From 3a7da4f59e9aeacbb9dbcfb3cc2ef50cae82ce22 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Mon, 5 Jun 2017 16:08:36 -0500 Subject: [PATCH] Helm chart for Kibana This adds a basic helm chart for kibana. It uses the kolla image for kibana and includes a templated configuration file to allow for configuration overrides, similar to the openstack-helm charts Change-Id: I608e4e48bd5e29f68ead08252853aa3ed08d7a68 External-Tracking-Id: OSH-67 --- kibana/Chart.yaml | 23 ++++++ kibana/README.rst | 30 +++++++ kibana/requirements.yaml | 19 +++++ kibana/templates/bin/_kibana.sh.tpl | 27 +++++++ kibana/templates/configmap-bin.yaml | 21 +++++ kibana/templates/configmap-etc.yaml | 31 ++++++++ kibana/templates/deployment.yaml | 63 +++++++++++++++ kibana/templates/etc/_kibana.yml.tpl | 102 ++++++++++++++++++++++++ kibana/templates/service.yaml | 31 ++++++++ kibana/values.yaml | 113 +++++++++++++++++++++++++++ tools/gate/basic_launch.sh | 4 + 11 files changed, 464 insertions(+) create mode 100644 kibana/Chart.yaml create mode 100644 kibana/README.rst create mode 100644 kibana/requirements.yaml create mode 100644 kibana/templates/bin/_kibana.sh.tpl create mode 100644 kibana/templates/configmap-bin.yaml create mode 100644 kibana/templates/configmap-etc.yaml create mode 100644 kibana/templates/deployment.yaml create mode 100644 kibana/templates/etc/_kibana.yml.tpl create mode 100644 kibana/templates/service.yaml create mode 100644 kibana/values.yaml diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml new file mode 100644 index 00000000..dc3d32c7 --- /dev/null +++ b/kibana/Chart.yaml @@ -0,0 +1,23 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +description: OpenStack-Helm Kibana +name: kibana +version: 0.1.0 +home: https://www.elastic.co/products/kibana +sources: + - https://github.com/elastic/kibana + - https://git.openstack.org/cgit/openstack/openstack-helm-addons +maintainers: + - name: OpenStack-Helm Authors diff --git a/kibana/README.rst b/kibana/README.rst new file mode 100644 index 00000000..697c323e --- /dev/null +++ b/kibana/README.rst @@ -0,0 +1,30 @@ +====== +Kibana +====== + +This chart provides a visual dashboard for logs ingested into an Elasticsearch +deployment. The chart leverages the kolla image for Kibana, and includes a +templated configuration file that allows configuration overrides similar to +other charts in OpenStack-Helm. + +Installation +------------ + +Out of the box, the Kibana chart assumes the Elasticsearch deployment is mapped +to "elasticsearch-logging" and is serving on port 9200. In order to deploy +Kibana, change the host url for Elasticsearch if necessary and run: + +:: + helm install --name=kibana local/kibana --namespace=kube-system + + +This will install Kibana into your cluster appropriately. The values file +includes the ability to enable a nodeport to access Kibana if necessary. + + +Configuration Options +--------------------- + +The full list of configuration options for Kibana can be found here_. + +.. _here: https://www.elastic.co/guide/en/kibana/current/settings.html diff --git a/kibana/requirements.yaml b/kibana/requirements.yaml new file mode 100644 index 00000000..00a045b4 --- /dev/null +++ b/kibana/requirements.yaml @@ -0,0 +1,19 @@ + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/kibana/templates/bin/_kibana.sh.tpl b/kibana/templates/bin/_kibana.sh.tpl new file mode 100644 index 00000000..b1e8f1f5 --- /dev/null +++ b/kibana/templates/bin/_kibana.sh.tpl @@ -0,0 +1,27 @@ +#!/bin/bash +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex +COMMAND="${@:-start}" + +function start () { + exec /opt/kibana/bin/kibana +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/kibana/templates/configmap-bin.yaml b/kibana/templates/configmap-bin.yaml new file mode 100644 index 00000000..fa81677b --- /dev/null +++ b/kibana/templates/configmap-bin.yaml @@ -0,0 +1,21 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kibana-bin +data: + kibana.sh: | +{{ tuple "bin/_kibana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/kibana/templates/configmap-etc.yaml b/kibana/templates/configmap-etc.yaml new file mode 100644 index 00000000..f95b1375 --- /dev/null +++ b/kibana/templates/configmap-etc.yaml @@ -0,0 +1,31 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kibana-etc +data: + kibana.yml: |+ +{{- if .Values.conf.kibana.override -}} +{{ .Values.conf.kibana.override | indent 4 }} +{{- else -}} +{{- if .Values.conf.kibana.prefix -}} +{{ .Values.conf.kibana.prefix | indent 4 }} +{{- end }} +{{ tuple "etc/_kibana.yml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} +{{- if .Values.conf.kibana.append -}} +{{ .Values.conf.kibana.append | indent 4 }} +{{- end }} diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml new file mode 100644 index 00000000..d7829e8f --- /dev/null +++ b/kibana/templates/deployment.yaml @@ -0,0 +1,63 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: kibana +spec: + replicas: {{ .Values.pod.replicas.kibana }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + containers: + - name: kibana + image: {{ .Values.images.kibana }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.kibana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/kibana.sh + - start + ports: + - containerPort: {{ .Values.network.kibana.port }} + protocol: TCP + volumeMounts: + - name: kibana-bin + mountPath: /tmp/kibana.sh + subPath: kibana.sh + readOnly: true + - name: etckibana + mountPath: /opt/kibana/config + - name: kibana-etc + mountPath: /opt/kibana/config/kibana.yml + subPath: kibana.yml + readOnly: true + volumes: + - name: kibana-bin + configMap: + name: kibana-bin + defaultMode: 0555 + - name: etckibana + emptyDir: {} + - name: kibana-etc + configMap: + name: kibana-etc + defaultMode: 0444 diff --git a/kibana/templates/etc/_kibana.yml.tpl b/kibana/templates/etc/_kibana.yml.tpl new file mode 100644 index 00000000..70f5ed4c --- /dev/null +++ b/kibana/templates/etc/_kibana.yml.tpl @@ -0,0 +1,102 @@ + +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: {{ .Values.network.kibana.port }} + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: {{ .Values.conf.server.host | default "localhost" }} + +# The maximum payload size in bytes for incoming server requests. +server.maxPayloadBytes: {{ .Values.conf.server.max_payload_bytes | default 1048576 }} + +# The URL of the Elasticsearch instance to use for all your queries. +elasticsearch.url: {{ tuple "log_database" "default" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + +# When this setting's value is true Kibana uses the hostname specified in the server.host +# setting. When the value of this setting is false, Kibana uses the hostname of the host +# that connects to this Kibana instance. +elasticsearch.preserveHost: {{ .Values.conf.elasticsearch.preserve_host | default true }} + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +kibana.index: {{ .Values.conf.kibana.index | default ".kibana" }} + +# The default application to load. +kibana.defaultAppId: {{ .Values.conf.kibana.default_app_id | default "discover" }} + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +{{ if .Values.conf.elasticsearch.auth.enabled }} +elasticsearch.username: {{ .Values.conf.elasticsearch.username }} +elasticsearch.password: {{ .Values.conf.elasticsearch.password }} +{{ end }} + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +{{ if .Values.conf.server.ssl.enabled }} +server.ssl.enabled: {{ .Values.conf.server.ssl.enabled }} +server.ssl.certificate: {{ .Values.conf.server.ssl.certificate }} +server.ssl.key: {{ .Values.conf.server.ssl.key }} +{{ end }} + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files validate that your Elasticsearch backend uses the same key files. +{{ if .Values.conf.elasticsearch.ssl.enabled }} +elasticsearch.ssl.certificate: {{ .Values.conf.elasticsearch.ssl.certificate }} +elasticsearch.ssl.key: {{ .Values.conf.elasticsearch.ssl.key }} + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +# example: elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] +elasticsearch.ssl.certificateAuthorities: {{ .Values.conf.elasticsearch.ssl.certificate_authorities }} + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +elasticsearch.ssl.verificationMode: {{ .Values.conf.elasticsearch.ssl.verification_mode }} +{{ end }} + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +elasticsearch.pingTimeout: {{ .Values.conf.elasticsearch.ping_timeout }} + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +elasticsearch.requestTimeout: {{ .Values.conf.elasticsearch.request_timeout }} + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +# example: elasticsearch.requestHeadersWhitelist: [ authorization ] +elasticsearch.requestHeadersWhitelist: {{ .Values.conf.elasticsearch.request_headers_whitelist }} + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist confuration. +elasticsearch.customHeaders: {{ .Values.conf.elasticsearch.custom_headers }} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +elasticsearch.shardTimeout: {{ .Values.conf.elasticsearch.shard_timeout }} + +# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. +elasticsearch.startupTimeout: {{ .Values.conf.elasticsearch.startup_timeout }} + +# Enables you specify a file where Kibana stores log output. +logging.dest: "stdout" + +# Set the value of this setting to true to suppress all logging output. +logging.silent: {{ .Values.conf.logging.silent }} + +# Set the value of this setting to true to suppress all logging output other than error messages. +logging.quiet: {{ .Values.conf.logging.quiet }} + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +logging.verbose: {{ .Values.conf.logging.verbose }} + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +ops.interval: {{ .Values.conf.ops.interval }} + +# The default locale. This locale can be used in certain circumstances to substitute any missing +# translations. +i18n.defaultLocale: {{ .Values.conf.il8n.default_locale }} diff --git a/kibana/templates/service.yaml b/kibana/templates/service.yaml new file mode 100644 index 00000000..658fce22 --- /dev/null +++ b/kibana/templates/service.yaml @@ -0,0 +1,31 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- $envAll := . }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "log_dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - port: {{ .Values.network.kibana.port }} + protocol: TCP + {{ if .Values.network.kibana.node_port.enabled }} + nodePort: {{ .Values.network.kibana.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.kibana.node_port.enabled }} + type: NodePort + {{ end }} diff --git a/kibana/values.yaml b/kibana/values.yaml new file mode 100644 index 00000000..60189778 --- /dev/null +++ b/kibana/values.yaml @@ -0,0 +1,113 @@ + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +labels: + node_selector_key: + node_selector_value: + +images: + kibana: 'docker.io/kolla/ubuntu-source-kibana:3.0.3' + pull_policy: IfNotPresent + +conf: + elasticsearch: + auth: + enabled: false + password: null + username: null + custom_headers: '{}' + ping_timeout: 1500 + preserve_host: true + request_headers_whitelist: '[]' + request_timeout: 30000 + shard_timeout: 0 + ssl: + certificate: null + certificate_authorities: null + enabled: null + key: null + startup_timeout: 5000 + il8n: + default_locale: en + kibana: + default_app_id: discover + index: .kibana + logging: + quiet: false + silent: false + verbose: false + ops: + interval: 5000 + server: + host: 0.0.0.0 + ssl: + certificate: null + enabled: false + key: null + override: + prefix: + append: + +endpoints: + log_database: + hosts: + default: elasticsearch-logging + public: elasticsearch + name: elasticsearch + path: + default: null + port: + client: + default: 9200 + scheme: + default: http + log_dashboard: + hosts: + default: kibana-dash + public: kibana + name: kibana + path: + default: null + port: + dashboard: + default: 5601 + +network: + kibana: + node_port: + enabled: false + port: 30905 + port: 5601 + +pod: + lifecycle: + upgrades: + deployments: + pod_replacement_strategy: RollingUpdate + revision_history: 3 + rolling_update: + max_surge: 3 + max_unavailable: 1 + replicas: + kibana: 3 + resources: + kibana: + enabled: false + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi diff --git a/tools/gate/basic_launch.sh b/tools/gate/basic_launch.sh index 76c2a086..93c30ece 100755 --- a/tools/gate/basic_launch.sh +++ b/tools/gate/basic_launch.sh @@ -24,6 +24,10 @@ helm install --name=postgresql local/postgresql --namespace=openstack kube_wait_for_pods openstack 1200 +helm install --name=kibana local/kibana --namespace=kube-system + +kube_wait_for_pods kube-system 600 + # todo(srwilkers): implement helm tests for postgresql #helm_test_deployment postgresql openstack