httpPush.containerPort }} + grpc_listen_port: {{ .Values.extraPorts.grpcPush.containerPort }} + labels: + pushserver: push1 +``` + +### Extra client config options + +If you want to add additional options to the `client` section of promtail's config, please use +the `extraClientConfigs` section. For example, to enable HTTP basic auth and include OrgID +header, you can use: + +```yaml +config: + snippets: + extraClientConfigs: | + basic_auth: + username: loki + password: secret + tenant_id: 1 +``` diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/README.md.gotmpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/README.md.gotmpl new file mode 100644 index 000000000..068ba93ab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/README.md.gotmpl @@ -0,0 +1,187 @@ +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add grafana https://grafana.github.io/helm-charts +``` + +## Upgrading + +A major chart version change indicates that there is an incompatible breaking change needing manual actions. + +### From Chart Versions < 3.0.0 + +#### Notable Changes + +* Helm 3 is required +* Labels have been updated to follow the official Kubernetes [label recommendations](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/) +* The default scrape configs have been updated to take new and old labels into consideration +* The config file must be specified as string which can be templated. + See below for details +* The config file is now stored in a Secret and no longer in a ConfigMap because it may contain sensitive data, such as basic auth credentials + +Due to the label changes, an existing installation cannot be upgraded without manual interaction. +There are basically two options: + +##### Option 1 + +Uninstall the old release and re-install the new one. +There will be no data loss. +Promtail will cleanly shut down and write the `positions.yaml`. +The new release which will pick up again from the existing `positions.yaml`. + +##### Option 2 + +* Add new selector labels to the existing pods: + + ``` + kubectl label pods -n -l app=promtail,release= app.kubernetes.io/name=promtail app.kubernetes.io/instance= + ``` + +* Perform a non-cascading deletion of the DaemonSet which will keep the pods running: + + ``` + kubectl delete daemonset -n -l app=promtail,release= --cascade=false + ``` + +* Perform a regular Helm upgrade on the existing release. + The new DaemonSet will pick up the existing pods and perform a rolling upgrade. + +{{ template "chart.valuesSection" . }} + +## Configuration + +The config file for Promtail must be configured as string. +This is necessary because the contents are passed through the `tpl` function. +With this, the file can be templated and assembled from reusable YAML snippets. +It is common to have multiple `kubernetes_sd_configs` that, in turn, usually need the same `pipeline_stages`. +Thus, extracting reusable snippets helps reduce redundancy and avoid copy/paste errors. +See `values.yaml´ for details. +Also, the following examples make use of this feature. + +For additional reference, please refer to Promtail's docs: + +https://grafana.com/docs/loki/latest/clients/promtail/configuration/ + +### Syslog Support + +```yaml +extraPorts: + syslog: + name: tcp-syslog + containerPort: 1514 + service: + port: 80 + type: LoadBalancer + externalTrafficPolicy: Local + loadBalancerIP: 123.234.123.234 + +config: + snippets: + extraScrapeConfigs: | + # Add an additional scrape config for syslog + - job_name: syslog + syslog: + listen_address: 0.0.0.0:{{"{{"}} .Values.extraPorts.syslog.containerPort {{"}}"}} + labels: + job: syslog + relabel_configs: + - source_labels: + - __syslog_message_hostname + target_label: host +``` + +### Journald Support + +```yaml +config: + snippets: + extraScrapeConfigs: | + # Add an additional scrape config for syslog + - job_name: journal + journal: + path: /var/log/journal + max_age: 12h + labels: + job: systemd-journal + relabel_configs: + - source_labels: + - '__journal__systemd_unit' + target_label: 'unit' + - source_labels: + - '__journal__hostname' + target_label: 'hostname' + +# Mount journal directory into promtail pods +extraVolumes: + - name: journal + hostPath: + path: /var/log/journal + +extraVolumeMounts: + - name: journal + mountPath: /var/log/journal + readOnly: true +``` + +### Push API Support + +``` +extraPorts: + httpPush: + name: http-push + containerPort: 3500 + grpcPush: + name: grpc-push + containerPort: 3600 + +config: + file: | + server: + log_level: {{"{{"}} .Values.config.logLevel {{"}}"}} + http_listen_port: {{"{{"}} .Values.config.serverPort {{"}}"}} + + client: + url: {{"{{"}} .Values.config.lokiAddress {{"}}"}} + + positions: + filename: /run/promtail/positions.yaml + + scrape_configs: + {{"{{"}}- tpl .Values.config.snippets.scrapeConfigs . | nindent 2 {{"}}"}} + + - job_name: push1 + loki_push_api: + server: + http_listen_port: {{"{{"}} .Values.extraPorts.httpPush.containerPort {{"}}"}} + grpc_listen_port: {{"{{"}} .Values.extraPorts.grpcPush.containerPort {{"}}"}} + labels: + pushserver: push1 +``` + +### Extra client config options + +If you want to add additional options to the `client` section of promtail's config, please use +the `extraClientConfigs` section. For example, to enable HTTP basic auth and include OrgID +header, you can use: + +```yaml +config: + snippets: + extraClientConfigs: | + basic_auth: + username: loki + password: secret + tenant_id: 1 +``` diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/default-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/default-values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/netpol-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/netpol-values.yaml new file mode 100644 index 000000000..70d31afb7 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/netpol-values.yaml @@ -0,0 +1,53 @@ +extraPorts: + syslog: + name: tcp-syslog + containerPort: 1514 + service: + port: 1234 + type: NodePort + httpPush: + name: http-push + containerPort: 3500 + grpcPush: + name: grpc-push + containerPort: 3600 + +config: + snippets: + extraScrapeConfigs: | + - job_name: syslog + syslog: + listen_address: 0.0.0.0:{{ .Values.extraPorts.syslog.containerPort }} + labels: + job: syslog + relabel_configs: + - source_labels: + - __syslog_message_hostname + target_label: host + + - job_name: push1 + loki_push_api: + server: + http_listen_port: {{ .Values.extraPorts.httpPush.containerPort }} + grpc_listen_port: {{ .Values.extraPorts.grpcPush.containerPort }} + labels: + pushserver: push1 + +networkPolicy: + # -- Specifies whether Network Policies should be created + enabled: true + metrics: + # -- Specifies the Pods which are allowed to access the metrics port. + # As this is cross-namespace communication, you also neeed the namespaceSelector. + podSelector: {} + # -- Specifies the namespaces which are allowed to access the metrics port + namespaceSelector: {} + # -- Specifies specific network CIDRs which are allowed to access the metrics port. + # In case you use namespaceSelector, you also have to specify your kubelet networks here. + # The metrics ports are also used for probes. + cidrs: [] + k8sApi: + # -- Specify the k8s API endpoint port + port: 8443 + # -- Specifies specific network CIDRs you want to limit access to + cidrs: [] diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/service-values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/service-values.yaml new file mode 100644 index 000000000..fd065c9b0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/ci/service-values.yaml @@ -0,0 +1,34 @@ +extraPorts: + syslog: + name: tcp-syslog + containerPort: 1514 + service: + port: 1234 + type: NodePort + httpPush: + name: http-push + containerPort: 3500 + grpcPush: + name: grpc-push + containerPort: 3600 + +config: + snippets: + extraScrapeConfigs: | + - job_name: syslog + syslog: + listen_address: 0.0.0.0:{{ .Values.extraPorts.syslog.containerPort }} + labels: + job: syslog + relabel_configs: + - source_labels: + - __syslog_message_hostname + target_label: host + + - job_name: push1 + loki_push_api: + server: + http_listen_port: {{ .Values.extraPorts.httpPush.containerPort }} + grpc_listen_port: {{ .Values.extraPorts.grpcPush.containerPort }} + labels: + pushserver: push1 diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/NOTES.txt new file mode 100644 index 000000000..df740448d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/NOTES.txt @@ -0,0 +1,10 @@ +*********************************************************************** + Welcome to Grafana Promtail + Chart version: {{ .Chart.Version }} + Promtail version: {{ .Values.image.tag | default .Chart.AppVersion }} +*********************************************************************** + +Verify the application is working by running these commands: + +* kubectl --namespace {{ .Release.Namespace }} port-forward daemonset/{{ include "promtail.fullname" . }} {{ .Values.config.serverPort }} +* curl http://127.0.0.1:{{ .Values.config.serverPort }}/metrics diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/_helpers.tpl new file mode 100644 index 000000000..36b2c5660 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/_helpers.tpl @@ -0,0 +1,80 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "promtail.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "promtail.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "promtail.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "promtail.labels" -}} +helm.sh/chart: {{ include "promtail.chart" . }} +{{ include "promtail.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "promtail.selectorLabels" -}} +app.kubernetes.io/name: {{ include "promtail.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account +*/}} +{{- define "promtail.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "promtail.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +The service name to connect to Loki. Defaults to the same logic as "loki.fullname" +*/}} +{{- define "loki.serviceName" -}} +{{- if .Values.loki.serviceName -}} +{{- .Values.loki.serviceName -}} +{{- else if .Values.loki.fullnameOverride -}} +{{- .Values.loki.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "loki" .Values.loki.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/clusterrole.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/clusterrole.yaml new file mode 100644 index 000000000..4702e60d0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/clusterrole.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "promtail.fullname" . }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - get + - watch + - list +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/clusterrolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..06054e3a5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "promtail.fullname" . }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "promtail.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "promtail.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/daemonset.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/daemonset.yaml new file mode 100644 index 000000000..f55c16221 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/daemonset.yaml @@ -0,0 +1,132 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "promtail.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "promtail.selectorLabels" . | nindent 6 }} + updateStrategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + template: + metadata: + labels: + {{- include "promtail.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "promtail.serviceAccountName" . }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + - name: init + image: "{{ .Values.initContainer.image.registry }}/{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + command: + - sh + - -c + - sysctl -w fs.inotify.max_user_instances={{ .Values.initContainer.fsInotifyMaxUserInstances }} + securityContext: + privileged: true + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: promtail + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "-config.file=/etc/promtail/promtail.yaml" + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /etc/promtail + - name: run + mountPath: /run/promtail + {{- with .Values.defaultVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.config.serverPort }} + protocol: TCP + {{- range $key, $values := .Values.extraPorts }} + - name: {{ .name | default $key }} + containerPort: {{ $values.containerPort }} + protocol: {{ $values.protocol | default "TCP" }} + {{- end }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + secret: + secretName: {{ include "promtail.fullname" . }} + - name: run + hostPath: + path: /run/promtail + {{- with .Values.defaultVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/extra-manifests.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/extra-manifests.yaml new file mode 100644 index 000000000..a9bb3b6ba --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/extra-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/networkpolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/networkpolicy.yaml new file mode 100644 index 000000000..103dcc139 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/networkpolicy.yaml @@ -0,0 +1,126 @@ +{{- if .Values.networkPolicy.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "promtail.name" . }}-namespace-only + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + egress: + - to: + - podSelector: {} + ingress: + - from: + - podSelector: {} + + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "promtail.name" . }}-egress-dns + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "promtail.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + - ports: + - port: 53 + protocol: UDP + to: + - namespaceSelector: {} + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "promtail.name" . }}-egress-k8s-api + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "promtail.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + - ports: + - port: {{ .Values.networkPolicy.k8sApi.port }} + protocol: TCP + {{- if len .Values.networkPolicy.k8sApi.cidrs }} + to: + {{- range $cidr := .Values.networkPolicy.k8sApi.cidrs }} + - ipBlock: + cidr: {{ $cidr }} + {{- end }} + {{- end }} + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "promtail.name" . }}-ingress-metrics + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "promtail.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + ingress: + - ports: + - port: http-metrics + protocol: TCP + {{- if len .Values.networkPolicy.metrics.cidrs }} + from: + {{- range $cidr := .Values.networkPolicy.metrics.cidrs }} + - ipBlock: + cidr: {{ $cidr }} + {{- end }} + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + {{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 12 }} + {{- if .Values.networkPolicy.metrics.podSelector }} + podSelector: + {{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + +{{- if .Values.extraPorts }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "promtail.name" . }}-egress-extra-ports + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "promtail.selectorLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + - ports: + {{- range $extraPortConfig := .Values.extraPorts }} + - port: {{ $extraPortConfig.containerPort }} + protocol: {{ $extraPortConfig.protocol }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/podsecuritypolicy.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..b8287cdcc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/podsecuritypolicy.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "promtail.fullname" . }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + {{- toYaml .Values.podSecurityPolicy | nindent 2 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/role.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/role.yaml new file mode 100644 index 000000000..02b4a1a1b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "promtail.fullname" . }}-psp + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ include "promtail.fullname" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/rolebinding.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/rolebinding.yaml new file mode 100644 index 000000000..1fdda9699 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "promtail.fullname" . }}-psp + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "promtail.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "promtail.serviceAccountName" . }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/secret.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/secret.yaml new file mode 100644 index 000000000..aa519d1cc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "promtail.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +stringData: + promtail.yaml: | + {{- tpl .Values.config.file . | nindent 4 }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/service-extra.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/service-extra.yaml new file mode 100644 index 000000000..1287d1f67 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/service-extra.yaml @@ -0,0 +1,52 @@ +{{- range $key, $values := .Values.extraPorts }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "promtail.fullname" $ }}-{{ $key | lower }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "promtail.labels" $ | nindent 4 }} + {{- with .labels }} + {{- toYaml $ | nindent 4 }} + {{- end }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with $values.service }} + type: {{ .type | default "ClusterIP" }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- with .externalIPs }} + externalIPs: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- end }} + ports: + - name: {{ .name | default $key }} + targetPort: {{ .name | default $key }} + protocol: TCP + {{- if $values.service }} + port: {{ $values.service.port | default $values.containerPort }} + {{- if $values.service.nodePort }} + nodePort: {{ $values.service.nodePort }} + {{- end }} + {{- else }} + port: {{ $values.containerPort }} + {{- end }} + selector: + {{- include "promtail.selectorLabels" $ | nindent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/service-metrics.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/service-metrics.yaml new file mode 100644 index 000000000..bc29a8121 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/service-metrics.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "promtail.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.config.serverPort }} + targetPort: http-metrics + protocol: TCP + selector: + {{- include "promtail.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/serviceaccount.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/serviceaccount.yaml new file mode 100644 index 000000000..d566aecab --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "promtail.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "promtail.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/servicemonitor.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/servicemonitor.yaml new file mode 100644 index 000000000..06235f49b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "promtail.fullname" $ }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + {{- with .Values.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "promtail.labels" $ | nindent 4 }} + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.serviceMonitor.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "promtail.selectorLabels" . | nindent 6 }} + endpoints: + - port: http-metrics + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/values.yaml new file mode 100644 index 000000000..c4c6a04cb --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/charts/promtail/values.yaml @@ -0,0 +1,387 @@ +# -- Overrides the chart's name +nameOverride: null + +# -- Overrides the chart's computed fullname +fullnameOverride: null + +initContainer: + # -- Specifies whether the init container for setting inotify max user instances is to be enabled + enabled: false + image: + # -- The Docker registry for the init container + registry: docker.io + # -- Docker image repository for the init container + repository: busybox + # -- Docker tag for the init container + tag: 1.33 + # -- Docker image pull policy for the init container image + pullPolicy: IfNotPresent + # -- The inotify max user instances to configure + fsInotifyMaxUserInstances: 128 + +image: + # -- The Docker registry + registry: docker.io + # -- Docker image repository + repository: grafana/promtail + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Docker image pull policy + pullPolicy: IfNotPresent + +# -- Image pull secrets for Docker images +imagePullSecrets: [] + +# -- Annotations for the DaemonSet +annotations: {} + +# -- The update strategy for the DaemonSet +updateStrategy: {} + +# -- Pod labels +podLabels: {} + +# -- Pod annotations +podAnnotations: {} +# prometheus.io/scrape: "true" +# prometheus.io/port: "http-metrics" + +# -- The name of the PriorityClass +priorityClassName: null + +# -- Liveness probe +livenessProbe: {} + +# -- Readiness probe +# @default -- See `values.yaml` +readinessProbe: + failureThreshold: 5 + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + +# -- Resource requests and limits +resources: {} +# limits: +# cpu: 200m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +# -- The security context for pods +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +# -- The security context for containers +containerSecurityContext: + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + +rbac: + # -- Specifies whether RBAC resources are to be created + create: true + # -- Specifies whether a PodSecurityPolicy is to be created + pspEnabled: false + +serviceAccount: + # -- Specifies whether a ServiceAccount should be created + create: true + # -- The name of the ServiceAccount to use. + # If not set and `create` is true, a name is generated using the fullname template + name: null + # -- Image pull secrets for the service account + imagePullSecrets: [] + # -- Annotations for the service account + annotations: {} + +# -- Node selector for pods +nodeSelector: {} + +# -- Affinity configuration for pods +affinity: {} + +# -- Tolerations for pods. By default, pods will be scheduled on master/control-plane nodes. +tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + +# -- Default volumes that are mounted into pods. In most cases, these should not be changed. +# Use `extraVolumes`/`extraVolumeMounts` for additional custom volumes. +# @default -- See `values.yaml` +defaultVolumes: + - name: containers + hostPath: + path: /var/lib/docker/containers + - name: pods + hostPath: + path: /var/log/pods + +# -- Default volume mounts. Corresponds to `volumes`. +# @default -- See `values.yaml` +defaultVolumeMounts: + - name: containers + mountPath: /var/lib/docker/containers + readOnly: true + - name: pods + mountPath: /var/log/pods + readOnly: true + +# Extra volumes to be added in addition to those specified under `defaultVolumes`. +extraVolumes: [] + +# Extra volume mounts together. Corresponds to `extraVolumes`. +extraVolumeMounts: [] + +# Extra args for the Promtail container. +extraArgs: [] +# -- Example: +# -- extraArgs: +# -- - -client.external-labels=hostname=$(HOSTNAME) + +# -- Extra environment variables +extraEnv: [] + +# -- Extra environment variables from secrets or configmaps +extraEnvFrom: [] + +# ServiceMonitor configuration +serviceMonitor: + # -- If enabled, ServiceMonitor resources for Prometheus Operator are created + enabled: false + # -- Alternative namespace for ServiceMonitor resources + namespace: null + # -- Namespace selector for ServiceMonitor resources + namespaceSelector: {} + # -- ServiceMonitor annotations + annotations: {} + # -- Additional ServiceMonitor labels + labels: {} + # -- ServiceMonitor scrape interval + interval: null + # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) + scrapeTimeout: null + # -- ServiceMonitor relabel configs to apply to samples before scraping + # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] + +# -- Configure additional ports and services. For each configured port, a corresponding service is created. +# See values.yaml for details +extraPorts: {} +# syslog: +# name: tcp-syslog +# containerPort: 1514 +# protocol: TCP +# service: +# type: ClusterIP +# clusterIP: null +# port: 1514 +# externalIPs: [] +# nodePort: null +# annotations: {} +# labels: {} +# loadBalancerIP: null +# loadBalancerSourceRanges: [] +# externalTrafficPolicy: null + +# -- PodSecurityPolicy configuration. +# @default -- See `values.yaml` +podSecurityPolicy: + privileged: true + allowPrivilegeEscalation: true + volumes: + - 'secret' + - 'hostPath' + - 'downwardAPI' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + +# -- Section for crafting Promtails config file. The only directly relevant value is `config.file` +# which is a templated string that references the other values and snippets below this key. +# @default -- See `values.yaml` +config: + # -- The log level of the Promtail server + # Must be reference in `config.file` to configure `server.log_level` + # See default config in `values.yaml` + logLevel: info + # -- The port of the Promtail server + # Must be reference in `config.file` to configure `server.http_listen_port` + # See default config in `values.yaml` + serverPort: 3101 + # -- The Loki address to post logs to. + # Must be reference in `config.file` to configure `client.url`. + # See default config in `values.yaml` + lokiAddress: http://loki-gateway/loki/api/v1/push + # -- A section of reusable snippets that can be reference in `config.file`. + # Custom snippets may be added in order to reduce redundancy. + # This is especially helpful when multiple `kubernetes_sd_configs` are use which usually have large parts in common. + # @default -- See `values.yaml` + snippets: + pipelineStages: + - cri: {} + common: + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node_name + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + replacement: $1 + separator: / + source_labels: + - namespace + - app + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - action: replace + replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ + - action: replace + replacement: /var/log/pods/*$1/*.log + regex: true/(.*) + separator: / + source_labels: + - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash + - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash + - __meta_kubernetes_pod_container_name + target_label: __path__ + + # If set to true, adds an additional label for the scrape job. + # This helps debug the Promtail config. + addScrapeJobLabel: false + + # -- You can put here any keys that will be directly added to the config file's 'client' block. + # @default -- empty + extraClientConfigs: "" + + # -- You can put here any additional scrape configs you want to add to the config file. + # @default -- empty + extraScrapeConfigs: "" + + # -- You can put here any additional relabel_configs to "kubernetes-pods" job + extraRelabelConfigs: [] + + scrapeConfigs: | + # See also https://github.com/grafana/loki/blob/master/production/ksonnet/promtail/scrape_config.libsonnet for reference + - job_name: kubernetes-pods + pipeline_stages: + {{- toYaml .Values.config.snippets.pipelineStages | nindent 4 }} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_controller_name + regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})? + action: replace + target_label: __tmp_controller_name + - source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_name + - __meta_kubernetes_pod_label_app + - __tmp_controller_name + - __meta_kubernetes_pod_name + regex: ^;*([^;]+)(;.*)?$ + action: replace + target_label: app + - source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_component + - __meta_kubernetes_pod_label_component + regex: ^;*([^;]+)(;.*)?$ + action: replace + target_label: component + {{- if .Values.config.snippets.addScrapeJobLabel }} + - replacement: kubernetes-pods + target_label: scrape_job + {{- end }} + {{- toYaml .Values.config.snippets.common | nindent 4 }} + {{- with .Values.config.snippets.extraRelabelConfigs }} + {{- toYaml . | nindent 4 }} + {{- end }} + + # -- Config file contents for Promtail. + # Must be configured as string. + # It is templated so it can be assembled from reusable snippets in order to avoid redundancy. + # @default -- See `values.yaml` + file: | + server: + log_level: {{ .Values.config.logLevel }} + http_listen_port: {{ .Values.config.serverPort }} + + client: + url: {{ tpl .Values.config.lokiAddress . }} + {{- tpl .Values.config.snippets.extraClientConfigs . | nindent 2 }} + + positions: + filename: /run/promtail/positions.yaml + + scrape_configs: + {{- tpl .Values.config.snippets.scrapeConfigs . | nindent 2 }} + {{- tpl .Values.config.snippets.extraScrapeConfigs . | nindent 2 }} + +networkPolicy: + # -- Specifies whether Network Policies should be created + enabled: false + metrics: + # -- Specifies the Pods which are allowed to access the metrics port. + # As this is cross-namespace communication, you also neeed the namespaceSelector. + podSelector: {} + # -- Specifies the namespaces which are allowed to access the metrics port + namespaceSelector: {} + # -- Specifies specific network CIDRs which are allowed to access the metrics port. + # In case you use namespaceSelector, you also have to specify your kubelet networks here. + # The metrics ports are also used for probes. + cidrs: [] + k8sApi: + # -- Specify the k8s API endpoint port + port: 8443 + # -- Specifies specific network CIDRs you want to limit access to + cidrs: [] + +# -- Extra K8s manifests to deploy +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: promtail-secrets + # spec: + # backendType: gcpSecretsManager + # data: + # - key: promtail-oauth2-creds + # name: client_secret diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/requirements.lock b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/requirements.lock new file mode 100644 index 000000000..e21866640 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/requirements.lock @@ -0,0 +1,24 @@ +dependencies: +- name: loki + repository: https://grafana.github.io/helm-charts + version: 2.11.0 +- name: promtail + repository: https://grafana.github.io/helm-charts + version: 3.11.0 +- name: fluent-bit + repository: https://grafana.github.io/helm-charts + version: 2.3.1 +- name: grafana + repository: https://grafana.github.io/helm-charts + version: 6.24.1 +- name: prometheus + repository: https://prometheus-community.github.io/helm-charts + version: 15.5.4 +- name: filebeat + repository: https://helm.elastic.co + version: 7.17.1 +- name: logstash + repository: https://helm.elastic.co + version: 7.17.1 +digest: sha256:70bb0bb4d7242cc6be5b31627e1df0e14b7f5a2155eedee00dabce2ba8783308 +generated: "2022-04-15T19:59:54.756674848Z" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/requirements.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/requirements.yaml new file mode 100644 index 000000000..02519bc22 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/requirements.yaml @@ -0,0 +1,29 @@ +dependencies: +- name: "loki" + condition: loki.enabled + repository: "https://grafana.github.io/helm-charts" + version: "^2.10.1" +- name: "promtail" + condition: promtail.enabled + repository: "https://grafana.github.io/helm-charts" + version: "^3.11.0" +- name: "fluent-bit" + condition: fluent-bit.enabled + repository: "https://grafana.github.io/helm-charts" + version: "^2.3.0" +- name: "grafana" + condition: grafana.enabled + version: "~6.24.1" + repository: "https://grafana.github.io/helm-charts" +- name: "prometheus" + condition: prometheus.enabled + version: "~15.5.3" + repository: "https://prometheus-community.github.io/helm-charts" +- name: "filebeat" + condition: filebeat.enabled + version: "~7.17.1" + repository: "https://helm.elastic.co" +- name: "logstash" + condition: logstash.enabled + version: "~7.17.1" + repository: "https://helm.elastic.co" diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/NOTES.txt new file mode 100644 index 000000000..d9cdccbee --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/NOTES.txt @@ -0,0 +1,3 @@ +The Loki stack has been deployed to your cluster. Loki can now be added as a datasource in Grafana. + +See http://docs.grafana.org/features/datasources/loki/ for more detail. diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/_helpers.tpl new file mode 100644 index 000000000..1cb7269e8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/_helpers.tpl @@ -0,0 +1,58 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "loki-stack.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "loki-stack.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "loki-stack.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Override the naming defined by the prometheus chart. +Added as a fix for https://github.com/grafana/loki/issues/1169 +*/}} +{{- define "prometheus.fullname" -}} +{{- printf "%s-%s" .Release.Name "prometheus-server" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +The service name to connect to Loki. Defaults to the same logic as "loki.fullname" +*/}} +{{- define "loki.serviceName" -}} +{{- if .Values.loki.serviceName -}} +{{- .Values.loki.serviceName -}} +{{- else if .Values.loki.fullnameOverride -}} +{{- .Values.loki.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "loki" .Values.loki.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/datasources.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/datasources.yaml new file mode 100644 index 000000000..7931619d0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/datasources.yaml @@ -0,0 +1,35 @@ +{{- if .Values.grafana.sidecar.datasources.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "loki-stack.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loki-stack.name" . }} + chart: {{ template "loki-stack.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + grafana_datasource: "1" +data: + loki-stack-datasource.yaml: |- + apiVersion: 1 + datasources: +{{- if .Values.loki.enabled }} + - name: Loki + type: loki + access: proxy + url: http://{{(include "loki.serviceName" .)}}:{{ .Values.loki.service.port }} + version: 1 + isDefault: {{ .Values.loki.isDefault }} + jsonData: + maxLines: {{ .Values.grafana.sidecar.datasources.maxLines }} +{{- end }} +{{- if .Values.prometheus.enabled }} + - name: Prometheus + type: prometheus + access: proxy + url: http://{{ include "prometheus.fullname" .}}:{{ .Values.prometheus.server.service.servicePort }}{{ .Values.prometheus.server.prefixURL }} + version: 1 + isDefault: {{ .Values.prometheus.isDefault }} +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/tests/loki-test-configmap.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/tests/loki-test-configmap.yaml new file mode 100644 index 000000000..3e53cfde1 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/tests/loki-test-configmap.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "loki-stack.fullname" . }}-test + labels: + app: {{ template "loki-stack.name" . }} + chart: {{ template "loki-stack.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + test.sh: | + #!/usr/bin/env bash + + LOKI_URI="http://${LOKI_SERVICE}:${LOKI_PORT}" + + function setup() { + apk add -u curl jq + until (curl -s ${LOKI_URI}/api/prom/label/app/values | jq -e '.values[] | select(. == "loki")'); do + sleep 1 + done + } + + @test "Has labels" { + curl -s ${LOKI_URI}/api/prom/label | \ + jq -e '.values[] | select(. == "app")' + } + + @test "Query log entry" { + curl -sG ${LOKI_URI}/api/prom/query?limit=10 --data-urlencode 'query={app="loki"}' | \ + jq -e '.streams[].entries | length >= 1' + } + + @test "Push log entry legacy" { + local timestamp=$(date -Iseconds -u | sed 's/UTC/.000000000+00:00/') + local data=$(jq -n --arg timestamp "${timestamp}" '{"streams": [{"labels": "{app=\"loki-test\"}", "entries": [{"ts": $timestamp, "line": "foobar"}]}]}') + + curl -s -X POST -H "Content-Type: application/json" ${LOKI_URI}/api/prom/push -d "${data}" + + curl -sG ${LOKI_URI}/api/prom/query?limit=1 --data-urlencode 'query={app="loki-test"}' | \ + jq -e '.streams[].entries[].line == "foobar"' + } + + @test "Push log entry" { + local timestamp=$(date +%s000000000) + local data=$(jq -n --arg timestamp "${timestamp}" '{"streams": [{"stream": {"app": "loki-test"}, "values": [[$timestamp, "foobar"]]}]}') + + curl -s -X POST -H "Content-Type: application/json" ${LOKI_URI}/loki/api/v1/push -d "${data}" + + curl -sG ${LOKI_URI}/api/prom/query?limit=1 --data-urlencode 'query={app="loki-test"}' | \ + jq -e '.streams[].entries[].line == "foobar"' + } + diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/tests/loki-test-pod.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/tests/loki-test-pod.yaml new file mode 100644 index 000000000..a153a05df --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/templates/tests/loki-test-pod.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Pod +metadata: + annotations: + "helm.sh/hook": test-success + labels: + app: {{ template "loki-stack.name" . }} + chart: {{ template "loki-stack.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "loki-stack.fullname" . }}-test +spec: + containers: + - name: test + image: bats/bats:v1.1.0 + args: + - /var/lib/loki/test.sh + env: + - name: LOKI_SERVICE + value: {{ template "loki.serviceName" . }} + - name: LOKI_PORT + value: "{{ .Values.loki.service.port }}" + volumeMounts: + - name: tests + mountPath: /var/lib/loki + restartPolicy: Never + volumes: + - name: tests + configMap: + name: {{ template "loki-stack.fullname" . }}-test diff --git a/charts/openebs/openebs/charts/mayastor/charts/loki-stack/values.yaml b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/values.yaml new file mode 100644 index 000000000..afc84c3bf --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/charts/loki-stack/values.yaml @@ -0,0 +1,74 @@ +loki: + enabled: true + isDefault: true + +promtail: + enabled: true + config: + lokiAddress: http://{{ .Release.Name }}:3100/loki/api/v1/push + +fluent-bit: + enabled: false + +grafana: + enabled: false + sidecar: + datasources: + enabled: true + maxLines: 1000 + image: + tag: 8.3.5 + +prometheus: + enabled: false + isDefault: false + +filebeat: + enabled: false + filebeatConfig: + filebeat.yml: | + # logging.level: debug + filebeat.inputs: + - type: container + paths: + - /var/log/containers/*.log + processors: + - add_kubernetes_metadata: + host: ${NODE_NAME} + matchers: + - logs_path: + logs_path: "/var/log/containers/" + output.logstash: + hosts: ["logstash-loki:5044"] + +logstash: + enabled: false + image: grafana/logstash-output-loki + imageTag: 1.0.1 + filters: + main: |- + filter { + if [kubernetes] { + mutate { + add_field => { + "container_name" => "%{[kubernetes][container][name]}" + "namespace" => "%{[kubernetes][namespace]}" + "pod" => "%{[kubernetes][pod][name]}" + } + replace => { "host" => "%{[kubernetes][node][name]}"} + } + } + mutate { + remove_field => ["tags"] + } + } + outputs: + main: |- + output { + loki { + url => "http://loki:3100/loki/api/v1/push" + #username => "test" + #password => "test" + } + # stdout { codec => rubydebug } + } diff --git a/charts/openebs/openebs/charts/mayastor/crds/jaeger.yaml b/charts/openebs/openebs/charts/mayastor/crds/jaeger.yaml new file mode 100644 index 000000000..36f9fb8b8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/crds/jaeger.yaml @@ -0,0 +1,44 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: jaegers.jaegertracing.io + labels: + app: jaeger-operator +spec: + group: jaegertracing.io + names: + kind: Jaeger + listKind: JaegerList + plural: jaegers + singular: jaeger + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - description: Jaeger instance's status + jsonPath: .status.phase + name: Status + type: string + - description: Jaeger Version + jsonPath: .status.version + name: Version + type: string + - description: Jaeger deployment strategy + jsonPath: .spec.strategy + name: Strategy + type: string + - description: Jaeger storage type + jsonPath: .spec.storage.type + name: Storage + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + served: true + storage: true + subresources: + status: {} diff --git a/charts/openebs/openebs/charts/mayastor/doc.yaml b/charts/openebs/openebs/charts/mayastor/doc.yaml new file mode 100644 index 000000000..6e8458a6c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/doc.yaml @@ -0,0 +1,19 @@ +project: + name: OpenEBS Mayastor + shortName: Mayastor + url: https://openebs.io/mayastor + description: Fast NVMe backed storage for enterprise users on Kubernetes +repository: + url: https://openebs.github.io/mayastor-extensions/ + name: mayastor +chart: + name: mayastor + version: 2.0.0 + values: "-- generate from values file --" + valuesExample: "-- generate from values file --" +prerequisites: + - "Kubernetes v1.21+" + - Linux Kernel 5.4+ on Worker Nodes with required nvme modules loaded +release: + name: mayastor + namespace: mayastor diff --git a/charts/openebs/openebs/charts/mayastor/product.yaml b/charts/openebs/openebs/charts/mayastor/product.yaml new file mode 100644 index 000000000..56d86b7d3 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/product.yaml @@ -0,0 +1,3 @@ +name: Mayastor +project: OpenEBS +domain: openebs.io \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/templates/NOTES.txt b/charts/openebs/openebs/charts/mayastor/templates/NOTES.txt new file mode 100644 index 000000000..eec7098a5 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/NOTES.txt @@ -0,0 +1,4 @@ +OpenEBS Mayastor has been installed. Check its status by running: +$ kubectl get pods -n {{ .Release.Namespace }} + +For more information or to view the documentation, visit our website at https://mayastor.gitbook.io/introduction/. diff --git a/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl b/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl new file mode 100644 index 000000000..c2e8da3e0 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/_helpers.tpl @@ -0,0 +1,119 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Renders the CORE server init container, if enabled +Usage: +{{ include "base_init_core_containers" . }} +*/}} +{{- define "base_init_core_containers" -}} + {{- if .Values.base.initCoreContainers.enabled }} + {{- include "render" (dict "value" .Values.base.initCoreContainers.containers "context" $) | nindent 8 }} + {{- end }} +{{- end -}} + +{{/* +Renders the HA NODE AGENT init container, if enabled +Usage: +{{ include "base_init_ha_node_containers" . }} +*/}} +{{- define "base_init_ha_node_containers" -}} + {{- if .Values.base.initHaNodeContainers.enabled }} + {{- include "render" (dict "value" .Values.base.initHaNodeContainers.containers "context" $) | nindent 8 }} + {{- end }} +{{- end -}} + +{{/* +Renders the base init containers for all deployments, if any +Usage: +{{ include "base_init_containers" . }} +*/}} +{{- define "base_init_containers" -}} + {{- if .Values.base.initContainers.enabled }} + {{- include "render" (dict "value" .Values.base.initContainers.containers "context" $) | nindent 8 }} + {{- end }} + {{- include "jaeger_agent_init_container" . }} +{{- end -}} + +{{/* +Renders the jaeger agent init container, if enabled +Usage: +{{ include "jaeger_agent_init_container" . }} +*/}} +{{- define "jaeger_agent_init_container" -}} + {{- if .Values.base.jaeger.enabled }} + {{- if .Values.base.jaeger.initContainer }} + {{- include "render" (dict "value" .Values.base.jaeger.agent.initContainer "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Renders the base image pull secrets for all deployments, if any +Usage: +{{ include "base_pull_secrets" . }} +*/}} +{{- define "base_pull_secrets" -}} + {{- if .Values.base.imagePullSecrets.enabled }} + {{- include "render" (dict "value" .Values.base.imagePullSecrets.secrets "context" $) | nindent 8 }} + {{- end }} +{{- end -}} + +{{/* +Renders the REST server init container, if enabled +Usage: +{{- include "rest_agent_init_container" . }} +*/}} +{{- define "rest_agent_init_container" -}} + {{- if .Values.base.initRestContainer.enabled }} + {{- include "render" (dict "value" .Values.base.initRestContainer.initContainer "context" $) | nindent 8 }} + {{- end }} +{{- end -}} + +{{/* +Renders the jaeger scheduling rules, if any +Usage: +{{ include "jaeger_scheduling" . }} +*/}} +{{- define "jaeger_scheduling" -}} + {{- if index .Values "jaeger-operator" "affinity" }} + affinity: + {{- include "render" (dict "value" (index .Values "jaeger-operator" "affinity") "context" $) | nindent 4 }} + {{- end }} + {{- if index .Values "jaeger-operator" "tolerations" }} + tolerations: + {{- include "render" (dict "value" (index .Values "jaeger-operator" "tolerations") "context" $) | nindent 4 }} + {{- end }} +{{- end -}} + +{{/* Generate CPU list specification based on CPU count (-l param of mayastor) */}} +{{- define "cpuFlag" -}} +{{- range $i, $e := until (int .Values.io_engine.cpuCount) }} +{{- if gt $i 0 }} + {{- printf "," }} +{{- end }} +{{- printf "%d" (add $i 1) }} +{{- end }} +{{- end }} + +{{/* +Adds the project domain to labels +Usage: +{{ include "label_prefix" . }}/release: {{ .Release.Name }} +*/}} +{{- define "label_prefix" -}} + {{ $product := .Files.Get "product.yaml" | fromYaml }} + {{- print $product.domain -}} +{{- end -}} \ No newline at end of file diff --git a/charts/openebs/openebs/charts/mayastor/templates/etcd/storage/localpv.yaml b/charts/openebs/openebs/charts/mayastor/templates/etcd/storage/localpv.yaml new file mode 100644 index 000000000..f690dda9c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/etcd/storage/localpv.yaml @@ -0,0 +1,22 @@ +--- +{{ if and .Values.etcd.persistence.enabled (eq .Values.etcd.persistence.storageClass "manual") }} +{{- range $index, $end := until (.Values.etcd.replicaCount | int) }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: etcd-volume-{{ $index }} + labels: + statefulset.kubernetes.io/pod-name: {{ print $.Release.Name }}-etcd-{{ $index }} +spec: + storageClassName: manual + # You must also delete the hostpath on the node + persistentVolumeReclaimPolicy: {{ $.Values.etcd.persistence.reclaimPolicy }} + capacity: + storage: {{ $.Values.etcd.persistence.size | quote }} + accessModes: + - ReadWriteOnce + hostPath: + path: "/var/local/{{ $.Release.Name }}/etcd/pod-{{ $index }}" +--- +{{- end }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/jaeger-operator/jaeger.yaml b/charts/openebs/openebs/charts/mayastor/templates/jaeger-operator/jaeger.yaml new file mode 100644 index 000000000..5face138c --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/jaeger-operator/jaeger.yaml @@ -0,0 +1,23 @@ +{{- if .Values.base.jaeger.enabled }} +apiVersion: jaegertracing.io/v1 +kind: Jaeger +metadata: + name: jaeger + namespace: {{ .Release.Namespace }} +labels: + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + strategy: allInOne + ingress: + enabled: false + {{- include "jaeger_scheduling" . }} + query: + serviceType: NodePort + nodePort: 30012 + storage: + type: memory + options: + memory: + max-traces: 100000 +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/loki-stack/storage/localpv.yaml b/charts/openebs/openebs/charts/mayastor/templates/loki-stack/storage/localpv.yaml new file mode 100644 index 000000000..4b5ac35a8 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/loki-stack/storage/localpv.yaml @@ -0,0 +1,20 @@ +--- + +{{ if and (eq ( index .Values "loki-stack" "loki" "persistence" "storageClassName" ) "manual") ( index .Values "loki-stack" "loki" "persistence" "enabled" ) }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: loki-volume-0 + labels: + statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-loki-0 +spec: + storageClassName: manual + persistentVolumeReclaimPolicy: {{ index .Values "loki-stack" "loki" "persistence" "reclaimPolicy" }} + capacity: + storage: {{ index .Values "loki-stack" "loki" "persistence" "size" }} + accessModes: + - ReadWriteOnce + hostPath: + path: "/var/local/{{ .Release.Name }}/loki" +--- +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml new file mode 100644 index 000000000..86e7e9160 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-deployment.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-agent-core + labels: + app: agent-core + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + replicas: 1 + selector: + matchLabels: + app: agent-core + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + template: + metadata: + labels: + app: agent-core + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + serviceAccount: {{ .Release.Name }}-service-account + imagePullSecrets: + {{- include "base_pull_secrets" . }} + initContainers: + {{- include "base_init_core_containers" . }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + tolerations: {{- toYaml .Values.earlyEvictionTolerations | nindent 8}} + priorityClassName: system-cluster-critical # Priority class provided by k8s by default. + containers: + - name: agent-core + resources: + limits: + cpu: {{ .Values.agents.core.resources.limits.cpu | quote }} + memory: {{ .Values.agents.core.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.agents.core.resources.requests.cpu | quote }} + memory: {{ .Values.agents.core.resources.requests.memory | quote }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-core:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "-s{{ .Release.Name }}-etcd:{{ .Values.etcd.service.port }}" + - "--request-timeout={{ .Values.base.default_req_timeout }}" + - "--cache-period={{ .Values.base.cache_poll_period }}"{{ if .Values.base.jaeger.enabled }} + - "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }} + - "--grpc-server-addr=0.0.0.0:50051" + ports: + - containerPort: 50051 + env: + - name: RUST_LOG + value: {{ .Values.agents.core.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.agents.core.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.agents.core.logSilenceLevel }} + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: agent-ha-cluster + resources: + limits: + cpu: {{ .Values.agents.ha.cluster.resources.limits.cpu | quote }} + memory: {{ .Values.agents.ha.cluster.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.agents.ha.cluster.resources.requests.cpu | quote }} + memory: {{ .Values.agents.ha.cluster.resources.requests.memory | quote }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-cluster:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "-g=0.0.0.0:50052" + - "--store=http://{{ .Release.Name }}-etcd:{{ .Values.etcd.service.port }}" + - "--core-grpc=https://{{ .Release.Name }}-agent-core:50051"{{ if .Values.base.jaeger.enabled }} + - "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }} + ports: + - containerPort: 50052 + env: + - name: RUST_LOG + value: {{ .Values.agents.core.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.agents.core.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.agents.core.logSilenceLevel }} + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-service.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-service.yaml new file mode 100644 index 000000000..3cf6c2039 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/core/agent-core-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-agent-core + labels: + app: agent-core + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + clusterIP: None + selector: + app: agent-core + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + ports: + - name: grpc + port: 50051 + - name: ha-cluster + port: 50052 diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml new file mode 100644 index 000000000..6620d454e --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/agents/ha/ha-node-daemonset.yaml @@ -0,0 +1,109 @@ +{{- if .Values.agents.ha.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Release.Name }}-agent-ha-node + labels: + app: agent-ha-node + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + selector: + matchLabels: + app: agent-ha-node + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + minReadySeconds: 10 + template: + metadata: + labels: + app: agent-ha-node + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + initContainers: + {{- include "base_init_ha_node_containers" . }} + imagePullSecrets: + {{- include "base_pull_secrets" . }} + nodeSelector: + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.csi.node.topology.nodeSelector }} + {{- range $key, $val := .Values.csi.node.topology.segments }} + {{ $key }}: {{ $val }} + {{- end }} + {{- end }} + containers: + - name: agent-ha-node + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-agent-ha-node:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + env: + - name: RUST_LOG + value: {{ .Values.agents.ha.node.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.agents.ha.node.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.agents.ha.node.logSilenceLevel }} + {{- end }} + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: RUST_BACKTRACE + value: "1" + args: + - "--node-name=$(MY_NODE_NAME)" + - "--csi-socket={{ .Values.csi.node.pluginMounthPath }}/{{ .Values.csi.node.socketPath }}" + - "--grpc-endpoint=$(MY_POD_IP):50053" + - "--cluster-agent=https://{{ .Release.Name }}-agent-core:50052"{{ if .Values.base.jaeger.enabled }} + - "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }} + volumeMounts: + - name: device + mountPath: /dev + - name: sys + mountPath: /sys + - name: run-udev + mountPath: /run/udev + - name: plugin-dir + mountPath: {{ .Values.csi.node.pluginMounthPath }} + resources: + limits: + cpu: {{ .Values.agents.ha.node.resources.limits.cpu | quote }} + memory: {{ .Values.agents.ha.node.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.agents.ha.node.resources.requests.cpu | quote }} + memory: {{ .Values.agents.ha.node.resources.requests.memory | quote }} + ports: + - containerPort: 50053 + protocol: TCP + name: ha-node + volumes: + - name: device + hostPath: + path: /dev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run-udev + hostPath: + path: /run/udev + type: Directory + - name: plugin-dir + hostPath: + path: {{ .Values.csi.node.kubeletDir }}/plugins/io.openebs.mayastor/ + type: DirectoryOrCreate +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml new file mode 100644 index 000000000..4c444472b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-api-rest + labels: + app: api-rest + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + replicas: {{ .Values.apis.rest.replicaCount }} + selector: + matchLabels: + app: api-rest + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + template: + metadata: + labels: + app: api-rest + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + imagePullSecrets: + {{- include "base_pull_secrets" . }} + initContainers: + {{- include "base_init_containers" . }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + tolerations: {{- toYaml .Values.earlyEvictionTolerations | nindent 8 }} + priorityClassName: system-cluster-critical # Priority class provided by k8s by default. + containers: + - name: api-rest + resources: + limits: + cpu: {{ .Values.apis.rest.resources.limits.cpu | quote }} + memory: {{ .Values.apis.rest.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.apis.rest.resources.requests.cpu | quote }} + memory: {{ .Values.apis.rest.resources.requests.memory | quote }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-api-rest:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "--dummy-certificates" + - "--no-auth" + - "--http=0.0.0.0:8081" + - "--request-timeout={{ .Values.base.default_req_timeout }}"{{ if .Values.base.jaeger.enabled }} + - "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }} + - "--core-grpc=https://{{ .Release.Name }}-agent-core:50051" + ports: + - containerPort: 8080 + - containerPort: 8081 + env: + - name: RUST_LOG + value: {{ .Values.apis.rest.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.apis.rest.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.apis.rest.logSilenceLevel }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-service.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-service.yaml new file mode 100644 index 000000000..37671f005 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/apis/api-rest-service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-api-rest + labels: + app: api-rest + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + type: {{ .Values.apis.rest.service.type }} + selector: + app: api-rest + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + ports: + - port: 8080 + name: https + targetPort: 8080 + protocol: TCP + {{- if eq .Values.apis.rest.service.type "NodePort" }} + nodePort: {{ .Values.apis.rest.service.nodePorts.https }} + {{- end }} + - port: 8081 + name: http + targetPort: 8081 + protocol: TCP + {{- if eq .Values.apis.rest.service.type "NodePort" }} + nodePort: {{ .Values.apis.rest.service.nodePorts.http }} + {{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml new file mode 100644 index 000000000..3af51456d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-controller-deployment.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-csi-controller + labels: + app: csi-controller + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + replicas: 1 + selector: + matchLabels: + app: csi-controller + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + template: + metadata: + labels: + app: csi-controller + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + hostNetwork: true + serviceAccount: {{ .Release.Name }}-service-account + dnsPolicy: ClusterFirstWithHostNet + imagePullSecrets: + {{- include "base_pull_secrets" . }} + initContainers: + {{- include "jaeger_agent_init_container" . }} + {{- include "rest_agent_init_container" . }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + containers: + - name: csi-provisioner + image: "{{ .Values.csi.image.registry }}/{{ .Values.csi.image.repo }}/csi-provisioner:{{ .Values.csi.image.provisionerTag }}" + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--strict-topology=false" + - "--default-fstype=ext4" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.csi.image.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: "{{ .Values.csi.image.registry }}/{{ .Values.csi.image.repo }}/csi-attacher:{{ .Values.csi.image.attacherTag }}" + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.csi.image.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-controller + resources: + limits: + cpu: {{ .Values.csi.controller.resources.limits.cpu | quote }} + memory: {{ .Values.csi.controller.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.csi.controller.resources.requests.cpu | quote }} + memory: {{ .Values.csi.controller.resources.requests.memory | quote }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-csi-controller:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "--csi-socket=/var/lib/csi/sockets/pluginproxy/csi.sock" + - "--rest-endpoint=http://{{ .Release.Name }}-api-rest:8081"{{ if .Values.base.jaeger.enabled }} + - "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }} + {{- range $key, $val := .Values.csi.node.topology.segments }} + - "--node-selector={{ $key }}={{ $val }}" + {{- end }} + env: + - name: RUST_LOG + value: {{ .Values.csi.controller.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.csi.controller.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.csi.controller.logSilenceLevel }} + {{- end }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: + diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml new file mode 100644 index 000000000..794fc3f6d --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/csi/csi-node-daemonset.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Release.Name }}-csi-node + labels: + app: csi-node + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{- range $key, $val := .Values.csi.node.topology.segments }} + {{ $key }}: {{ $val }} + {{- end }} +spec: + selector: + matchLabels: + app: csi-node + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + minReadySeconds: 10 + template: + metadata: + labels: + app: csi-node + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + serviceAccount: {{ .Release.Name }}-service-account + hostNetwork: true + imagePullSecrets: + {{- include "base_pull_secrets" . }} + nodeSelector: + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.csi.node.topology.nodeSelector }} + {{- range $key, $val := .Values.csi.node.topology.segments }} + {{ $key }}: {{ $val }} + {{- end }} + {{- end }} + # NOTE: Each container must have mem/cpu limits defined in order to + # belong to Guaranteed QoS class, hence can never get evicted in case of + # pressure unless they exceed those limits. limits and requests must be + # the same. + containers: + - name: csi-node + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-csi-node:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # we need privileged because we mount filesystems and use mknod + securityContext: + privileged: true + env: + - name: RUST_LOG + value: {{ .Values.csi.node.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.csi.node.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.csi.node.logSilenceLevel }} + {{- end }} + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: RUST_BACKTRACE + value: "1" + args: + - "--csi-socket={{ .Values.csi.node.pluginMounthPath }}/{{ .Values.csi.node.socketPath }}" + - "--node-name=$(MY_NODE_NAME)" + - "--grpc-endpoint=$(MY_POD_IP):10199"{{ if .Values.csi.node.nvme.io_timeout }} + - "--nvme-core-io-timeout={{ .Values.csi.node.nvme.io_timeout }}"{{ end }}{{ if .Values.csi.node.nvme.ctrl_loss_tmo }} + - "--nvme-ctrl-loss-tmo={{ .Values.csi.node.nvme.ctrl_loss_tmo }}"{{ end }}{{ if .Values.csi.node.nvme.keep_alive_tmo }} + - "--nvme-keep-alive-tmo={{ .Values.csi.node.nvme.keep_alive_tmo }}"{{ end }} + - "--nvme-nr-io-queues={{ .Values.io_engine.cpuCount }}" + {{- range $key, $val := .Values.csi.node.topology.segments }} + - "--node-selector={{ $key }}={{ $val }}" + {{- end }} + command: + - csi-node + volumeMounts: + - name: device + mountPath: /dev + - name: sys + mountPath: /sys + - name: run-udev + mountPath: /run/udev + - name: plugin-dir + mountPath: {{ .Values.csi.node.pluginMounthPath }} + - name: kubelet-dir + mountPath: {{ .Values.csi.node.kubeletDir }} + mountPropagation: "Bidirectional" + resources: + limits: + cpu: {{ .Values.csi.node.resources.limits.cpu | quote }} + memory: {{ .Values.csi.node.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.csi.node.resources.requests.cpu | quote }} + memory: {{ .Values.csi.node.resources.requests.memory | quote }} + - name: csi-driver-registrar + image: "{{ .Values.csi.image.registry }}/{{ .Values.csi.image.repo }}/csi-node-driver-registrar:{{ .Values.csi.image.registrarTag }}" + imagePullPolicy: {{ .Values.csi.image.pullPolicy }} + args: + - "--csi-address={{ .Values.csi.node.pluginMounthPath }}/{{ .Values.csi.node.socketPath }}" + - "--kubelet-registration-path={{ .Values.csi.node.kubeletDir }}/plugins/io.openebs.mayastor/csi.sock" + volumeMounts: + - name: plugin-dir + mountPath: {{ .Values.csi.node.pluginMounthPath }} + - name: registration-dir + mountPath: /registration + resources: + limits: + cpu: "100m" + memory: "50Mi" + requests: + cpu: "100m" + memory: "50Mi" + # Mayastor node plugin gRPC server + ports: + - containerPort: 10199 + protocol: TCP + name: mayastor-node + volumes: + - name: device + hostPath: + path: /dev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run-udev + hostPath: + path: /run/udev + type: Directory + - name: registration-dir + hostPath: + path: {{ .Values.csi.node.kubeletDir }}/plugins_registry/ + type: Directory + - name: plugin-dir + hostPath: + path: {{ .Values.csi.node.kubeletDir }}/plugins/io.openebs.mayastor/ + type: DirectoryOrCreate + - name: kubelet-dir + hostPath: + path: {{ .Values.csi.node.kubeletDir }} + type: Directory diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml new file mode 100644 index 000000000..aef4e168a --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/io/io-engine-daemonset.yaml @@ -0,0 +1,142 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Release.Name }}-io-engine + labels: + app: io-engine + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + selector: + matchLabels: + app: io-engine + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + updateStrategy: + type: OnDelete + minReadySeconds: 10 + template: + metadata: + labels: + app: io-engine + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + imagePullSecrets: + {{- include "base_pull_secrets" . }} + hostNetwork: true + # To resolve services in the namespace + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: {{- .Values.io_engine.nodeSelector | toYaml | nindent 8 }} + initContainers: + {{- include "base_init_containers" . }} + containers: + {{- if .Values.base.metrics.enabled }} + - name: metrics-exporter-pool + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-metrics-exporter-pool:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + args: + - "-p{{ .Values.base.metrics.pollingInterval }}" + - "--api-versions={{ .Values.io_engine.api }}" + command: + - metrics-exporter-pool + ports: + - containerPort: 9502 + protocol: TCP + name: metrics + {{- end }} + - name: io-engine + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-io-engine:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: RUST_LOG + value: {{ .Values.io_engine.logLevel }} + - name: NVME_QPAIR_CONNECT_ASYNC + value: "true" + - name: NVMF_TCP_MAX_QUEUE_DEPTH + value: "32" + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NEXUS_NVMF_ANA_ENABLE + value: "1" + - name: NEXUS_NVMF_RESV_ENABLE + value: "1" + args: + # The -l argument accepts cpu-list. Indexing starts at zero. + # For example -l 1,2,10-20 means use core 1, 2, 10 to 20. + # Note: Ensure that the CPU resources are updated accordingly. + # If you use 2 CPUs, the CPU: field should also read 2. + - "-g$(MY_POD_IP)" + - "-N$(MY_NODE_NAME)" + - "-Rhttps://{{ .Release.Name }}-agent-core:50051" + - "-y/var/local/io-engine/config.yaml" + - "-l{{ include "cpuFlag" . }}" + - "-p={{ .Release.Name }}-etcd:{{ .Values.etcd.service.port }}"{{ if .Values.io_engine.target.nvmf.ptpl }} + - "--ptpl-dir=/var/local/io-engine/ptpl/"{{ end }} + - "--api-versions={{ .Values.io_engine.api }}"{{ if .Values.io_engine.target.nvmf.iface }} + - "-T={{ .Values.io_engine.target.nvmf.iface }}"{{ end }}{{ if .Values.io_engine.envcontext }} + - "--env-context=--{{ .Values.io_engine.envcontext }}"{{ end }}{{ if .Values.io_engine.reactorFreezeDetection.enabled }} + - "--reactor-freeze-detection"{{ end }} + command: + - io-engine + securityContext: + privileged: true + volumeMounts: + - name: device + mountPath: /dev + - name: udev + mountPath: /run/udev + - name: dshm + mountPath: /dev/shm + - name: configlocation + mountPath: /var/local/io-engine/ + - name: hugepage + mountPath: /dev/hugepages + resources: + limits: + cpu: {{ .Values.io_engine.resources.limits.cpu | default .Values.io_engine.cpuCount | quote }} + memory: {{ .Values.io_engine.resources.limits.memory | quote }} + hugepages-2Mi: {{ .Values.io_engine.resources.limits.hugepages2Mi | quote }} + requests: + cpu: {{ .Values.io_engine.resources.requests.cpu | default .Values.io_engine.cpuCount | quote }} + memory: {{ .Values.io_engine.resources.requests.memory | quote }} + hugepages-2Mi: {{ .Values.io_engine.resources.requests.hugepages2Mi | quote }} + ports: + - containerPort: 10124 + protocol: TCP + name: io-engine + volumes: + - name: device + hostPath: + path: /dev + type: Directory + - name: udev + hostPath: + path: /run/udev + type: Directory + - name: dshm + emptyDir: + medium: Memory + sizeLimit: "1Gi" + - name: hugepage + emptyDir: + medium: HugePages + - name: configlocation + hostPath: + path: /var/local/io-engine/ + type: DirectoryOrCreate diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/metrics/metrics-exporter-pool-service.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/metrics/metrics-exporter-pool-service.yaml new file mode 100644 index 000000000..afe6394e7 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/metrics/metrics-exporter-pool-service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.base.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-metrics-exporter-pool + labels: + app: metrics-exporter-pool + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + clusterIP: None + ports: + - name: metrics + port: 9502 + targetPort: 9502 + protocol: TCP + selector: + app: io-engine + {{ include "label_prefix" . }}/release: {{ .Release.Name }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml new file mode 100644 index 000000000..b1f950c1b --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/obs/obs-callhome-deployment.yaml @@ -0,0 +1,46 @@ +{{- if .Values.obs.callhome.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-obs-callhome + labels: + app: obs-callhome + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + replicas: 1 + selector: + matchLabels: + app: obs-callhome + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + template: + metadata: + labels: + app: obs-callhome + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + spec: + serviceAccount: {{ .Release.Name }}-service-account + imagePullSecrets: + {{- include "base_pull_secrets" . }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + containers: + - name: obs-callhome + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-obs-callhome:{{ .Values.image.tag }}" + args: + - "-e http://{{ .Release.Name }}-api-rest:8081" + - "-n {{ .Release.Namespace }}" + env: + - name: RUST_LOG + value: {{ .Values.obs.callhome.logLevel }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + limits: + cpu: {{ .Values.obs.callhome.resources.limits.cpu | quote }} + memory: {{ .Values.obs.callhome.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.obs.callhome.resources.requests.cpu | quote }} + memory: {{ .Values.obs.callhome.resources.requests.memory | quote }} +{{- end }} diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml new file mode 100644 index 000000000..782d9e3a3 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/operators/operator-diskpool-deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-operator-diskpool + labels: + app: operator-diskpool + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +spec: + replicas: 1 + selector: + matchLabels: + app: operator-diskpool + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + template: + metadata: + labels: + app: operator-diskpool + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} + {{ include "label_prefix" . }}/logging: "true" + spec: + serviceAccount: {{ .Release.Name }}-service-account + imagePullSecrets: + {{- include "base_pull_secrets" . }} + initContainers: + {{- include "base_init_containers" . }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + containers: + - name: operator-diskpool + resources: + limits: + cpu: {{ .Values.operators.pool.resources.limits.cpu | quote }} + memory: {{ .Values.operators.pool.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.operators.pool.resources.requests.cpu | quote }} + memory: {{ .Values.operators.pool.resources.requests.memory | quote }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repo }}/{{ .Chart.Name }}-operator-diskpool:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - "-e http://{{ .Release.Name }}-api-rest:8081" + - "-n{{ .Release.Namespace }}" + - "--request-timeout={{ .Values.base.default_req_timeout }}" + - "--interval={{ .Values.base.cache_poll_period }}"{{ if .Values.base.jaeger.enabled }} + - "--jaeger={{ .Values.base.jaeger.agent.name }}:{{ .Values.base.jaeger.agent.port }}"{{ end }} + env: + - name: RUST_LOG + value: {{ .Values.operators.pool.logLevel }} + {{- if default .Values.base.logSilenceLevel .Values.operators.pool.logSilenceLevel }} + - name: RUST_LOG_SILENCE + value: {{ default .Values.base.logSilenceLevel .Values.operators.pool.logSilenceLevel }} + {{- end }} + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name diff --git a/charts/openebs/openebs/charts/mayastor/templates/mayastor/rbac/rbac.yaml b/charts/openebs/openebs/charts/mayastor/templates/mayastor/rbac/rbac.yaml new file mode 100644 index 000000000..b6315b506 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/mayastor/rbac/rbac.yaml @@ -0,0 +1,90 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-service-account + namespace: {{ .Release.Namespace }} + labels: + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-cluster-role + labels: + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +rules: + # must create mayastor crd if it doesn't exist +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list"] + # must read diskpool info +- apiGroups: ["openebs.io"] + resources: ["diskpools"] + verbs: ["get", "list", "watch", "update", "replace", "patch"] + # must update diskpool status +- apiGroups: ["openebs.io"] + resources: ["diskpools/status"] + verbs: ["update", "patch"] + # external provisioner & attacher +- apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + + # external provisioner +- apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + + # external attacher +- apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +- apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + # CSI nodes must be listed +- apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + + # get kube-system namespace to retrieve Uid +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-cluster-role-binding + labels: + {{ include "label_prefix" . }}/release: {{ .Release.Name }} + {{ include "label_prefix" . }}/version: {{ .Chart.Version }} +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-service-account + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-cluster-role + apiGroup: rbac.authorization.k8s.io diff --git a/charts/openebs/openebs/charts/mayastor/templates/storageclass.yaml b/charts/openebs/openebs/charts/mayastor/templates/storageclass.yaml new file mode 100644 index 000000000..398f80adc --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/templates/storageclass.yaml @@ -0,0 +1,9 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-single-replica +parameters: + repl: '1' + protocol: 'nvmf' + ioTimeout: '60' +provisioner: io.openebs.csi-mayastor diff --git a/charts/openebs/openebs/charts/mayastor/values.yaml b/charts/openebs/openebs/charts/mayastor/values.yaml new file mode 100644 index 000000000..17f7436c6 --- /dev/null +++ b/charts/openebs/openebs/charts/mayastor/values.yaml @@ -0,0 +1,516 @@ +image: + # -- Image registry to pull our product images + registry: docker.io + # -- Image registry's namespace + repo: openebs + # -- Release tag for our images + tag: v2.0.0 + # -- ImagePullPolicy for our images + pullPolicy: IfNotPresent + +# -- Node labels for pod assignment +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +# Note that if multi-arch images support 'kubernetes.io/arch: amd64' +# should be removed and set 'nodeSelector' to empty '{}' as default value. +nodeSelector: + kubernetes.io/arch: amd64 + +earlyEvictionTolerations: + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 5 + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 5 + +base: + # -- Request timeout for rest & core agents + default_req_timeout: 5s + # -- Cache timeout for core agent & diskpool deployment + cache_poll_period: 30s + # -- Silence specific module components + logSilenceLevel: + initContainers: + enabled: true + containers: + - name: agent-core-grpc-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-agent-core 50051; do date; echo "Waiting for agent-core-grpc services..."; sleep 1; done;'] + - name: etcd-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-etcd {{ .Values.etcd.service.port }}; do date; echo "Waiting for etcd..."; sleep 1; done;'] + initHaNodeContainers: + enabled: true + containers: + - name: agent-cluster-grpc-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-agent-core 50052; do date; echo "Waiting for agent-cluster-grpc services..."; sleep 1; done;'] + initCoreContainers: + enabled: true + containers: + - name: etcd-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-etcd {{ .Values.etcd.service.port }}; do date; echo "Waiting for etcd..."; sleep 1; done;'] + # docker-secrets required to pull images if the container registry from image.Registry is protected + imagePullSecrets: + # -- Enable imagePullSecrets for pulling our container images + enabled: false + # Name of the imagePullSecret in the installed namespace + secrets: + - name: login + + metrics: + # -- Enable the metrics exporter + enabled: true + # metrics refresh time + # WARNING: Lowering pollingInterval value will affect performance adversely + pollingInterval: "5m" + + jaeger: + # -- Enable jaeger tracing + enabled: false + initContainer: true + agent: + name: jaeger-agent + port: 6831 + initContainer: + - name: jaeger-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 -u {{.Values.base.jaeger.agent.name}} {{.Values.base.jaeger.agent.port}}; do date; echo "Waiting for jaeger..."; sleep 1; done;'] + initRestContainer: + enabled: true + initContainer: + - name: api-rest-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-api-rest 8081; do date; echo "Waiting for REST API endpoint to become available"; sleep 1; done;'] + +operators: + pool: + # -- Log level for diskpool operator service + logLevel: info + resources: + limits: + # -- Cpu limits for diskpool operator + cpu: "100m" + # -- Memory limits for diskpool operator + memory: "32Mi" + requests: + # -- Cpu requests for diskpool operator + cpu: "50m" + # -- Memory requests for diskpool operator + memory: "16Mi" + +jaeger-operator: + # Name of jaeger operator + name: "{{ .Release.Name }}" + crd: + # Install jaeger CRDs + install: false + jaeger: + # Install jaeger-operator + create: false + rbac: + # Create a clusterRole for Jaeger + clusterRole: true + +agents: + core: + # -- Log level for the core service + logLevel: info + resources: + limits: + # -- Cpu limits for core agents + cpu: "1000m" + # -- Memory limits for core agents + memory: "128Mi" + requests: + # -- Cpu requests for core agents + cpu: "500m" + # -- Memory requests for core agents + memory: "32Mi" + ha: + enabled: true + node: + # -- Log level for the ha node service + logLevel: info + resources: + limits: + # -- Cpu limits for ha node agent + cpu: "100m" + # -- Memory limits for ha node agent + memory: "64Mi" + requests: + # -- Cpu requests for ha node agent + cpu: "100m" + # -- Memory requests for ha node agent + memory: "64Mi" + cluster: + # -- Log level for the ha cluster service + logLevel: info + resources: + limits: + # -- Cpu limits for ha cluster agent + cpu: "100m" + # -- Memory limits for ha cluster agent + memory: "64Mi" + requests: + # -- Cpu requests for ha cluster agent + cpu: "100m" + # -- Memory requests for ha cluster agent + memory: "16Mi" + +apis: + rest: + # -- Log level for the rest service + logLevel: info + # -- Number of replicas of rest + replicaCount: 1 + resources: + limits: + # -- Cpu limits for rest + cpu: "100m" + # -- Memory limits for rest + memory: "64Mi" + requests: + # -- Cpu requests for rest + cpu: "50m" + # -- Memory requests for rest + memory: "32Mi" + # Rest service parameters define how the rest service is exposed + service: + # -- Rest K8s service type + type: ClusterIP + # Ports from where rest endpoints are accessible from outside the cluster, only valid if type is NodePort + nodePorts: + # NodePort associated with http port + http: 30011 + # NodePort associated with https port + https: 30010 + +csi: + image: + # -- Image registry to pull all CSI Sidecar images + registry: registry.k8s.io + # -- Image registry's namespace + repo: sig-storage + # -- imagePullPolicy for all CSI Sidecar images + pullPolicy: IfNotPresent + # -- csi-provisioner image release tag + provisionerTag: v2.2.1 + # -- csi-attacher image release tag + attacherTag: v3.2.1 + # -- csi-node-driver-registrar image release tag + registrarTag: v2.1.0 + + controller: + # -- Log level for the csi controller + logLevel: info + resources: + limits: + # -- Cpu limits for csi controller + cpu: "32m" + # -- Memory limits for csi controller + memory: "128Mi" + requests: + # -- Cpu requests for csi controller + cpu: "16m" + # -- Memory requests for csi controller + memory: "64Mi" + node: + logLevel: info + topology: + segments: + openebs.io/csi-node: mayastor + # -- Add topology segments to the csi-node daemonset node selector + nodeSelector: false + resources: + limits: + # -- Cpu limits for csi node plugin + cpu: "100m" + # -- Memory limits for csi node plugin + memory: "128Mi" + requests: + # -- Cpu requests for csi node plugin + cpu: "100m" + # -- Memory requests for csi node plugin + memory: "64Mi" + nvme: + # -- The nvme_core module io timeout in seconds + io_timeout: "30" + # -- The ctrl_loss_tmo (controller loss timeout) in seconds + ctrl_loss_tmo: "1980" + # Kato (keep alive timeout) in seconds + keep_alive_tmo: "" + # -- The kubeletDir directory for the csi-node plugin + kubeletDir: /var/lib/kubelet + pluginMounthPath: /csi + socketPath: csi.sock + +io_engine: + # -- Log level for the io-engine service + logLevel: info,io_engine=info + api: "v1" + target: + nvmf: + # -- NVMF target interface (ip, mac, name or subnet) + iface: "" + # -- Reservations Persist Through Power Loss State + ptpl: true + # -- Pass additional arguments to the Environment Abstraction Layer. + # Example: --set {product}.envcontext=iova-mode=pa + envcontext: "" + reactorFreezeDetection: + enabled: false + # -- The number of cpu that each io-engine instance will bind to. + cpuCount: "2" + # -- Node selectors to designate storage nodes for diskpool creation + # Note that if multi-arch images support 'kubernetes.io/arch: amd64' + # should be removed. + nodeSelector: + openebs.io/engine: mayastor + kubernetes.io/arch: amd64 + resources: + limits: + # -- Cpu limits for the io-engine + cpu: "" + # -- Memory limits for the io-engine + memory: "1Gi" + # -- Hugepage size available on the nodes + hugepages2Mi: "2Gi" + requests: + # -- Cpu requests for the io-engine + cpu: "" + # -- Memory requests for the io-engine + memory: "1Gi" + # -- Hugepage size available on the nodes + hugepages2Mi: "2Gi" + +etcd: + # Pod labels; okay to remove the openebs logging label if required + podLabels: + app: etcd + openebs.io/logging: "true" + # -- Number of replicas of etcd + replicaCount: 3 + # Kubernetes Cluster Domain + clusterDomain: cluster.local + # TLS authentication for client-to-server communications + # ref: https://etcd.io/docs/current/op-guide/security/ + client: + secureTransport: false + # TLS authentication for server-to-server communications + # ref: https://etcd.io/docs/current/op-guide/security/ + peer: + secureTransport: false + # Enable persistence using Persistent Volume Claims + persistence: + # -- If true, use a Persistent Volume Claim. If false, use emptyDir. + enabled: true + # -- Will define which storageClass to use in etcd's StatefulSets + # a `manual` storageClass will provision a hostpath PV on the same node + # an empty storageClass will use the default StorageClass on the cluster + storageClass: "" + # -- Volume size + size: 2Gi + # -- PVC's reclaimPolicy + reclaimPolicy: "Delete" + # -- Use a PreStop hook to remove the etcd members from the etcd cluster on container termination + # Ignored if lifecycleHooks is set or replicaCount=1 + removeMemberOnContainerTermination: false + + # -- AutoCompaction + # Since etcd keeps an exact history of its keyspace, this history should be + # periodically compacted to avoid performance degradation + # and eventual storage space exhaustion. + # Auto compaction mode. Valid values: "periodic", "revision". + # - 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. 5m). + # - 'revision' for revision number based retention. + autoCompactionMode: revision + # -- Auto compaction retention length. 0 means disable auto compaction. + autoCompactionRetention: 100 + extraEnvVars: + # -- Raise alarms when backend size exceeds the given quota. + - name: ETCD_QUOTA_BACKEND_BYTES + value: "8589934592" + + auth: + rbac: + create: false + enabled: false + allowNoneAuthentication: true + # Init containers parameters: + # volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. + # + volumePermissions: + # chown the mounted volume; this is required if a statically provisioned hostpath volume is used + enabled: true + # extra debug information on logs + debug: false + initialClusterState: "new" + # Pod anti-affinity preset + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + podAntiAffinityPreset: "hard" + + # etcd service parameters defines how the etcd service is exposed + service: + # K8s service type + type: ClusterIP + + # etcd client port + port: 2379 + + # Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. + # ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + # + nodePorts: + # Port from where etcd endpoints are accessible from outside cluster + clientPort: 31379 + peerPort: "" + +loki-stack: + # -- Enable loki log collection for our components + enabled: true + loki: + rbac: + # -- Create rbac roles for loki + create: true + pspEnabled: false + # -- Enable loki installation as part of loki-stack + enabled: true + # Install loki with persistence storage + persistence: + # -- Enable persistence storage for the logs + enabled: true + # -- StorageClass for Loki's centralised log storage + # empty storageClass implies cluster default storageClass & `manual` creates a static hostpath PV + storageClassName: "" + # -- PVC's ReclaimPolicy, can be Delete or Retain + reclaimPolicy: "Delete" + # -- Size of Loki's persistence storage + size: 10Gi + # loki process run & file permissions, required if sc=manual + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsNonRoot: false + runAsUser: 1001 + # initContainers to chown the static hostpath PV by 1001 user + initContainers: + - command: ["/bin/bash", "-ec", "chown -R 1001:1001 /data"] + image: docker.io/bitnami/bitnami-shell:10 + imagePullPolicy: IfNotPresent + name: volume-permissions + securityContext: + runAsUser: 0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data + name: storage + config: + # Compactor is a BoltDB(loki term) Shipper specific service that reduces the index + # size by deduping the index and merging all the files to a single file per table. + # Ref: https://grafana.com/docs/loki/latest/operations/storage/retention/ + compactor: + # Dictates how often compaction and/or retention is applied. If the + # Compactor falls behind, compaction and/or retention occur as soon as possible. + compaction_interval: 20m + + # If not enabled compactor will only compact table but they will not get + # deleted + retention_enabled: true + + # The delay after which the compactor will delete marked chunks + retention_delete_delay: 1h + + # Specifies the maximum quantity of goroutine workers instantiated to + # delete chunks + retention_delete_worker_count: 50 + + # Rentention period of logs is configured within the limits_config section + limits_config: + # configuring retention period for logs + retention_period: 168h + + # Loki service parameters defines how the Loki service is exposed + service: + # K8s service type + type: ClusterIP + port: 3100 + # Port where REST endpoints of Loki are accessible from outside cluster + nodePort: 31001 + + # promtail configuration + promtail: + rbac: + # create rbac roles for promtail + create: true + pspEnabled: false + # -- Enables promtail for scraping logs from nodes + enabled: true + # -- Disallow promtail from running on the master node + tolerations: [] + config: + # -- The Loki address to post logs to + lokiAddress: http://{{ .Release.Name }}-loki:3100/loki/api/v1/push + snippets: + # Promtail will export logs to loki only based on based on below + # configuration, below scrape config will export only our services + # which are labeled with openebs.io/logging=true + scrapeConfigs: | + - job_name: {{ .Release.Name }}-pods-name + pipeline_stages: + - docker: {} + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: + - __meta_kubernetes_pod_node_name + target_label: hostname + action: replace + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: keep + source_labels: + - __meta_kubernetes_pod_label_openebs_io_logging + regex: true + target_label: {{ .Release.Name }}_component + - action: replace + replacement: $1 + separator: / + source_labels: + - __meta_kubernetes_namespace + target_label: job + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + source_labels: + - __meta_kubernetes_pod_container_name + target_label: container + - replacement: /var/log/pods/*$1/*.log + separator: / + source_labels: + - __meta_kubernetes_pod_uid + - __meta_kubernetes_pod_container_name + target_label: __path__ +obs: + callhome: + # -- Enable callhome + enabled: true + # -- Log level for callhome + logLevel: "info" + resources: + limits: + # -- Cpu limits for callhome + cpu: "100m" + # -- Memory limits for callhome + memory: "32Mi" + requests: + # -- Cpu requests for callhome + cpu: "50m" + # -- Memory requests for callhome + memory: "16Mi" diff --git a/charts/openebs/openebs/templates/localprovisioner/deployment-local-provisioner.yaml b/charts/openebs/openebs/templates/localprovisioner/deployment-local-provisioner.yaml index 92984b2cd..45a9e6b8a 100644 --- a/charts/openebs/openebs/templates/localprovisioner/deployment-local-provisioner.yaml +++ b/charts/openebs/openebs/templates/localprovisioner/deployment-local-provisioner.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.localprovisioner.enabled }} {{- $localpvprovisionerValues := index .Values "localpv-provisioner" }} {{- if not $localpvprovisionerValues.enabled }} @@ -124,3 +125,4 @@ spec: {{ end }} {{ end }} {{ end }} +{{ end }} diff --git a/charts/openebs/openebs/templates/localprovisioner/device-class.yaml b/charts/openebs/openebs/templates/localprovisioner/device-class.yaml index f9ad46f67..dafe0d1de 100644 --- a/charts/openebs/openebs/templates/localprovisioner/device-class.yaml +++ b/charts/openebs/openebs/templates/localprovisioner/device-class.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.localprovisioner.enabled }} {{- $localpvprovisionerValues := index .Values "localpv-provisioner" }} {{- if not $localpvprovisionerValues.enabled }} @@ -36,3 +37,4 @@ reclaimPolicy: {{ .Values.localprovisioner.deviceClass.reclaimPolicy }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/localprovisioner/hostpath-class.yaml b/charts/openebs/openebs/templates/localprovisioner/hostpath-class.yaml index 4a617afdf..b1eb41eb2 100644 --- a/charts/openebs/openebs/templates/localprovisioner/hostpath-class.yaml +++ b/charts/openebs/openebs/templates/localprovisioner/hostpath-class.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.localprovisioner.enabled }} {{- $localpvprovisionerValues := index .Values "localpv-provisioner" }} {{- if not $localpvprovisionerValues.enabled }} @@ -45,3 +46,4 @@ reclaimPolicy: {{ .Values.localprovisioner.hostpathClass.reclaimPolicy }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/cluster-exporter-service.yaml b/charts/openebs/openebs/templates/ndm/cluster-exporter-service.yaml index c31b03c9a..3dd07dcd7 100644 --- a/charts/openebs/openebs/templates/ndm/cluster-exporter-service.yaml +++ b/charts/openebs/openebs/templates/ndm/cluster-exporter-service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.ndm.enabled }} {{- if and .Values.ndmExporter.enabled .Values.ndmExporter.clusterExporter.metricsPort }} {{- $ndmValues := index .Values "openebs-ndm" }} @@ -21,3 +22,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/cluster-exporter.yaml b/charts/openebs/openebs/templates/ndm/cluster-exporter.yaml index 479a52061..da6fe9d79 100644 --- a/charts/openebs/openebs/templates/ndm/cluster-exporter.yaml +++ b/charts/openebs/openebs/templates/ndm/cluster-exporter.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if and (.Values.ndm.enabled) (.Values.ndmExporter.enabled) }} {{- $ndmValues := index .Values "openebs-ndm" }} {{- if not $ndmValues.enabled }} @@ -49,3 +50,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/cm-node-disk-manager.yaml b/charts/openebs/openebs/templates/ndm/cm-node-disk-manager.yaml index e093e5c37..ab57b3798 100644 --- a/charts/openebs/openebs/templates/ndm/cm-node-disk-manager.yaml +++ b/charts/openebs/openebs/templates/ndm/cm-node-disk-manager.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.ndm.enabled }} {{- $ndmValues := index .Values "openebs-ndm" }} {{- if not $ndmValues.enabled }} @@ -46,3 +47,4 @@ data: exclude: "{{ .Values.ndm.filters.excludePaths }}" {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/daemonset-ndm.yaml b/charts/openebs/openebs/templates/ndm/daemonset-ndm.yaml index b5121a8ff..11026c990 100644 --- a/charts/openebs/openebs/templates/ndm/daemonset-ndm.yaml +++ b/charts/openebs/openebs/templates/ndm/daemonset-ndm.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.ndm.enabled }} {{- $ndmValues := index .Values "openebs-ndm" }} {{- if not $ndmValues.enabled }} @@ -184,3 +185,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/deployment-ndm-operator.yaml b/charts/openebs/openebs/templates/ndm/deployment-ndm-operator.yaml index e2c63d083..9d60b8e00 100644 --- a/charts/openebs/openebs/templates/ndm/deployment-ndm-operator.yaml +++ b/charts/openebs/openebs/templates/ndm/deployment-ndm-operator.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.ndmOperator.enabled }} {{- $ndmValues := index .Values "openebs-ndm" }} {{- if not $ndmValues.enabled }} @@ -89,3 +90,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/node-exporter-service.yaml b/charts/openebs/openebs/templates/ndm/node-exporter-service.yaml index ad67d32c0..419f92492 100644 --- a/charts/openebs/openebs/templates/ndm/node-exporter-service.yaml +++ b/charts/openebs/openebs/templates/ndm/node-exporter-service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if .Values.ndm.enabled }} {{- if and .Values.ndmExporter.enabled .Values.ndmExporter.nodeExporter.metricsPort }} {{- $ndmValues := index .Values "openebs-ndm" }} @@ -21,3 +22,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/templates/ndm/node-exporter.yaml b/charts/openebs/openebs/templates/ndm/node-exporter.yaml index d798d29ea..77d7851e8 100644 --- a/charts/openebs/openebs/templates/ndm/node-exporter.yaml +++ b/charts/openebs/openebs/templates/ndm/node-exporter.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.mayastor.enabled -}} {{- if and .Values.ndm.enabled .Values.ndmExporter.enabled }} {{- $ndmValues := index .Values "openebs-ndm" }} {{- if not $ndmValues.enabled }} @@ -50,3 +51,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/openebs/openebs/values.yaml b/charts/openebs/openebs/values.yaml index a9dddb98c..3708a5fc4 100644 --- a/charts/openebs/openebs/values.yaml +++ b/charts/openebs/openebs/values.yaml @@ -397,8 +397,158 @@ analytics: # Specify in hours the duration after which a ping event needs to be sent. pingInterval: "24h" -jiva: +mayastor: + # -- Enable Mayastor storage engine + # Note: Enabling this will remove LocalPV Provisioner and NDM (default chart components). + enabled: false + image: + # -- Image registry to pull Mayastor product images + registry: docker.io + # -- Image registry's namespace + repo: openebs + # -- Release tag for Mayastor images + tag: v2.0.0 + # -- ImagePullPolicy for Mayastor images + pullPolicy: Always + base: + initContainers: + enabled: true + containers: + - name: agent-core-grpc-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-agent-core 50051; do date; echo "Waiting for agent-core-grpc services..."; sleep 1; done;'] + - name: etcd-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-etcd {{.Values.etcd.service.port}}; do date; echo "Waiting for etcd..."; sleep 1; done;'] + initCoreContainers: + enabled: true + containers: + - name: etcd-probe + image: busybox:latest + command: ['sh', '-c', 'trap "exit 1" TERM; until nc -vzw 5 {{ .Release.Name }}-etcd {{.Values.etcd.service.port}}; do date; echo "Waiting for etcd..."; sleep 1; done;'] + # docker-secrets required to pull images if the container registry from image.Registry is protected + imagePullSecrets: + # -- Enable imagePullSecrets for pulling our container images + enabled: false + # Name of the imagePullSecret in the installed namespace + secrets: + - name: login + + metrics: + # -- Enable the metrics exporter + enabled: true + + jaeger: + # -- Enable jaeger tracing + enabled: false + + operators: + pool: + # -- Log level for diskpool operator service + logLevel: info + + jaeger-operator: + # Name of jaeger operator + name: "{{ .Release.Name }}" + crd: + # Install jaeger CRDs + install: false + jaeger: + # Install jaeger-operator + create: false + rbac: + # Create a clusterRole for Jaeger + clusterRole: true + + agents: + core: + # -- Log level for the core service + logLevel: info + ha: + enabled: true + node: + # -- Log level for the ha node service + logLevel: info + cluster: + # -- Log level for the ha cluster service + logLevel: info + + apis: + rest: + # -- Log level for the rest service + logLevel: info + # -- Number of replicas of rest + replicaCount: 1 + + csi: + image: + # -- Image registry to pull all CSI Sidecar images + registry: registry.k8s.io + # -- Image registry's namespace + repo: sig-storage + # -- imagePullPolicy for all CSI Sidecar images + pullPolicy: IfNotPresent + # -- csi-provisioner image release tag + provisionerTag: v2.2.1 + # -- csi-attacher image release tag + attacherTag: v3.2.1 + # -- csi-node-driver-registrar image release tag + registrarTag: v2.1.0 + + controller: + # -- Log level for the csi controller + logLevel: info + + node: + logLevel: info + topology: + segments: + openebs.io/csi-node: mayastor + # -- Add topology segments to the csi-node daemonset node selector + nodeSelector: false + kubeletDir: /var/lib/kubelet + + io_engine: + # -- Log level for the io-engine service + logLevel: info,io_engine=info + # -- Node selectors to designate storage nodes for diskpool creation + # Note that if multi-arch images support 'kubernetes.io/arch: amd64' + # should be removed. + nodeSelector: + openebs.io/engine: mayastor + kubernetes.io/arch: amd64 + + etcd: + # Pod labels; okay to remove the openebs logging label if required + podLabels: + app: etcd + openebs.io/logging: "true" + # -- Number of replicas of etcd + replicaCount: 3 + persistence: + # -- If true, use a Persistent Volume Claim. If false, use emptyDir. + enabled: true + # -- Will define which storageClass to use in etcd's StatefulSets + # a `manual` storageClass will provision a hostpath PV on the same node + # an empty storageClass will use the default StorageClass on the cluster + storageClass: "" + # -- Volume size + size: 2Gi + podAntiAffinityPreset: "hard" + + loki-stack: + # -- Enable loki log collection for Mayastor components + enabled: true + + obs: + callhome: + # -- Enable callhome + enabled: true + # -- Log level for callhome + logLevel: "info" + +jiva: # non csi configuration image: "openebs/jiva" imageTag: "2.12.2" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index eb5e41022..086a401c0 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -31,4 +31,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 2.10.6 +version: 2.11.0 diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index cd1c338a2..b1a0e8703 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -61,7 +61,7 @@ spec: securityContext: {{ include "pod-security-context" . | nindent 8 }} containers: - name: {{ template "redpanda.name" . }}-post-install - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} {{- if not (empty .Values.license_secret_ref) }} env: - name: REDPANDA_LICENSE diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index c35774c82..bc2a20435 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -58,7 +58,7 @@ spec: securityContext: {{ include "pod-security-context" . | nindent 8 }} containers: - name: {{ template "redpanda.name" . }}-post-upgrade - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: ["/bin/sh", "-c"] args: - | diff --git a/charts/redpanda/redpanda/templates/secrets.yaml b/charts/redpanda/redpanda/templates/secrets.yaml index b4aed7b5c..e036b7264 100644 --- a/charts/redpanda/redpanda/templates/secrets.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -47,13 +47,13 @@ stringData: # path below should match the path defined on the statefulset source /var/lifecycle/common.sh +{{- if gt ( .Values.statefulset.replicas | int64 ) 2 }} set -ex until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do sleep 0.5 done -{{- if gt ( .Values.statefulset.replicas | int64 ) 2 }} echo "Clearing maintenance mode on node ${NODE_ID}" CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" # a 400 here would mean not in maintenance mode @@ -63,13 +63,14 @@ stringData: done {{- end }} - {{- if and .Values.auth.sasl.enabled (not (empty .Values.auth.sasl.secretRef )) }} +{{- if and .Values.auth.sasl.enabled (not (empty .Values.auth.sasl.secretRef )) }} + set +x + # Setup and export SASL bootstrap-user IFS=":" read -r USER_NAME PASSWORD MECHANISM < $(find /etc/secrets/users/* -print) MECHANISM=${MECHANISM:-{{- include "sasl-mechanism" . }}} rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} || true - {{- end }} - +{{- end }} preStop.sh: |- #!/usr/bin/env bash diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 82b7cddc3..dbcbaa8b1 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -53,6 +53,25 @@ spec: securityContext: {{ include "pod-security-context" . | nindent 8 }} serviceAccountName: {{ include "redpanda.serviceAccountName" . }} initContainers: +{{- if and (hasKey $values.tuning "tune_aio_events") $values.tuning.tune_aio_events }} + - name: tuning + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - bash + - -c + args: + - | + rpk redpanda tune all + securityContext: + capabilities: + add: ["CAP_SYS_RESOURCE"] + privileged: true + runAsUser: 0 + runAsGroup: 0 + volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /etc/redpanda +{{- end }} {{- if not .Values.statefulset.skipChown }} - name: set-datadir-ownership image: {{ .Values.statefulset.initContainerImage.repository }}:{{ .Values.statefulset.initContainerImage.tag }} @@ -70,7 +89,7 @@ spec: {{- end }} {{- end }} - name: {{ (include "redpanda.name" .) | trunc 51 }}-configurator - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: ["/bin/bash", "-c"] env: - name: SERVICE_NAME diff --git a/charts/redpanda/redpanda/templates/tests/test-api-status.yaml b/charts/redpanda/redpanda/templates/tests/test-api-status.yaml index 5718a2f09..8ab39c803 100644 --- a/charts/redpanda/redpanda/templates/tests/test-api-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-api-status.yaml @@ -21,12 +21,12 @@ metadata: name: "{{ include "redpanda.fullname" . }}-test-api-status" namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -34,13 +34,17 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - - /bin/bash + - /usr/bin/timeout + - "120" + - bash - -c - - > - rpk cluster info - --brokers {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + - | + until rpk cluster info \ + --brokers {{ include "redpanda.fullname" . }}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} + do sleep 2 + done volumeMounts: - name: {{ template "redpanda.fullname" . }} mountPath: /tmp/base-config diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml index dee7b93c1..b0e89e0ce 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml @@ -14,6 +14,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} +{{- $service := .Values.listeners.kafka -}} +{{- $cert := get .Values.tls.certs $service.tls.cert -}} {{- if and (include "kafka-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} apiVersion: v1 kind: Pod @@ -21,12 +23,12 @@ metadata: name: {{ include "redpanda.fullname" . }}-test-kafka-internal-tls-status namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -34,58 +36,44 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - - /bin/bash + - /usr/bin/timeout + - "120" + - bash - -c - - > - {{- $service := .Values.listeners.kafka -}} - {{- $cert := get .Values.tls.certs $service.tls.cert }} - {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} - rpk cluster info - --brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} - --tls-enabled - {{- if $cert.caEnabled }} - --tls-truststore /etc/tls/certs/{{ $service.tls.cert }}/ca.crt - {{- else }} + - | + until rpk cluster info \ + --brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ $service.port }} \ + --tls-enabled \ + {{- if $cert.caEnabled }} + --tls-truststore /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} {{- /* This is a required field so we use the default in the redpanda debian container */}} - --tls-truststore /etc/ssl/certs/ca-certificates.crt - {{- end }} + --tls-truststore /etc/ssl/certs/ca-certificates.crt {{- end }} - resources: -{{- toYaml .Values.statefulset.resources | nindent 12 }} + do sleep 2 + done + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} volumeMounts: - name: {{ template "redpanda.fullname" . }} mountPath: /tmp/base-config - name: config mountPath: /etc/redpanda -{{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} -{{- end }} volumes: - name: {{ template "redpanda.fullname" . }} configMap: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} -{{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert secret: - defaultMode: 420 - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt - {{- if $cert.caEnabled }} - - key: ca.crt - path: ca.crt - {{- end }} + defaultMode: 0644 secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert {{- end }} -{{- end -}} {{- end }} diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml index 9fd012b2b..fa7b3684f 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml @@ -16,8 +16,8 @@ limitations under the License. */}} {{- $sasl := .Values.auth.sasl }} {{- $useSaslSecret := and $sasl.enabled (not (empty $sasl.secretRef )) }} -apiVersion: batch/v1 -kind: Job +apiVersion: v1 +kind: Pod metadata: name: {{ include "redpanda.fullname" . }}-test-kafka-produce-consume namespace: {{ .Release.Namespace | quote }} @@ -27,79 +27,69 @@ metadata: {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: - backoffLimit: 2 - completions: 1 - parallelism: 1 - ttlSecondsAfterFinished: 120 - template: - spec: - restartPolicy: Never - securityContext: - runAsUser: 65535 - runAsGroup: 65535 - containers: - - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} - env: - - name: REDPANDA_BROKERS - value: "{{ include "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain | trimSuffix "." }}:{{ .Values.listeners.kafka.port }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - command: - - /bin/bash - - -c - - | - set -e - {{- if or (not $sasl.enabled) $useSaslSecret }} - rpk topic create produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} - echo "Pandas are awesome!" | rpk topic produce produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} - rpk topic consume produce.consume.test.$POD_NAME -n 1 {{ include "rpk-topic-flags" . }} | grep "Pandas are awesome!" - {{- end }} - volumeMounts: - - name: config - mountPath: /etc/redpanda + restartPolicy: Never + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + env: + - name: REDPANDA_BROKERS + value: "{{ include "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain | trimSuffix "." }}:{{ .Values.listeners.kafka.port }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -e +{{- if or (not $sasl.enabled) $useSaslSecret }} + until rpk topic create produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} + do sleep 2 + done + echo "Pandas are awesome!" | rpk topic produce produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} + rpk topic consume produce.consume.test.$POD_NAME -n 1 {{ include "rpk-topic-flags" . }} | grep "Pandas are awesome!" + rpk topic delete produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} +{{- end }} + volumeMounts: + - name: config + mountPath: /etc/redpanda {{- if (include "tls-enabled" . | fromJson).bool -}} {{- range $name, $cert := .Values.tls.certs }} - - name: redpanda-{{ $name }}-cert - mountPath: {{ printf "/etc/tls/certs/%s" $name }} + - name: redpanda-{{ $name }}-cert + mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} {{- end }} - {{- if $useSaslSecret }} - - name: {{ $sasl.secretRef }} - mountPath: "/etc/secrets/users" - readOnly: true - {{- end}} - resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} - volumes: - - name: {{ template "redpanda.fullname" . }} - configMap: - name: {{ template "redpanda.fullname" . }} - - name: config - emptyDir: {} - {{- if $useSaslSecret }} +{{- if $useSaslSecret }} - name: {{ $sasl.secretRef }} - secret: - secretName: {{ $sasl.secretRef }} - optional: false - {{- end }} + mountPath: "/etc/secrets/users" + readOnly: true +{{- end}} + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} + volumes: + - name: {{ template "redpanda.fullname" . }} + configMap: + name: {{ template "redpanda.fullname" . }} + - name: config + emptyDir: {} +{{- if $useSaslSecret }} + - name: {{ $sasl.secretRef }} + secret: + secretName: {{ $sasl.secretRef }} + optional: false +{{- end }} {{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} - - name: redpanda-{{ $name }}-cert - secret: - defaultMode: 420 - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt - {{- if $cert.caEnabled }} - - key: ca.crt - path: ca.crt - {{- end }} - secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + - name: redpanda-{{ $name }}-cert + secret: + defaultMode: 0644 + secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert {{- end }} {{- end -}} diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml index 1d3d2db83..c5484c9db 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml @@ -32,7 +32,7 @@ metadata: {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -40,23 +40,27 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - - /bin/bash - - -c - - | - set -xe - rpk acl user delete myuser {{ include "rpk-common-flags" . }} - sleep 3 + - /usr/bin/timeout + - "120" + - bash + - -c + - | + set -xe + until rpk acl user delete myuser {{ include "rpk-common-flags" . }} + do sleep 2 + done + sleep 3 - {{ include "rpk-cluster-info" $rpk }} - {{ include "rpk-acl-user-create" $rpk }} - {{ include "rpk-acl-create" $rpk }} - sleep 3 - {{ include "rpk-topic-create" $rpk }} - {{ include "rpk-topic-describe" $rpk }} - {{ include "rpk-topic-delete" $rpk }} - rpk acl user delete myuser {{ include "rpk-common-flags" . }} + {{ include "rpk-cluster-info" $rpk }} + {{ include "rpk-acl-user-create" $rpk }} + {{ include "rpk-acl-create" $rpk }} + sleep 3 + {{ include "rpk-topic-create" $rpk }} + {{ include "rpk-topic-describe" $rpk }} + {{ include "rpk-topic-delete" $rpk }} + rpk acl user delete myuser {{ include "rpk-common-flags" . }} volumeMounts: - name: config mountPath: /etc/redpanda @@ -89,16 +93,7 @@ spec: {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert secret: - defaultMode: 420 - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt - {{- if $cert.caEnabled }} - - key: ca.crt - path: ca.crt - {{- end }} + defaultMode: 0644 secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert {{- end }} {{- end -}} diff --git a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml index 3017e632b..191e7559a 100644 --- a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml @@ -14,21 +14,21 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and (include "http-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} {{- $service := .Values.listeners.http -}} {{- $cert := get .Values.tls.certs $service.tls.cert -}} +{{- if and (include "http-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} apiVersion: v1 kind: Pod metadata: name: {{ include "redpanda.fullname" . }}-test-pandaproxy-internal-tls-status namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -36,10 +36,16 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - curl - -svm3 + - --fail + - --retry + - "120" + - --retry-max-time + - "120" + - --retry-all-errors - --ssl-reqd {{- if $cert.caEnabled }} - --cacert @@ -53,29 +59,19 @@ spec: - name: redpanda-{{ $name }}-cert mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} - resources: -{{- toYaml .Values.statefulset.resources | nindent 12 }} + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} volumes: - name: {{ template "redpanda.fullname" . }} configMap: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} -{{- if (include "tls-enabled" . | fromJson).bool }} - {{- range $name, $cert := .Values.tls.certs }} + {{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert secret: - defaultMode: 420 - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt - {{- if $cert.caEnabled }} - - key: ca.crt - path: ca.crt - {{- end }} + defaultMode: 0644 secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert + {{- end }} {{- end }} {{- end -}} -{{- end }} diff --git a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml index 5bb0ef1a5..8973c0933 100644 --- a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml @@ -21,12 +21,12 @@ metadata: name: "{{ include "redpanda.fullname" . }}-test-pandaproxy-status" namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -34,9 +34,15 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - curl - -svm3 + - --fail + - --retry + - "120" + - --retry-max-time + - "120" + - --retry-all-errors - http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.http.port }}/brokers {{- end }} diff --git a/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml b/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml index 39677b43c..9f5d4bf49 100644 --- a/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml @@ -15,39 +15,33 @@ See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.rackAwareness.enabled -}} -{{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" .)) -}} -apiVersion: batch/v1 -kind: Job + {{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" .)) -}} +apiVersion: v1 +kind: Pod metadata: name: {{ include "redpanda.fullname" . }}-test-rack-awareness namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: - backoffLimit: 2 - completions: 1 - parallelism: 1 - ttlSecondsAfterFinished: 120 - template: - spec: - restartPolicy: Never - securityContext: - runAsUser: 65535 - runAsGroup: 65535 - containers: - - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} - command: - - /bin/bash - - -c - - | - set -e - curl --silent --fail http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.admin.port }}/v1/node_config | grep '"rack":"rack[1-4]"' - rpk redpanda admin config print --host {{ include "redpanda.fullname" . }}:{{ .Values.listeners.admin.port }} | grep '"enable_rack_awareness": true' -{{- end -}} + restartPolicy: Never + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + containers: + - name: {{ template "redpanda.name" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} + command: + - /bin/bash + - -c + - | + set -e + curl --silent --fail --retry 120 --retry-max-time 120 --retry-all-errors http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.admin.port }}/v1/node_config | grep '"rack":"rack[1-4]"' + rpk redpanda admin config print --host {{ include "redpanda.fullname" . }}:{{ .Values.listeners.admin.port }} | grep '"enable_rack_awareness": true' + {{- end -}} {{- end -}} diff --git a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml index 7660268d4..eadc85a44 100644 --- a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml @@ -14,21 +14,21 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) }} {{- $service := .Values.listeners.schemaRegistry -}} {{- $cert := get .Values.tls.certs $service.tls.cert -}} +{{- if and (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) -}} apiVersion: v1 kind: Pod metadata: name: {{ include "redpanda.fullname" . }}-test-schemaregistry-internal-tls-status namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -36,10 +36,16 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - curl - -svm3 + - --fail + - --retry + - "120" + - --retry-max-time + - "120" + - --retry-all-errors - --ssl-reqd {{- if $cert.caEnabled }} - --cacert @@ -53,8 +59,7 @@ spec: - name: redpanda-{{ $name }}-cert mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} - resources: -{{- toYaml .Values.statefulset.resources | nindent 12 }} + resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} volumes: - name: {{ template "redpanda.fullname" . }} configMap: @@ -64,16 +69,7 @@ spec: {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert secret: - defaultMode: 420 - items: - - key: tls.key - path: tls.key - - key: tls.crt - path: tls.crt - {{- if $cert.caEnabled }} - - key: ca.crt - path: ca.crt - {{- end }} + defaultMode: 0644 secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert {{- end }} -{{- end }} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml index d8df0b0c9..fdf2261b8 100644 --- a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml @@ -14,8 +14,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- /* TODO test fails if SASL is enabled */}} -{{- /* TODO test expects the first listener to have TLS enabled */}} {{- if not (or (include "tls-enabled" . | fromJson).bool (include "sasl-enabled" . | fromJson).bool) }} apiVersion: v1 kind: Pod @@ -23,12 +21,12 @@ metadata: name: "{{ include "redpanda.fullname" . }}-test-schemaregistry-status" namespace: {{ .Release.Namespace | quote }} labels: -{{- with include "full.labels" . }} - {{- . | nindent 4 }} -{{- end }} + {{- with include "full.labels" . }} + {{- . | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": test - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-delete-policy": before-hook-creation spec: restartPolicy: Never securityContext: @@ -36,13 +34,15 @@ spec: runAsGroup: 65535 containers: - name: {{ template "redpanda.name" . }} - image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} + image: {{ .Values.image.repository }}:{{ template "redpanda.tag" . }} command: - curl - -svm3 + - --fail - --retry - - "300" + - "120" - --retry-max-time - "120" + - --retry-all-errors - http://{{ include "redpanda.fullname" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects {{- end }} diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 85a6d8c44..0f409b44d 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -52,7 +52,7 @@ }, "license_key": { "type": "string", - "pattern": "^(?:[A-Za-z0-9+/.])*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\\.(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$|^$", "deprecated": true }, "license_secret_ref": { diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 84d73aa1c..34952109b 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -108,7 +108,7 @@ tls: # Each listener must include a certificate name in its TLS section # Any certificates in auth.tls.certs will still be loaded if enabled is false # This is because listeners may enable TLS individually (see listeners..tls.enabled) - enabled: false + enabled: true # list all certificates below, then reference a certificate's name in each listener (see listeners..tls.cert) certs: # This is the certificate name that is used to associate the certificate with a listener @@ -549,13 +549,18 @@ rbac: # annotations to add to the rbac resources annotations: {} -tuning: {} +tuning: # This section contains Redpanda tuning parameters. # Each parameter below is set to their default values. # Remove the curly brackets above if you uncomment any parameters below. # - # Increases the number of allowed asynchronous IO events. - # tune_aio_events: false + # Increases the maximum number of outstanding asynchronous IO operations if the + # current value is below a certain threshold. This allows redpanda to make as many + # simultaneous IO requests as possible, increasing throughput. + # + # Enabling this option will create a privileged container. If your security profile does not allow this, + # see https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-tune-workers/ for tuning requirements. + tune_aio_events: true # # Syncs NTP # tune_clocksource: false diff --git a/charts/triggermesh/triggermesh/Chart.lock b/charts/triggermesh/triggermesh/Chart.lock index fb7dc87c8..03e2a97ad 100644 --- a/charts/triggermesh/triggermesh/Chart.lock +++ b/charts/triggermesh/triggermesh/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://storage.googleapis.com/triggermesh-charts version: 1.0.x digest: sha256:c67194975a820c5e45b0c870a27657291b372d3fbc7c260ede25cb1f369fccf0 -generated: "2023-02-14T04:14:07.308664143Z" +generated: "2023-02-24T09:59:09.492753888Z" diff --git a/charts/triggermesh/triggermesh/Chart.yaml b/charts/triggermesh/triggermesh/Chart.yaml index 4d228047e..c98458a44 100644 --- a/charts/triggermesh/triggermesh/Chart.yaml +++ b/charts/triggermesh/triggermesh/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.20-0' catalog.cattle.io/release-name: triggermesh apiVersion: v2 -appVersion: v1.22.0 +appVersion: v1.23.3 dependencies: - condition: triggermesh-core.enabled name: triggermesh-core @@ -18,4 +18,4 @@ description: A Helm chart deploying TriggerMesh Open Source Components icon: https://partner-charts.rancher.io/assets/logos/triggermesh.svg name: triggermesh type: application -version: 0.6.3 +version: 0.6.4 diff --git a/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml b/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml index c2182211e..3d338a02b 100644 --- a/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml +++ b/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: v1.0.0 +appVersion: v1.1.1 description: A Helm chart deploying TriggerMesh Core Open Source Components name: triggermesh-core type: application -version: 1.0.0 +version: 1.0.1 diff --git a/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/redisbroker.yaml b/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/redisbroker.yaml index 4e3c8a092..00681631e 100644 --- a/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/redisbroker.yaml +++ b/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/redisbroker.yaml @@ -97,6 +97,7 @@ spec: streamMaxLen: description: Maximum number of items (approximate) the Redis stream can host. type: integer + default: 1000 broker: description: Broker options. diff --git a/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml b/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml index f9d180bd4..6dba8be13 100644 --- a/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml +++ b/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml @@ -152,6 +152,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -467,6 +472,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -738,6 +748,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -996,6 +1011,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -1252,6 +1272,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -1508,6 +1533,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -1786,6 +1816,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -2051,6 +2086,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -2312,6 +2352,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -2650,6 +2695,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -2930,6 +2980,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -3218,6 +3273,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -3543,6 +3603,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -3922,6 +3987,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -4245,6 +4315,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -4606,6 +4681,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -4819,6 +4899,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -5033,6 +5118,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -5399,6 +5489,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -5686,6 +5781,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -5936,6 +6036,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -6185,6 +6290,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -6428,6 +6538,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -6659,6 +6774,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -6899,6 +7019,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -7145,6 +7270,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -7395,6 +7525,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -7718,6 +7853,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -8097,6 +8237,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -8399,6 +8544,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -8650,6 +8800,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -8871,6 +9026,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -9076,6 +9236,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -9318,6 +9483,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -9580,6 +9750,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -9795,6 +9970,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -9968,30 +10148,64 @@ spec: type: object description: Desired state of event target. properties: - awsApiKey: - description: API Key to interact with the Comprehend API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html + auth: + description: Authentication method to interact with the Amazon API. type: object properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - description: API Secret to interact with the Comprehend API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - type: object - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] region: description: Code of the AWS region to use for the Comprehend API. Available region codes are documented in the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints. type: string @@ -10002,6 +10216,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -10064,8 +10283,7 @@ spec: required: - region - language - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -10158,30 +10376,64 @@ spec: description: Desired state of event target. type: object properties: - awsApiKey: - type: object - description: API Key to interact with the Amazon DynamoDB API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. - type: object - properties: - key: - type: string - name: - type: string - awsApiSecret: - description: API Key to interact with the Amazon DynamoDB API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html + auth: + description: Authentication method to interact with the Amazon API. type: object properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: description: ARN of the DynamoDB table to post events to. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html type: string @@ -10190,6 +10442,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -10251,8 +10508,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -10345,30 +10601,64 @@ spec: description: Desired state of event target. type: object properties: - awsApiKey: - description: API Key to interact with the Amazon EventBridge API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html + auth: + description: Authentication method to interact with the Amazon API. type: object properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - description: API Secret to interact with the Amazon EventBridge API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - type: object - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: description: ARN of the Event Bus that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridge.html type: string @@ -10380,6 +10670,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -10441,8 +10736,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -10534,30 +10828,64 @@ spec: spec: type: object properties: - awsApiKey: + auth: + description: Authentication method to interact with the Amazon API. type: object - description: API Key to interact with the Amazon Kinesis API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - type: object - description: API Secret to interact with the Amazon Kinesis API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: description: ARN of the Kinesis stream that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonkinesis.html type: string @@ -10572,6 +10900,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -10633,8 +10966,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -10727,30 +11059,64 @@ spec: description: Desired state of event target. type: object properties: - awsApiKey: + auth: + description: Authentication method to interact with the Amazon API. type: object - description: API Key to interact with the Amazon Lambda API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - type: object - description: API Secret to interact with the Amazon Lambda API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: description: ARN of the Lambda function that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html type: string @@ -10762,6 +11128,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -10823,8 +11194,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -10918,30 +11288,64 @@ spec: description: Desired state of event target. type: object properties: - awsApiKey: + auth: + description: Authentication method to interact with the Amazon API. type: object - description: API Key to interact with the Amazon S3 API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - type: object - description: API Secret to interact with the Amazon S3 API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: type: string description: ARN of the S3 bucket that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html @@ -10953,6 +11357,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -11014,8 +11423,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -11124,30 +11532,64 @@ spec: type: object description: Desired state of event target. properties: - awsApiKey: + auth: + description: Authentication method to interact with the Amazon API. type: object - description: API Key to interact with the SNS API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - type: object - description: API Secret to interact with the SNS API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: description: ARN of the SNS queue that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsns.html type: string @@ -11159,6 +11601,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -11220,8 +11667,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -11314,30 +11760,64 @@ spec: description: Desired state of event target. type: object properties: - awsApiKey: - description: API Key to interact with the Amazon SQS API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html + auth: + description: Authentication method to interact with the Amazon API. type: object properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the access key ID. + credentials: + description: Security credentials authentication. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html. type: object properties: - key: - type: string - name: - type: string - awsApiSecret: - description: API Secret to interact with the Amazon SQS API. For more information about AWS security credentials, please refer to the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html - type: object - properties: - secretKeyRef: - description: A reference to a Kubernetes Secret object containing the secret access key. - type: object - properties: - key: - type: string - name: - type: string + accessKeyID: + description: Access key ID. + type: object + properties: + value: + description: Literal value of the access key ID. + type: string + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the access key ID. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + secretAccessKey: + description: Secret access key. + type: object + properties: + value: + description: Literal value of the secret access key. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the secret access key. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] + iamRole: + description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + oneOf: + - required: [credentials] + - required: [iamRole] arn: description: ARN of the SQS queue that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html type: string @@ -11352,6 +11832,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -11413,8 +11898,7 @@ spec: format: int64 required: - arn - - awsApiSecret - - awsApiKey + - auth status: type: object description: Reported status of the event target. @@ -11679,6 +12163,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -12001,6 +12490,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -12216,6 +12710,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -12409,6 +12908,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -12589,6 +13093,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -12817,6 +13326,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -13007,6 +13521,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -13198,6 +13717,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -13396,6 +13920,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -13588,6 +14117,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -13783,6 +14317,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -13993,6 +14532,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -14235,6 +14779,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -14527,6 +15076,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -14742,6 +15296,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -15083,6 +15642,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -15288,6 +15852,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -15486,6 +16055,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -15709,6 +16283,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -15910,6 +16489,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -16103,6 +16687,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -16287,6 +16876,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -16485,6 +17079,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -16655,6 +17254,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -16861,6 +17465,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -17056,6 +17665,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -17261,6 +17875,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -17465,6 +18084,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -17685,6 +18309,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -17920,6 +18549,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -18107,6 +18741,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -18319,6 +18958,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -18501,6 +19145,10 @@ spec: description: JSON path or variable name. Depends on the operation type. nullable: true type: string + separator: + description: JSON path separator symbol. "." is used by default. + nullable: true + type: string required: - operation data: @@ -18528,6 +19176,10 @@ spec: description: JSON path or variable name. Depends on the operation type. nullable: true type: string + separator: + description: JSON path separator symbol. "." is used by default. + nullable: true + type: string required: - operation sink: @@ -18561,6 +19213,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -18756,6 +19413,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array @@ -18986,6 +19648,11 @@ spec: description: Kubernetes object parameters to apply on top of default adapter values. type: object properties: + labels: + description: Adapter labels. + type: object + additionalProperties: + type: string env: description: Adapter environment variables. type: array diff --git a/index.yaml b/index.yaml index f1a980cea..3c91eff17 100644 --- a/index.yaml +++ b/index.yaml @@ -691,6 +691,42 @@ entries: - assets/ambassador/ambassador-6.7.1100.tgz version: 6.7.1100 argo-cd: + - annotations: + artifacthub.io/changes: | + - kind: changed + description: Upgrade Argo CD to v.2.6.3 + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.6.3 + created: "2023-02-28T16:00:45.052415771Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.22.4 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 7c66f51ba9c9991988b2e53b2c0c452742c7de4b71d5fbaf7182d18e8bf51ec0 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.22.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.23.3.tgz + version: 5.23.3 - annotations: artifacthub.io/changes: | - kind: changed @@ -1861,6 +1897,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.55.2 + created: "2023-02-28T16:00:48.026329916Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 6bc5c2eb1ee6533aafe9b2bdc95919c4faab72ac7c9b61489356d0a4da702b62 + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.55.2.tgz + version: 107.55.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -2383,6 +2452,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.55.2 + created: "2023-02-28T16:00:48.210944274Z" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.55.2 + description: JFrog Container Registry + digest: 6f393093821eff76455e5b601e3ceb4f9b00ea966e948c16108b375858bc8255 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.55.2.tgz + version: 107.55.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -4448,6 +4551,22 @@ entries: - assets/cert-manager/cert-manager-1.10.0.tgz version: 1.10.0 cf-runtime: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Codefresh + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: cf-runtime + apiVersion: v2 + appVersion: 1.9.10 + created: "2023-02-28T16:00:46.544588748Z" + description: A Helm chart for Codefresh Runner + digest: 796d5eca42ad601ba3b9bcc14d6dfd80ee5b43f085369ee0ad2481296689914b + icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg + name: cf-runtime + type: application + urls: + - assets/codefresh/cf-runtime-1.9.10.tgz + version: 1.9.10 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Codefresh @@ -5461,6 +5580,47 @@ entries: - assets/confluent/confluent-for-kubernetes-0.174.2101.tgz version: 0.174.2101 consul: + - annotations: + artifacthub.io/images: | + - name: consul + image: hashicorp/consul:1.15.0 + - name: consul-k8s-control-plane + image: hashicorp/consul-k8s-control-plane:1.1.0 + - name: consul-dataplane + image: hashicorp/consul-dataplane:1.1.0 + - name: envoy + image: envoyproxy/envoy:v1.25.1 + artifacthub.io/license: MPL-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://www.consul.io/docs/k8s + - name: hashicorp/consul + url: https://github.com/hashicorp/consul + - name: hashicorp/consul-k8s + url: https://github.com/hashicorp/consul-k8s + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: C874011F0AB405110D02105534365D9472D7468F + url: https://keybase.io/hashicorp/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Hashicorp Consul + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: consul + apiVersion: v2 + appVersion: 1.15.0 + created: "2023-02-28T16:00:47.746941777Z" + description: Official HashiCorp Consul Chart + digest: c58b695d16ab172a3e67a33a468efdee85d5d022a7e726f5ccf9a6979c09046e + home: https://www.consul.io + icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png + kubeVersion: '>=1.22.0-0' + name: consul + sources: + - https://github.com/hashicorp/consul + - https://github.com/hashicorp/consul-k8s + urls: + - assets/hashicorp/consul-1.1.0.tgz + version: 1.1.0 - annotations: artifacthub.io/images: | - name: consul @@ -6016,6 +6176,28 @@ entries: - assets/kubecost/cost-analyzer-1.70.000.tgz version: 1.70.000 crate-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrateDB Operator + catalog.cattle.io/release-name: crate-operator + apiVersion: v2 + appVersion: 2.23.0 + created: "2023-02-28T16:00:46.588483386Z" + dependencies: + - condition: crate-operator-crds.enabled + name: crate-operator-crds + repository: file://./charts/crate-operator-crds + version: 2.23.0 + description: Crate Operator - Helm chart for installing and upgrading Crate Operator. + digest: 1103d71465a58a561b16c5665e5ccca0fd92c607c1b8b6ebb751b0da61931473 + icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg + maintainers: + - name: Crate.io + name: crate-operator + type: application + urls: + - assets/crate/crate-operator-2.23.0.tgz + version: 2.23.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrateDB Operator @@ -6149,6 +6331,32 @@ entries: - assets/crate/crate-operator-2.16.0.tgz version: 2.16.0 csi-powerstore: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerStore + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.26.0' + catalog.cattle.io/release-name: csi-powerstore + apiVersion: v2 + appVersion: 2.5.1 + created: "2023-02-28T16:00:46.816935681Z" + description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a PowerStore + StorageClass. ' + digest: ac0d5ce1835bcf379ce6c81b560da889004eb2a70c673ff463fad2d7120f0763 + home: https://github.com/dell/csi-powerstore + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.21.0 < 1.26.0' + maintainers: + - name: DellEMC + name: csi-powerstore + sources: + - https://github.com/dell/csi-powerstore + urls: + - assets/dell/csi-powerstore-2.5.1.tgz + version: 2.5.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerStore @@ -6411,6 +6619,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-02-28T16:00:46.67521516Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: 06459d35b8931361f54787cf77de338eca3904874981191a79544b7da4dd6f94 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.11.0.tgz + version: 3.11.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -7422,6 +7667,29 @@ entries: - assets/dkube/dkube-deployer-1.0.601.tgz version: 1.0.601 dxemssql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG + catalog.cattle.io/kube-version: '>= 1.20.0' + catalog.cattle.io/release-name: dxemssql + charts.openshift.io/name: DxEnterprise for Microsoft SQL AG + apiVersion: v2 + appVersion: "22.0" + created: "2023-02-28T16:00:46.822153086Z" + description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server + availability groups + digest: 5cade4c666ae8f70c9885d3d9369afff323d4cca4408f943c1b3a53ef52852d4 + icon: https://clients.dh2i.com/images/DH2i_Logo_Icon.png + kubeVersion: '>= 1.20.0' + maintainers: + - email: support@dh2i.com + name: DH2i Company + url: https://dh2i.com + name: dxemssql + type: application + urls: + - assets/dh2i/dxemssql-1.0.2.tgz + version: 1.0.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG @@ -8715,6 +8983,70 @@ entries: - assets/inaccel/fpga-operator-2.5.201.tgz version: 2.5.201 gitlab: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: GitLab + catalog.cattle.io/release-name: gitlab + apiVersion: v1 + appVersion: 15.9.1 + created: "2023-02-28T16:00:47.604630655Z" + dependencies: + - name: gitlab + repository: "" + version: '*.*.*' + - name: certmanager-issuer + repository: "" + version: '*.*.*' + - name: minio + repository: "" + version: '*.*.*' + - name: registry + repository: "" + version: '*.*.*' + - alias: certmanager + condition: certmanager.install + name: cert-manager + repository: https://charts.jetstack.io/ + version: 1.5.4 + - condition: prometheus.install + name: prometheus + repository: https://prometheus-community.github.io/helm-charts + version: 15.0.4 + - condition: postgresql.install + name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 8.9.4 + - condition: gitlab-runner.install + name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.50.1 + - condition: global.grafana.enabled + name: grafana + repository: https://grafana.github.io/helm-charts + version: 6.11.0 + - condition: redis.install + name: redis + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 11.3.4 + - condition: nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: '*.*.*' + description: The One DevOps Platform + digest: ceae551c1fb60bf13da3a2812281f3c97a0a7b34091e449c75b228e28a86b314 + home: https://about.gitlab.com/ + icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png + keywords: + - gitlab + maintainers: + - email: support@gitlab.com + name: GitLab Inc. + name: gitlab + sources: + - https://gitlab.com/gitlab-org/charts/gitlab + urls: + - assets/gitlab/gitlab-6.9.1.tgz + version: 6.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: GitLab @@ -10195,6 +10527,37 @@ entries: - assets/haproxy/haproxy-1.4.300.tgz version: 1.4.300 harbor: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Harbor + catalog.cattle.io/kube-version: '>=1.20-0' + catalog.cattle.io/release-name: harbor + apiVersion: v1 + appVersion: 2.7.1 + created: "2023-02-28T16:00:47.686154125Z" + description: An open source trusted cloud native registry that stores, signs, + and scans content + digest: 7b3f6023c4619689806d39d80b73470d6e31f52c2ef2d68b227980bf2afebecc + home: https://goharbor.io + icon: https://raw.githubusercontent.com/goharbor/website/master/static/img/logos/harbor-icon-color.png + keywords: + - docker + - registry + - harbor + maintainers: + - email: yinw@vmware.com + name: Wenkai Yin + - email: hweiwei@vmware.com + name: Weiwei He + - email: yshengwen@vmware.com + name: Shengwen Yu + name: harbor + sources: + - https://github.com/goharbor/harbor + - https://github.com/goharbor/harbor-helm + urls: + - assets/harbor/harbor-1.11.1.tgz + version: 1.11.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Harbor @@ -10522,6 +10885,36 @@ entries: - assets/hpe/hpe-flexvolume-driver-3.1.000.tgz version: 3.1.000 instana-agent: + - annotations: + artifacthub.io/links: | + - name: Instana website + url: https://www.instana.com + - name: Instana Helm charts + url: https://github.com/instana/helm-charts + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Instana Agent + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: instana-agent + apiVersion: v2 + appVersion: 1.243.0 + created: "2023-02-28T16:00:47.799449222Z" + description: Instana Agent for Kubernetes + digest: 5efb23fdfc7e42a1e18a90b849c3b409d9e251ca176f9c9d6a5cef44b9c324e0 + home: https://www.instana.com/ + icon: https://agents.instana.io/helm/stan-logo-2020.png + maintainers: + - email: felix.marx@ibm.com + name: FelixMarxIBM + - email: henning.treu@ibm.com + name: htreu + - email: torsten.kohn@ibm.com + name: tkohn + name: instana-agent + sources: + - https://github.com/instana/instana-agent-docker + urls: + - assets/instana/instana-agent-1.2.55.tgz + version: 1.2.55 - annotations: artifacthub.io/links: | - name: Instana website @@ -11002,6 +11395,54 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/images: | + - name: jenkins + image: jenkins/jenkins:2.375.3-jdk11 + - name: k8s-sidecar + image: kiwigrid/k8s-sidecar:1.15.0 + - name: inbound-agent + image: jenkins/inbound-agent:4.11.2-4 + - name: backup + image: maorfr/kube-tasks:0.2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.375.3 + created: "2023-02-28T16:00:47.881482892Z" + description: Jenkins - Build great things at any scale! The leading open source + automation server, Jenkins provides hundreds of plugins to support building, + deploying and automating any project. + digest: 17e82d396638e0f4e2ec17ed1fb8e34b8fa41fcf5fc10cce63e60b7cad65b8c5 + home: https://jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + urls: + - assets/jenkins/jenkins-4.3.4.tgz + version: 4.3.4 - annotations: artifacthub.io/images: | - name: jenkins @@ -12378,8 +12819,8 @@ entries: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 - appVersion: 5.5.5 - created: "2023-02-16T16:25:57.739286898Z" + appVersion: 5.5.6 + created: "2023-02-28T16:00:55.635242796Z" dependencies: - name: grafana repository: file://./charts/grafana @@ -12388,7 +12829,33 @@ entries: repository: file://./charts/prometheus version: 15.8.5 description: Kasten’s K10 Data Management Platform - digest: f3d204bfd986cbeb37ca5449ad368f8e1022890c5927f9af571c75cd8c4aad4d + digest: b2e5f9f55b3ff27f0eef1af34e628f1b3fd665f2178f585c3c0c11454208d728 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-5.5.601.tgz + version: 5.5.601 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 5.5.5 + created: "2023-02-28T16:00:48.56777308Z" + dependencies: + - name: grafana + repository: file://./charts/grafana + version: 6.32.9 + - name: prometheus + repository: file://./charts/prometheus + version: 15.8.5 + description: Kasten’s K10 Data Management Platform + digest: 32f777abe0723a4a4f83f633c84c928a5baee40145e545fb1fd5b8e5430a316f home: https://kasten.io/ icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png maintainers: @@ -13492,6 +13959,35 @@ entries: - assets/bitnami/kafka-19.0.1.tgz version: 19.0.1 kamaji: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: kamaji + apiVersion: v2 + appVersion: v0.2.1 + created: "2023-02-28T16:00:46.509400418Z" + description: Kamaji is a tool aimed to build and operate a Managed Kubernetes + Service with a fraction of the operational burden. With Kamaji, you can deploy + and operate hundreds of Kubernetes clusters as a hyper-scaler. + digest: 76417d12c27e5d2199d42d5433a6e404e5d5c880984fd1ef84f69f9b7b8f8503 + home: https://github.com/clastix/kamaji + icon: https://github.com/clastix/kamaji/raw/master/assets/kamaji-logo.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: dario@tranchitella.eu + name: Dario Tranchitella + - email: me@maxgio.it + name: Massimiliano Giovagnoli + - email: me@bsctl.io + name: Adriano Pezzuto + name: kamaji + sources: + - https://github.com/clastix/kamaji + type: application + urls: + - assets/clastix/kamaji-0.11.3.tgz + version: 0.11.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service @@ -17134,6 +17630,71 @@ entries: - assets/ondat/ondat-operator-0.5.200.tgz version: 0.5.200 openebs: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: OpenEBS + catalog.cattle.io/release-name: openebs + apiVersion: v2 + appVersion: 3.4.0 + created: "2023-02-28T16:00:56.119142312Z" + dependencies: + - condition: openebs-ndm.enabled + name: openebs-ndm + repository: file://./charts/openebs-ndm + version: 2.1.0 + - condition: localpv-provisioner.enabled + name: localpv-provisioner + repository: file://./charts/localpv-provisioner + version: 3.4.0 + - condition: cstor.enabled + name: cstor + repository: file://./charts/cstor + version: 3.4.0 + - condition: jiva.enabled + name: jiva + repository: file://./charts/jiva + version: 3.4.0 + - condition: zfs-localpv.enabled + name: zfs-localpv + repository: file://./charts/zfs-localpv + version: 2.1.0 + - condition: lvm-localpv.enabled + name: lvm-localpv + repository: file://./charts/lvm-localpv + version: 1.0.1 + - condition: nfs-provisioner.enabled + name: nfs-provisioner + repository: file://./charts/nfs-provisioner + version: 0.10.0 + - condition: mayastor.enabled + name: mayastor + repository: file://./charts/mayastor + version: 2.0.0 + description: Containerized Attached Storage for Kubernetes + digest: 5016fceb5de3a352b28562a9b0da05f8d6dde34a490f030ccc85e8881b8cc414 + home: http://www.openebs.io/ + icon: https://raw.githubusercontent.com/cncf/artwork/HEAD/projects/openebs/icon/color/openebs-icon-color.png + keywords: + - cloud-native-storage + - block-storage + - local-storage + - iSCSI + - NVMe + - storage + - kubernetes + maintainers: + - email: kiran.mova@mayadata.io + name: kmova + - email: prateek.pandey@mayadata.io + name: prateekpandey14 + - email: shovan.maity@mayadata.io + name: shovanmaity + name: openebs + sources: + - https://github.com/openebs/openebs + urls: + - assets/openebs/openebs-3.4.1.tgz + version: 3.4.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: OpenEBS @@ -19461,6 +20022,44 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.13 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.13 + created: "2023-02-28T16:00:56.202927318Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 5c73f56980f61a259c81f03b0d0249c9a63b5f6a5ef4bebb6931b357e1bb20bf + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.11.0.tgz + version: 2.11.0 - annotations: artifacthub.io/images: | - name: redpanda @@ -20615,6 +21214,35 @@ entries: - assets/aquarist-labs/s3gw-0.7.0.tgz version: 0.7.0 sextant: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sextant + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: sextant + apiVersion: v2 + appVersion: 2.1.8 + created: "2023-02-28T16:00:46.465437281Z" + dependencies: + - name: standard-defs + repository: file://./charts/standard-defs + version: ~0.1.0 + description: 'Sextant automates the deployment and management of enterprise blockchain + infrastructure. It also delivers Chronicle - an open-source, blockchain-backed, + domain-agnostic provenance product - and facilitates its integration with enterprise + systems. ' + digest: c265f0a8e838153bcb3101a3a5d2c1ba75a5dd2a9396c2398046c122cfd09f72 + home: https://btp.works/sextant + icon: https://sextant-resources.s3.amazonaws.com/icons/large-logo-blue.svg + keywords: + - provenance + - blockchain + - smart contracts + kubeVersion: '>=1.19-0' + name: sextant + type: application + urls: + - assets/btp/sextant-2.3.0.tgz + version: 2.3.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sextant @@ -23438,6 +24066,31 @@ entries: - assets/traefik/traefik-10.6.0.tgz version: 10.6.0 triggermesh: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TriggerMesh + catalog.cattle.io/kube-version: '>=1.20-0' + catalog.cattle.io/release-name: triggermesh + apiVersion: v2 + appVersion: v1.23.3 + created: "2023-02-28T16:00:56.617583046Z" + dependencies: + - condition: triggermesh-core.enabled + name: triggermesh-core + repository: file://./charts/triggermesh-core + tags: + - triggermesh + - triggermesh-core + - brokers + version: 1.0.x + description: A Helm chart deploying TriggerMesh Open Source Components + digest: 964ffa694387384eb9a5227a6c4ae213d48d956c0d0cce3c8af79949c7d5e2a7 + icon: https://partner-charts.rancher.io/assets/logos/triggermesh.svg + name: triggermesh + type: application + urls: + - assets/triggermesh/triggermesh-0.6.4.tgz + version: 0.6.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: TriggerMesh @@ -24197,6 +24850,54 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.1.1 + created: "2023-02-28T16:00:46.397254222Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: c45d5e7c4647a17227b38f5a3ced2c982cc4a8ec9307aa10ea7a7bc96ec95550 + home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/wordpress + - https://wordpress.org/ + urls: + - assets/bitnami/wordpress-15.2.46.tgz + version: 15.2.46 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress