Helm chart for Kibana

This adds a basic helm chart for kibana. It uses the kolla image
for kibana and includes a templated configuration file to allow
for configuration overrides, similar to the openstack-helm charts

Change-Id: I608e4e48bd5e29f68ead08252853aa3ed08d7a68
External-Tracking-Id: OSH-67

kibana/Chart.yaml

@@ -0,0 +1,23 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+description: OpenStack-Helm Kibana
+name: kibana
+version: 0.1.0
+home: https://www.elastic.co/products/kibana
+sources:
+  - https://github.com/elastic/kibana
+  - https://git.openstack.org/cgit/openstack/openstack-helm-addons
+maintainers:
+  - name: OpenStack-Helm Authors

kibana/README.rst

@@ -0,0 +1,30 @@
+======
+Kibana
+======
+
+This chart provides a visual dashboard for logs ingested into an Elasticsearch
+deployment. The chart leverages the kolla image for Kibana, and includes a
+templated configuration file that allows configuration overrides similar to
+other charts in OpenStack-Helm.
+
+Installation
+------------
+
+Out of the box, the Kibana chart assumes the Elasticsearch deployment is mapped
+to "elasticsearch-logging" and is serving on port 9200.  In order to deploy
+Kibana, change the host url for Elasticsearch if necessary and run:
+
+::
+    helm install --name=kibana local/kibana --namespace=kube-system
+
+
+This will install Kibana into your cluster appropriately. The values file
+includes the ability to enable a nodeport to access Kibana if necessary.
+
+
+Configuration Options
+---------------------
+
+The full list of configuration options for Kibana can be found here_.
+
+.. _here: https://www.elastic.co/guide/en/kibana/current/settings.html

kibana/requirements.yaml

@@ -0,0 +1,19 @@
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: helm-toolkit
+    repository: http://localhost:8879/charts
+    version: 0.1.0

kibana/templates/bin/_kibana.sh.tpl

@@ -0,0 +1,27 @@
+#!/bin/bash
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+COMMAND="${@:-start}"
+
+function start () {
+  exec /opt/kibana/bin/kibana
+}
+
+function stop () {
+  kill -TERM 1
+}
+
+$COMMAND

kibana/templates/configmap-bin.yaml

@@ -0,0 +1,21 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kibana-bin
+data:
+  kibana.sh: |
+{{ tuple "bin/_kibana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

kibana/templates/configmap-etc.yaml

@@ -0,0 +1,31 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kibana-etc
+data:
+  kibana.yml: |+
+{{- if .Values.conf.kibana.override -}}
+{{ .Values.conf.kibana.override | indent 4 }}
+{{- else -}}
+{{- if .Values.conf.kibana.prefix -}}
+{{ .Values.conf.kibana.prefix | indent 4 }}
+{{- end }}
+{{ tuple "etc/_kibana.yml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
+{{- if .Values.conf.kibana.append -}}
+{{ .Values.conf.kibana.append | indent 4 }}
+{{- end }}

kibana/templates/deployment.yaml

@@ -0,0 +1,63 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- $envAll := . }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: kibana
+spec:
+  replicas: {{ .Values.pod.replicas.kibana }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      containers:
+      - name: kibana
+        image: {{ .Values.images.kibana }}
+        imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.kibana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+        command:
+          - /tmp/kibana.sh
+          - start
+        ports:
+        - containerPort: {{ .Values.network.kibana.port }}
+          protocol: TCP
+        volumeMounts:
+        - name: kibana-bin
+          mountPath: /tmp/kibana.sh
+          subPath: kibana.sh
+          readOnly: true
+        - name: etckibana
+          mountPath: /opt/kibana/config
+        - name: kibana-etc
+          mountPath: /opt/kibana/config/kibana.yml
+          subPath: kibana.yml
+          readOnly: true
+      volumes:
+      - name: kibana-bin
+        configMap:
+          name: kibana-bin
+          defaultMode: 0555
+      - name: etckibana
+        emptyDir: {}
+      - name: kibana-etc
+        configMap:
+          name: kibana-etc
+          defaultMode: 0444

kibana/templates/etc/_kibana.yml.tpl

@@ -0,0 +1,102 @@
+
+# Kibana is served by a back end server. This setting specifies the port to use.
+server.port: {{ .Values.network.kibana.port }}
+
+# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+server.host: {{ .Values.conf.server.host | default "localhost" }}
+
+# The maximum payload size in bytes for incoming server requests.
+server.maxPayloadBytes: {{ .Values.conf.server.max_payload_bytes | default 1048576 }}
+
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.url: {{ tuple "log_database" "default" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+
+# When this setting's value is true Kibana uses the hostname specified in the server.host
+# setting. When the value of this setting is false, Kibana uses the hostname of the host
+# that connects to this Kibana instance.
+elasticsearch.preserveHost: {{ .Values.conf.elasticsearch.preserve_host | default true }}
+
+# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
+# dashboards. Kibana creates a new index if the index doesn't already exist.
+kibana.index: {{ .Values.conf.kibana.index | default ".kibana" }}
+
+# The default application to load.
+kibana.defaultAppId: {{ .Values.conf.kibana.default_app_id | default "discover" }}
+
+# If your Elasticsearch is protected with basic authentication, these settings provide
+# the username and password that the Kibana server uses to perform maintenance on the Kibana
+# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
+# is proxied through the Kibana server.
+{{ if .Values.conf.elasticsearch.auth.enabled }}
+elasticsearch.username: {{ .Values.conf.elasticsearch.username }}
+elasticsearch.password: {{ .Values.conf.elasticsearch.password }}
+{{ end }}
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the Kibana server to the browser.
+{{ if .Values.conf.server.ssl.enabled }}
+server.ssl.enabled: {{ .Values.conf.server.ssl.enabled }}
+server.ssl.certificate: {{ .Values.conf.server.ssl.certificate }}
+server.ssl.key: {{ .Values.conf.server.ssl.key }}
+{{ end }}
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files validate that your Elasticsearch backend uses the same key files.
+{{ if .Values.conf.elasticsearch.ssl.enabled }}
+elasticsearch.ssl.certificate: {{ .Values.conf.elasticsearch.ssl.certificate }}
+elasticsearch.ssl.key: {{ .Values.conf.elasticsearch.ssl.key }}
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your Elasticsearch instance.
+# example: elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+elasticsearch.ssl.certificateAuthorities: {{ .Values.conf.elasticsearch.ssl.certificate_authorities }}
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+elasticsearch.ssl.verificationMode: {{ .Values.conf.elasticsearch.ssl.verification_mode }}
+{{ end }}
+
+# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
+# the elasticsearch.requestTimeout setting.
+elasticsearch.pingTimeout: {{ .Values.conf.elasticsearch.ping_timeout }}
+
+# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
+# must be a positive integer.
+elasticsearch.requestTimeout: {{ .Values.conf.elasticsearch.request_timeout }}
+
+# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+# example: elasticsearch.requestHeadersWhitelist: [ authorization ]
+elasticsearch.requestHeadersWhitelist: {{ .Values.conf.elasticsearch.request_headers_whitelist }}
+
+# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist confuration.
+elasticsearch.customHeaders: {{ .Values.conf.elasticsearch.custom_headers }}
+
+# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
+elasticsearch.shardTimeout: {{ .Values.conf.elasticsearch.shard_timeout }}
+
+# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
+elasticsearch.startupTimeout: {{ .Values.conf.elasticsearch.startup_timeout }}
+
+# Enables you specify a file where Kibana stores log output.
+logging.dest: "stdout"
+
+# Set the value of this setting to true to suppress all logging output.
+logging.silent: {{ .Values.conf.logging.silent }}
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+logging.quiet: {{ .Values.conf.logging.quiet }}
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+logging.verbose: {{ .Values.conf.logging.verbose }}
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+ops.interval: {{ .Values.conf.ops.interval }}
+
+# The default locale. This locale can be used in certain circumstances to substitute any missing
+# translations.
+i18n.defaultLocale: {{ .Values.conf.il8n.default_locale }}

kibana/templates/service.yaml

@@ -0,0 +1,31 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- $envAll := . }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ tuple "log_dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+spec:
+  ports:
+  - port: {{ .Values.network.kibana.port }}
+    protocol: TCP
+    {{ if .Values.network.kibana.node_port.enabled }}
+    nodePort: {{ .Values.network.kibana.node_port.port }}
+    {{ end }}
+  selector:
+{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+  {{ if .Values.network.kibana.node_port.enabled }}
+  type: NodePort
+  {{ end }}

kibana/values.yaml

@@ -0,0 +1,113 @@
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+labels:
+  node_selector_key:
+  node_selector_value:
+
+images:
+  kibana: 'docker.io/kolla/ubuntu-source-kibana:3.0.3'
+  pull_policy: IfNotPresent
+
+conf:
+  elasticsearch:
+    auth:
+      enabled: false
+      password: null
+      username: null
+    custom_headers: '{}'
+    ping_timeout: 1500
+    preserve_host: true
+    request_headers_whitelist: '[]'
+    request_timeout: 30000
+    shard_timeout: 0
+    ssl:
+      certificate: null
+      certificate_authorities: null
+      enabled: null
+      key: null
+    startup_timeout: 5000
+  il8n:
+    default_locale: en
+  kibana:
+    default_app_id: discover
+    index: .kibana
+  logging:
+    quiet: false
+    silent: false
+    verbose: false
+  ops:
+    interval: 5000
+  server:
+    host: 0.0.0.0
+    ssl:
+      certificate: null
+      enabled: false
+      key: null
+  override:
+  prefix:
+  append:
+
+endpoints:
+  log_database:
+    hosts:
+      default: elasticsearch-logging
+      public: elasticsearch
+    name: elasticsearch
+    path:
+      default: null
+    port:
+      client:
+        default: 9200
+    scheme:
+      default: http
+  log_dashboard:
+    hosts:
+      default: kibana-dash
+      public: kibana
+    name: kibana
+    path:
+      default: null
+    port:
+      dashboard:
+        default: 5601
+
+network:
+  kibana:
+    node_port:
+      enabled: false
+      port: 30905
+    port: 5601
+
+pod:
+  lifecycle:
+    upgrades:
+      deployments:
+        pod_replacement_strategy: RollingUpdate
+        revision_history: 3
+        rolling_update:
+          max_surge: 3
+          max_unavailable: 1
+  replicas:
+    kibana: 3
+  resources:
+    kibana:
+      enabled: false
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi

tools/gate/basic_launch.sh

@@ -24,6 +24,10 @@ helm install --name=postgresql local/postgresql --namespace=openstack
 
 kube_wait_for_pods openstack 1200
 
+helm install --name=kibana local/kibana --namespace=kube-system
+
+kube_wait_for_pods kube-system 600
+
 # todo(srwilkers): implement helm tests for postgresql
 #helm_test_deployment postgresql openstack