diff --git a/Makefile b/Makefile index 69eba463..fc5ec82d 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,9 @@ SHELL := /bin/bash HELM := helm TASK := build -EXCLUDES := helm-toolkit doc tests tools logs tmp +EXCLUDES := helm-toolkit doc tests tools logs tmp influxdb kafka \ + keystone-init monasca-agent monasca-alarms monasca mysql-users-init storm \ + zookeeper CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) .PHONY: $(EXCLUDES) $(CHARTS) diff --git a/influxdb/.helmignore b/influxdb/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/influxdb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/influxdb/Chart.yaml b/influxdb/Chart.yaml new file mode 100644 index 00000000..2f8e498e --- /dev/null +++ b/influxdb/Chart.yaml @@ -0,0 +1,14 @@ +name: influxdb +version: 0.6.2-0.0.2 +description: Scalable datastore for metrics, events, and real-time analytics. +keywords: +- influxdb +- database +- timeseries +home: https://www.influxdata.com/time-series-platform/influxdb/ +sources: +- https://github.com/influxdata/influxdb +maintainers: +- name: Jack Zampolin + email: jack@influxdb.com +engine: gotpl diff --git a/influxdb/README.md b/influxdb/README.md new file mode 100644 index 00000000..6b21c394 --- /dev/null +++ b/influxdb/README.md @@ -0,0 +1,99 @@ +# InfluxDB + +## An Open-Source Time Series Database + +[InfluxDB](https://github.com/influxdata/influxdb) is an open source time series database built by the folks over at [InfluxData](https://influxdata.com) with no external dependencies. It's useful for recording metrics, events, and performing analytics. + +## QuickStart + +```bash +$ helm install stable/influxdb --name foo --namespace bar +``` + +## Introduction + +This chart bootstraps an InfluxDB deployment and service on a Kubernetes cluster using the Helm Package manager. + +## Prerequisites + +- Kubernetes 1.4+ +- PV provisioner support in the underlying infrastructure (optional) + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release stable/influxdb +``` + +The command deploys InfluxDB on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The default configuration values for this chart are listed in `values.yaml`. + +The [full image documentation](https://hub.docker.com/_/influxdb/) contains more information about running InfluxDB in docker. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set persistence.enabled=true,persistence.size=200Gi \ + stable/influxdb +``` + +The above command enables persistence and changes the size of the requested data volume to 200GB. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml stable/influxdb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### InfluxDB Watcher Configuration + +Parameter | Description | Default +--------- | ----------- | ------- +`watcher.enabled` | InfluxDB watcher enabled flag | `false` +`watcher.image.repository` | InfluxDB watcher container image repository | `monasca/influxdb-watcher` +`watcher.image.tag` | InfluxDB watcher container image tag | `latest` +`watcher.image.pullPolicy` | InfluxDB watcher container image pull policy | `IfNotPresent` +`watcher.address` | InfluxDB service address | `http://localhost:8086` +`watcher.username` | InfluxDB username with read/write privileges | `influxdb_watcher` +`watcher.password` | InfluxDB password | `password` +`watcher.database` | InfluxDB database | `mon` +`watcher.watcher_period` | InfluxDB watcher period | `600` +`watcher.watcher_timeout` | InfluxDB watcher read/write timeout | `60` +`watcher.stay_alive_on_failure` | If `true`, watcher container stays alive for 2 hours after watcher exits | `false` +`watcher.port` | InfluxDB watcher port to expose Promethues metrics on | `8080` + +## Persistence + +The [InfluxDB](https://hub.docker.com/_/influxdb/) image stores data in the `/var/lib/influxdb` directory in the container. + +The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning. + +## Starting with authentication + +In `values.yaml` change `.Values.config.http.auth_enabled` to `true`. + +Influxdb requires also a user to be set in order for authentication to be enforced. See more details [here](https://docs.influxdata.com/influxdb/v1.2/query_language/authentication_and_authorization/#set-up-authentication). + +To handle this setup on startup, a job can be enabled in `values.yaml` by setting `.Values.setDefaultUser.enabled` to `true`. + +Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated. diff --git a/influxdb/templates/NOTES.txt b/influxdb/templates/NOTES.txt new file mode 100644 index 00000000..1e759c37 --- /dev/null +++ b/influxdb/templates/NOTES.txt @@ -0,0 +1,15 @@ +InfluxDB can be accessed via port {{ .Values.config.http.bind_address }} on the following DNS name from within your cluster: + +- http://{{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.config.http.bind_address }} + +You can easily connect to the remote instance with your local influx cli. To forward the API port to localhost:8086 run the following: + +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ .Values.config.http.bind_address }} + +You can also connect to the influx cli from inside the container. To open a shell session in the InfluxDB pod run the following: + +- kubectl exec -i -t --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{.items[0].metadata.name}') /bin/sh + +To tail the logs for the InfluxDB pod run the following: + +- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') diff --git a/influxdb/templates/_helpers.tpl b/influxdb/templates/_helpers.tpl new file mode 100644 index 00000000..7643a6f6 --- /dev/null +++ b/influxdb/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "influxdb.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "influxdb.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/influxdb/templates/config.yaml b/influxdb/templates/config.yaml new file mode 100644 index 00000000..64f2c0ce --- /dev/null +++ b/influxdb/templates/config.yaml @@ -0,0 +1,149 @@ + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "influxdb.fullname" . }} + labels: + app: {{ template "influxdb.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + influxdb.conf: |+ + reporting-disabled = {{ .Values.config.reporting_disabled | default false }} + bind-address = ":{{ .Values.config.bind_address }}" + + [meta] + dir = "{{ .Values.config.storage_directory }}/meta" + retention-autocreate = {{ .Values.config.meta.retention_autocreate }} + logging-enabled = {{ .Values.config.meta.logging_enabled }} + + [data] + dir = "{{ .Values.config.storage_directory }}/data" + wal-dir = "{{ .Values.config.storage_directory }}/wal" + index-version = "{{ .Values.config.data.index_version }}" + query-log-enabled = {{ .Values.config.data.query_log_enabled }} + cache-max-memory-size = {{ .Values.config.data.cache_max_memory_size | int64 }} + cache-snapshot-memory-size = {{ .Values.config.data.cache_snapshot_memory_size | int64 }} + cache-snapshot-write-cold-duration = "{{ .Values.config.data.cache_snapshot_write_cold_duration }}" + compact-full-write-cold-duration = "{{ .Values.config.data.compact_full_write_cold_duration }}" + max-series-per-database = {{ .Values.config.data.max_series_per_database | int64 }} + max-values-per-tag = {{ .Values.config.data.max_values_per_tag | int64 }} + trace-logging-enabled = {{ .Values.config.data.trace_logging_enabled }} + + [coordinator] + write-timeout = "{{ .Values.config.coordinator.write_timeout }}" + max-concurrent-queries = {{ .Values.config.coordinator.max_concurrent_queries | int64 }} + query-timeout = "{{ .Values.config.coordinator.query_timeout }}" + log-queries-after = "{{ .Values.config.coordinator.log_queries_after }}" + max-select-point = {{ .Values.config.coordinator.max_select_point | int64 }} + max-select-series = {{ .Values.config.coordinator.max_select_series | int64 }} + max-select-buckets = {{ .Values.config.coordinator.max_select_buckets | int64 }} + + [retention] + enabled = {{ .Values.config.retention.enabled }} + check-interval = "{{ .Values.config.retention.check_interval }}" + + [shard-precreation] + enabled = {{ .Values.config.shard_precreation.enabled }} + check-interval = "{{ .Values.config.shard_precreation.check_interval }}" + advance-period = "{{ .Values.config.shard_precreation.advance_period }}" + + [admin] + enabled = {{ .Values.config.admin.enabled }} + bind-address = ":{{ .Values.config.admin.bind_address }}" + https-enabled = {{ .Values.config.admin.https_enabled }} + https-certificate = "{{ .Values.config.admin.https_certificate }}" + + [monitor] + store-enabled = {{ .Values.config.monitor.store_enabled }} + store-database = "{{ .Values.config.monitor.store_database }}" + store-interval = "{{ .Values.config.monitor.store_interval }}" + + [subscriber] + enabled = {{ .Values.config.subscriber.enabled }} + http-timeout = "{{ .Values.config.subscriber.http_timeout }}" + insecure-skip-verify = {{ .Values.config.subscriber.insecure_skip_verify }} + ca-certs = "{{ .Values.config.subscriber.ca_certs }}" + write-concurrency = {{ .Values.config.subscriber.write_concurrency | int64 }} + write-buffer-size = {{ .Values.config.subscriber.write_buffer_size | int64 }} + + [http] + enabled = {{ .Values.config.http.enabled }} + bind-address = ":{{ .Values.config.http.bind_address }}" + auth-enabled = {{ .Values.config.http.auth_enabled }} + log-enabled = {{ .Values.config.http.log_enabled }} + write-tracing = {{ .Values.config.http.write_tracing }} + pprof-enabled = {{ .Values.config.http.pprof_enabled }} + https-enabled = {{ .Values.config.http.https_enabled }} + https-certificate = "{{ .Values.config.http.https_certificate }}" + https-private-key = "{{ .Values.config.http.https_private_key }}" + max-row-limit = {{ .Values.config.http.max_row_limit | int64 }} + max-connection-limit = {{ .Values.config.http.max_connection_limit | int64 }} + shared-secret = "{{ .Values.config.http.shared_secret }}" + realm = "{{ .Values.config.http.realm }}" + unix-socket-enabled = {{ .Values.config.http.unix_socket_enabled }} + bind-socket = "{{ .Values.config.http.bind_socket }}" + + # TODO: allow multiple graphite listeners with templates + + [[graphite]] + enabled = {{ .Values.config.graphite.enabled }} + bind-address = ":{{ .Values.config.graphite.bind_address }}" + database = "{{ .Values.config.graphite.database }}" + retention-policy = "{{ .Values.config.graphite.retention_policy }}" + protocol = "{{ .Values.config.graphite.protocol }}" + batch-size = {{ .Values.config.graphite.batch_size | int64 }} + batch-pending = {{ .Values.config.graphite.batch_pending | int64 }} + batch-timeout = "{{ .Values.config.graphite.batch_timeout }}" + consistency-level = "{{ .Values.config.graphite.consistency_level }}" + separator = "{{ .Values.config.graphite.separator }}" + udp-read-buffer = {{ .Values.config.graphite.udp_read_buffer | int64 }} + + # TODO: allow multiple collectd listeners with templates + + [[collectd]] + enabled = {{ .Values.config.collectd.enabled }} + bind-address = ":{{ .Values.config.collectd.bind_address }}" + database = "{{ .Values.config.collectd.database }}" + retention-policy = "{{ .Values.config.collectd.retention_policy }}" + batch-size = {{ .Values.config.collectd.batch_size | int64 }} + batch-pending = {{ .Values.config.collectd.batch_pending | int64 }} + batch-timeout = "{{ .Values.config.collectd.batch_timeout }}" + read-buffer = {{ .Values.config.collectd.read_buffer | int64 }} + typesdb = "{{ .Values.config.collectd.typesdb }}" + security-level = "{{ .Values.config.collectd.security_level }}" + auth-file = "{{ .Values.config.collectd.auth_file }}" + + # TODO: allow multiple opentsdb listeners with templates + + [[opentsdb]] + enabled = {{ .Values.config.opentsdb.enabled }} + bind-address = ":{{ .Values.config.opentsdb.bind_address }}" + database = "{{ .Values.config.opentsdb.database }}" + retention-policy = "{{ .Values.config.opentsdb.retention_policy }}" + consistency-level = "{{ .Values.config.opentsdb.consistency_level }}" + tls-enabled = {{ .Values.config.opentsdb.tls_enabled }} + certificate = "{{ .Values.config.opentsdb.certificate }}" + batch-size = {{ .Values.config.opentsdb.batch_size | int64 }} + batch-pending = {{ .Values.config.opentsdb.batch_pending | int64 }} + batch-timeout = "{{ .Values.config.opentsdb.batch_timeout }}" + log-point-errors = {{ .Values.config.opentsdb.log_point_errors }} + + # TODO: allow multiple udp listeners with templates + + [[udp]] + enabled = {{ .Values.config.udp.enabled }} + bind-address = ":{{ .Values.config.udp.bind_address }}" + database = "{{ .Values.config.udp.database }}" + retention-policy = "{{ .Values.config.udp.retention_policy }}" + batch-size = {{ .Values.config.udp.batch_size | int64 }} + batch-pending = {{ .Values.config.udp.batch_pending | int64 }} + read-buffer = {{ .Values.config.udp.read_buffer | int64 }} + batch-timeout = "{{ .Values.config.udp.batch_timeout }}" + precision = "{{ .Values.config.udp.precision }}" + + [continuous_queries] + log-enabled = {{ .Values.config.continuous_queries.log_enabled }} + enabled = {{ .Values.config.continuous_queries.enabled }} + run-interval = "{{ .Values.config.continuous_queries.run_interval }}" diff --git a/influxdb/templates/deployment.yaml b/influxdb/templates/deployment.yaml new file mode 100644 index 00000000..069a5a2c --- /dev/null +++ b/influxdb/templates/deployment.yaml @@ -0,0 +1,127 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "influxdb.fullname" . }} + labels: + app: {{ template "influxdb.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "influxdb.fullname" . }} + {{- if .Values.watcher.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.watcher.port }}" + monasca.io/usek8slabels: "false" + monasca.io/whitelist: | + - influxdb_average_round_trip_time + - influxdb_dropped_message_count + - influxdb_max_round_trip_time + - influxdb_min_round_trip_time + - influxdb_read_failure_count + - influxdb_running_average_round_trip_time + - influxdb_watcher_status + - influxdb_write_failure_count + - go_memstats_heap_objects + - go_memstats_heap_inuse_bytes + {{- end }} + spec: + containers: + - name: {{ template "influxdb.fullname" . }} + image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - name: api + containerPort: {{ .Values.config.http.bind_address }} + {{ if .Values.config.admin.enabled -}} + - name: admin + containerPort: {{ .Values.config.admin.bind_address }} + {{- end }} + {{ if .Values.config.graphite.enabled -}} + - name: graphite + containerPort: {{ .Values.config.graphite.bind_address }} + {{- end }} + {{ if .Values.config.collectd.enabled -}} + - name: collectd + containerPort: {{ .Values.config.collectd.bind_address }} + {{- end }} + {{ if .Values.config.udp.enabled -}} + - name: udp + containerPort: {{ .Values.config.udp.bind_address }} + {{- end }} + {{ if .Values.config.opentsdb.enabled -}} + - name: opentsdb + containerPort: {{ .Values.config.opentsdb.bind_address }} + {{- end }} + {{- if .Values.watcher.enabled }} + - name: metrics + containerPort: {{ .Values.watcher.port }} + {{- end }} + livenessProbe: + httpGet: + path: /ping + port: api + initialDelaySeconds: {{ .Values.liveness.initial_delay_seconds }} + timeoutSeconds: {{ .Values.liveness.timeout_seconds }} + readinessProbe: + httpGet: + path: /ping + port: api + initialDelaySeconds: {{ .Values.readiness.initial_delay_seconds }} + timeoutSeconds: {{ .Values.readiness.timeout_seconds }} + volumeMounts: + - name: data + mountPath: {{ .Values.config.storage_directory }} + - name: config + mountPath: /etc/influxdb + {{- if .Values.watcher.enabled }} + - name: watcher + image: "{{ .Values.watcher.image.repository }}:{{ .Values.watcher.image.tag }}" + imagePullPolicy: {{ .Values.watcher.image.pullPolicy }} + resources: +{{ toYaml .Values.watcher.resources | indent 12 }} + env: + - name: INFLUXDB_ADDRESS + value: {{ .Values.watcher.address | quote }} + - name: INFLUXDB_USERNAME + value: {{ .Values.watcher.username | quote }} + - name: INFLUXDB_PASSWORD + value: {{ .Values.watcher.password | quote }} + - name: INFLUXDB_DATABASE + value: {{ .Values.watcher.database | quote }} + - name: PROMETHEUS_ENDPOINT + value: "0.0.0.0:{{ .Values.watcher.port }}" + - name: WATCHER_PERIOD + value: {{ .Values.watcher.watcher_period | quote }} + - name: WATCHER_TIMEOUT + value: {{ .Values.watcher.watcher_timeout | quote }} + - name: STAY_ALIVE_ON_FAILURE + value: {{ .Values.watcher.stay_alive_on_failure | quote }} + {{- end }} + volumes: + - name: data + {{- if .Values.persistence.enabled }} + {{- if not (empty .Values.persistence.name) }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.name }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "influxdb.fullname" . }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + - name: config + configMap: + name: {{ template "influxdb.fullname" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} diff --git a/influxdb/templates/post-install-set-auth.yaml b/influxdb/templates/post-install-set-auth.yaml new file mode 100644 index 00000000..27abcbef --- /dev/null +++ b/influxdb/templates/post-install-set-auth.yaml @@ -0,0 +1,43 @@ +{{- if .Values.setDefaultUser.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app: {{ template "influxdb.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ template "influxdb.fullname" . }}-set-auth + annotations: + "helm.sh/hook": post-install +spec: + activeDeadlineSeconds: {{ .Values.setDefaultUser.activeDeadlineSeconds }} + template: + metadata: + labels: + app: {{ template "influxdb.fullname" . }} + release: "{{ .Release.Name }}" + spec: + containers: + - name: {{ template "influxdb.fullname" . }}-set-auth + image: "{{ .Values.setDefaultUser.image }}" + env: + - name: INFLUXDB_USER + valueFrom: + secretKeyRef: + name: {{ template "influxdb.fullname" . }}-auth + key: influxdb-user + - name: INFLUXDB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "influxdb.fullname" . }}-auth + key: influxdb-password + args: + - "/bin/sh" + - "-c" + - | + curl -X POST http://{{ template "influxdb.fullname" . }}:{{ .Values.config.http.bind_address }}/query \ + --data-urlencode \ + "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' {{ .Values.setDefaultUser.user.privileges }}" + restartPolicy: {{ .Values.setDefaultUser.restartPolicy }} +{{- end -}} diff --git a/influxdb/templates/pvc.yaml b/influxdb/templates/pvc.yaml new file mode 100644 index 00000000..94a8d7a2 --- /dev/null +++ b/influxdb/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and (.Values.persistence.enabled) (not .Values.persistence.useExisting) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "{{- if not (empty .Values.persistence.name) }}{{ .Values.persistence.name }}{{- else }}{{ template "influxdb.fullname" . }}{{- end }}" + labels: + app: "{{- if not (empty .Values.persistence.name) }}{{ .Values.persistence.name }}{{- else }}{{ template "influxdb.fullname" . }}{{- end }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/influxdb/templates/secret.yaml b/influxdb/templates/secret.yaml new file mode 100644 index 00000000..3de724ae --- /dev/null +++ b/influxdb/templates/secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.setDefaultUser.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + labels: + app: {{ template "influxdb.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "influxdb.fullname" . }}-auth +data: + {{- if .Values.setDefaultUser.user.password }} + influxdb-password: {{ .Values.setDefaultUser.user.password | b64enc | quote }} + {{- else }} + influxdb-password: {{ randAscii 10 | b64enc | quote }} + {{- end }} + influxdb-user: {{ .Values.setDefaultUser.user.username | b64enc | quote }} +{{- end -}} diff --git a/influxdb/templates/service.yaml b/influxdb/templates/service.yaml new file mode 100644 index 00000000..61a90353 --- /dev/null +++ b/influxdb/templates/service.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + name: {{ template "influxdb.fullname" . }} + labels: + app: {{ template "influxdb.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.service.type }} + ports: + {{- if .Values.config.http.enabled }} + - name: api + port: {{ .Values.config.http.bind_address }} + targetPort: {{ .Values.config.http.bind_address }} + {{- end }} + {{- if .Values.config.admin.enabled }} + - name: admin + port: {{ .Values.config.admin.bind_address }} + targetPort: {{ .Values.config.admin.bind_address }} + {{- end }} + {{- if .Values.config.graphite.enabled }} + - name: graphite + port: {{ .Values.config.graphite.bind_address }} + targetPort: {{ .Values.config.graphite.bind_address }} + {{- end }} + {{- if .Values.config.collectd.enabled }} + - name: collectd + port: {{ .Values.config.collectd.bind_address }} + targetPort: {{ .Values.config.collectd.bind_address }} + {{- end }} + {{- if .Values.config.udp.enabled }} + - name: udp + port: {{ .Values.config.udp.bind_address }} + targetPort: {{ .Values.config.udp.bind_address }} + {{- end }} + {{- if .Values.config.opentsdb.enabled }} + - name: opentsdb + port: {{ .Values.config.opentsdb.bind_address }} + targetPort: {{ .Values.config.opentsdb.bind_address }} + {{- end }} + selector: + app: {{ template "influxdb.fullname" . }} diff --git a/influxdb/values.yaml b/influxdb/values.yaml new file mode 100644 index 00000000..5c098256 --- /dev/null +++ b/influxdb/values.yaml @@ -0,0 +1,231 @@ +## influxdb image version +## ref: https://hub.docker.com/r/library/influxdb/tags/ +image: + repo: "influxdb" + tag: "1.3-alpine" + pullPolicy: IfNotPresent + +## Specify a service type +## NodePort is default +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + ## Add annotations to service + # annotations: {} + type: ClusterIP + +## Persist data to a persistent volume +## +persistence: + enabled: false + ## If true will use an existing PVC instead of creating one + # useExisting: false + ## Name of existing PVC to be used in the influx deployment + # name: + ## influxdb data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 8Gi + +## Create default user through Kubernetes job +## Defaults indicated below +## +setDefaultUser: + enabled: false + + ## Image of the container used for job + ## Default: appropriate/curl:latest + ## + image: appropriate/curl:latest + + ## Deadline for job so it does not retry forever. + ## Default: activeDeadline: 300 + ## + activeDeadline: 300 + + ## Restart policy for job + ## Default: OnFailure + restartPolicy: OnFailure + + user: + + ## The user name + ## Default: "admin" + username: "admin" + + ## User password + ## Default: (Randomly generated 10 characters of Ascii) + # password: + + ## User privileges + ## Default: "WITH ALL PRIVILEGES" + privileges: "WITH ALL PRIVILEGES" + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +resources: + requests: + memory: 256Mi + cpu: 0.1 + limits: + memory: 16Gi + cpu: 8 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Liveness and Readiness check settings +liveness: + initial_delay_seconds: 30 + timeout_seconds: 5 +readiness: + initial_delay_seconds: 30 + timeout_seconds: 1 + +## Change InfluxDB configuration paramaters below: +## Defaults are indicated +## ref: https://docs.influxdata.com/influxdb/v1.1/administration/config/ +config: + reporting_disabled: false + bind_address: 8088 + storage_directory: /var/lib/influxdb + meta: + retention_autocreate: true + logging_enabled: true + data: + query_log_enabled: true + index_version: inmem + cache_max_memory_size: 1073741824 + cache_snapshot_memory_size: 26214400 + cache_snapshot_write_cold_duration: 10m0s + compact_full_write_cold_duration: 4h0m0s + max_series_per_database: 1000000 + max_values_per_tag: 100000 + trace_logging_enabled: false + coordinator: + write_timeout: 10s + max_concurrent_queries: 0 + query_timeout: 0s + log_queries_after: 0s + max_select_point: 0 + max_select_series: 0 + max_select_buckets: 0 + retention: + enabled: true + check_interval: 30m0s + shard_precreation: + enabled: true + check_interval: 10m0s + advance_period: 30m0s + admin: + enabled: false + bind_address: 8083 + https_enabled: false + https_certificate: /etc/ssl/influxdb.pem + monitor: + store_enabled: true + store_database: _internal + store_interval: 10s + subscriber: + enabled: true + http_timeout: 30s + insecure_skip_verify: false + ca_certs: "" + write_concurrency: 40 + write_buffer_size: 1000 + http: + enabled: true + bind_address: 8086 + auth_enabled: false + log_enabled: true + write_tracing: false + pprof_enabled: true + https_enabled: false + https_certificate: /etc/ssl/influxdb.pem + https_private_key: "" + max_row_limit: 10000 + max_connection_limit: 0 + shared_secret: "beetlejuicebeetlejuicebeetlejuice" + realm: InfluxDB + unix_socket_enabled: false + bind_socket: /var/run/influxdb.sock + graphite: + enabled: false + bind_address: 2003 + database: graphite + retention_policy: autogen + protocol: tcp + batch_size: 5000 + batch_pending: 10 + batch_timeout: 1s + consistency_level: one + separator: . + udp_read_buffer: 0 + collectd: + enabled: false + bind_address: 25826 + database: collectd + retention_policy: autogen + batch_size: 5000 + batch_pending: 10 + batch_timeout: 10s + read_buffer: 0 + typesdb: /usr/share/collectd/types.db + security_level: none + auth_file: /etc/collectd/auth_file + opentsdb: + enabled: false + bind_address: 4242 + database: opentsdb + retention_policy: autogen + consistency_level: one + tls_enabled: false + certificate: /etc/ssl/influxdb.pem + batch_size: 1000 + batch_pending: 5 + batch_timeout: 1s + log_point_errors: true + udp: + enabled: false + bind_address: 8089 + database: udp + retention_policy: autogen + batch_size: 5000 + batch_pending: 10 + read_buffer: 0 + batch_timeout: 1s + precision: "ns" + continuous_queries: + log_enabled: true + enabled: true + run_interval: 1s + +watcher: + enabled: false + image: + repository: monasca/influxdb-watcher + tag: 0.0.2 + pullPolicy: IfNotPresent + resources: + requests: + memory: 32Mi + cpu: 25m + limits: + memory: 64Mi + cpu: 50m + port: 8080 + address: http://localhost:8086 + username: influxdb_watcher + password: password + database: mon + watcher_period: 600 + watcher_timeout: 60 + stay_alive_on_failure: false diff --git a/kafka/.helmignore b/kafka/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/kafka/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kafka/Chart.yaml b/kafka/Chart.yaml new file mode 100644 index 00000000..581f1f55 --- /dev/null +++ b/kafka/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: A Helm chart for Kafka +name: kafka +version: 0.4.3 diff --git a/kafka/README.md b/kafka/README.md new file mode 100644 index 00000000..313884cb --- /dev/null +++ b/kafka/README.md @@ -0,0 +1,36 @@ +### Kafka Configuration parameters + +Parameter | Description | Default +--------- | ----------- | ------- +`image.repository` | Kafka container image repository | `monasca/kafka` +`image.tag` | Kafka container image tag | `0.9.0.1-2.11-1.1.4` +`image.pullPolicy` | Kafka container image pull policy | `IfNotPresent` +`resources.requests.memory` | Memory request per kafka pod | `1Gi` +`resources.requests.cpu` | CPU request per kafka pod | `250m` +`resources.limits.memory` | Memory limit per kafka pod | `2Gi` +`resources.limits.cpu` | Memory limit per kafka pod | `2000m` +`persistence.storageClass` | Kafka storage class | `default` +`persistence.enabled` | Kafka persistent storage enabled flag | `false` +`persistence.accessMode` | Kafka persistent storage accessMode | `ReadWriteOnce` +`persistence.size` | Kafka persistent storage size | `10Gi` +`topic_config` | Default config args for created topics | `segment.ms=900000` +`service.port` | Kafka service port | `9092` +`service.type` | Kafka service type | `ClusterIP` +`exporter.enabled` | Kafka exporter enabled flag | `false` +`exporter.image.repository` | Kafka exporter container image repository | `rbrndt/kafka-prometheus` +`exporter.image.tag` | Kafka exporter container image tag | `latest` +`exporter.image.pullPolicy` | Kafka exporter container image pull policy | `IfNotPresent` +`exporter.port` | Kafka exporter port to expose Promethues metrics on | `7204` +`stack_size` | JVM stack size | `1024k` +`memory_ratio` | Ratio of memory to reserve for the JVM out of cgroup limit | `.85` +`stay_alive_on_failure` | If `true`, container stays alive for 2 hours after kafka exits | `false` +`watcher.enabled` | Kafka watcher enabled flag | `false` +`watcher.image.repository` | Kafka watcher container image repository | `monasca/kafka-watcher` +`watcher.image.tag` | Kafka watcher container image tag | `latest` +`watcher.image.pullPolicy` | Kafka watcher container image pull policy | `IfNotPresent` +`watcher.health_check_topic` | Kafka watcher health check topic | `kafka-health-check` +`watcher.group_id` | Kafka watcher consumer group id | `kafka_watcher` +`watcher.watcher_period` | Kafka watcher period | `600` +`watcher.watcher_timeout` | Kafka watcher read/write timeout | `60` +`watcher.stay_alive_on_failure` | If `true`, watcher container stays alive for 2 hours after watcher exits | `false` +`watcher.port` | Kafka watcher port to expose Promethues metrics on | `8080` diff --git a/kafka/templates/_helpers.tpl b/kafka/templates/_helpers.tpl new file mode 100644 index 00000000..a2ef2480 --- /dev/null +++ b/kafka/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified cleanup name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "kafka.cleanup.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s-%s" .Release.Name $name "cleanup" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kafka/templates/cleanup-hook.yaml b/kafka/templates/cleanup-hook.yaml new file mode 100644 index 00000000..ae6a699e --- /dev/null +++ b/kafka/templates/cleanup-hook.yaml @@ -0,0 +1,47 @@ +apiVersion: batch/v1 +kind: Job +metadata: + # while not recommended, we add a random sequence to the end of the job name + # this job will attempt to delete itself when finished, but should it fail for + # some reason we don't want future upgrades to fail because of a name conflict + # (plus the future runs of this job will delete any previous iterations that + # failed to clean themselves up) + name: "{{ template "kafka.cleanup.fullname" . }}-job-{{ randAlphaNum 5 | lower }}" + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,post-delete + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + restartPolicy: OnFailure + containers: + - name: {{ template "name" . }}-{{ .Values.cleanup.name }}-job + image: "{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}" + imagePullPolicy: {{ .Values.cleanup.image.pullPolicy }} + resources: +{{ toYaml .Values.cleanup.resources | indent 12 }} + env: + - name: "WAIT_RETRIES" + value: "{{ .Values.cleanup.wait.retries }}" + - name: "WAIT_DELAY" + value: "{{ .Values.cleanup.wait.delay }}" + - name: "WAIT_TIMEOUT" + value: "{{ .Values.cleanup.wait.timeout }}" + {{- if .Values.cleanup.serviceAccount }} + serviceAccountName: {{ .Values.cleanup.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "kafka.cleanup.fullname" . }}" + {{- end }} diff --git a/kafka/templates/cleanup-role.yaml b/kafka/templates/cleanup-role.yaml new file mode 100644 index 00000000..5f13c63b --- /dev/null +++ b/kafka/templates/cleanup-role.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: Role +metadata: + name: {{ template "kafka.cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete", "patch"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "delete"] +{{- end }} diff --git a/kafka/templates/cleanup-rolebinding.yaml b/kafka/templates/cleanup-rolebinding.yaml new file mode 100644 index 00000000..227db9b6 --- /dev/null +++ b/kafka/templates/cleanup-rolebinding.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "kafka.cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ template "kafka.cleanup.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ template "kafka.cleanup.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/kafka/templates/cleanup-serviceaccount.yaml b/kafka/templates/cleanup-serviceaccount.yaml new file mode 100644 index 00000000..d988a550 --- /dev/null +++ b/kafka/templates/cleanup-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kafka.cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/kafka/templates/deployment.yaml b/kafka/templates/deployment.yaml new file mode 100644 index 00000000..dab82481 --- /dev/null +++ b/kafka/templates/deployment.yaml @@ -0,0 +1,124 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: kafka +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + {{- if .Values.watcher.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.watcher.port }}" + monasca.io/usek8slabels: "false" + monasca.io/whitelist: | + - kafka_dropped_message_count + - kafka_max_round_trip_time + - kafka_min_round_trip_time + - kafka_read_failure_count + - kafka_watcher_status + - kafka_write_failure_count + - go_memstats_heap_objects + - go_memstats_heap_inuse_bytes + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + ports: + - name: kafka + containerPort: 9092 + volumeMounts: + - name: kafka + mountPath: /data + env: + - name: KAFKA_DELETE_TOPIC_ENABLE + value: "true" + - name: KAFKA_AUTO_CREATE_TOPICS + value: "false" + - name: KAFKA_JMX + value: "true" + - name: JVM_MAX_RATIO + value: {{ .Values.memory_ratio | quote }} + - name: KAFKA_STACK_SIZE + value: {{ .Values.stack_size | quote }} + - name: ZOOKEEPER_CONNECTION_STRING + {{- if .Values.zookeeper.overrideUri }} + value: "{{ .Values.zookeeper.overrideUri }}" + {{- else }} + value: {{ .Release.Name }}-zookeeper:2181 + {{- end }} + - name: STAY_ALIVE_ON_FAILURE + value: {{ .Values.stay_alive_on_failure | quote }} + {{- if .Values.exporter.enabled }} + - name: {{ .Chart.Name }}-exporter + image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}" + imagePullPolicy: {{ .Values.exporter.image.pullPolicy }} + ports: + - name: exporter + containerPort: {{ .Values.exporter.port }} + volumeMounts: + - name: kafka-exporter + mountPath: /prometheus-config + {{- end }} + {{- if .Values.watcher.enabled }} + - name: watcher + image: "{{ .Values.watcher.image.repository }}:{{ .Values.watcher.image.tag }}" + imagePullPolicy: {{ .Values.watcher.image.pullPolicy }} + resources: +{{ toYaml .Values.watcher.resources | indent 12 }} + env: + - name: HEALTH_CHECK_TOPIC + value: {{ .Values.watcher.health_check_topic | quote }} + - name: BOOT_STRAP_SERVERS + value: "localhost:9092" + - name: GROUP_ID + value: {{ .Values.watcher.group_id | quote }} + - name: PROMETHEUS_ENDPOINT + value: "0.0.0.0:{{ .Values.watcher.port }}" + - name: WATCHER_PERIOD + value: {{ .Values.watcher.watcher_period | quote }} + - name: WATCHER_TIMEOUT + value: {{ .Values.watcher.watcher_timeout | quote }} + - name: STAY_ALIVE_ON_FAILURE + value: {{ .Values.watcher.stay_alive_on_failure | quote }} + ports: + - name: metrics + containerPort: {{ .Values.watcher.port }} + {{- end }} + volumes: + - name: kafka + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ template "fullname" . }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- if .Values.exporter.enabled }} + - name: kafka-exporter + configMap: + name: {{ template "fullname" . }}-exporter + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - "{{ .Release.Name }}-influxdb" + topologyKey: "kubernetes.io/hostname" diff --git a/kafka/templates/exporter-configmap.yaml b/kafka/templates/exporter-configmap.yaml new file mode 100644 index 00000000..b01f2198 --- /dev/null +++ b/kafka/templates/exporter-configmap.yaml @@ -0,0 +1,50 @@ +{{- if .Values.exporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-exporter + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + kafka-config.yml: | + --- + jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:7203/jmxrmi + + lowercaseOutputName: true + rules: + - pattern: '"kafka.controller"<>(Value)' + name: kafka_controller_$1_$2 + - pattern: '"kafka.server"<>(Value)' + name: kafka_server_$1_$2 + # This metric doesn't appear to be available in 0.8.1.1 + #- pattern: '"kafka.server"<>(Value)' + # name: kafka_server_$2 + - pattern: '"kafka.server"<>(Count)' + name: kafka_server_$1_$2_$3_total + labels: + topic: all_topics + - pattern: '"kafka.server"<>(Count)' + name: kafka_server_$1_$3_$4_total + labels: + topic: $2 + - pattern: '"kafka.network"<>(Count)' + name: kafka_network_$1_fetch_$2_total_ms + - pattern: '"kafka.network"<>(Count)' + name: kafka_network_$1_produce_$2_ms + # These metric doesn't appear to be available in 0.8.1.1 + #- pattern: '"kafka.server"<>(Count)' + # name: kafka_server_$1_$2 + #- pattern: "kafka.network"<>(Value)' + # name: kafa_network_$1_$2 + - pattern: '"kafka.controller"<>(Count)' + name: kafka_controller_$1_$2 + - pattern: '"kafka.server"<>(Value)' + name: kafka_server_$1_$3 + labels: + topic: $2 + - pattern: '"kafka.server"<>(Count)' + name: kafka_server_$1_isr_$2_per_sec +{{- end }} diff --git a/kafka/templates/init-job.yaml b/kafka/templates/init-job.yaml new file mode 100644 index 00000000..65427e74 --- /dev/null +++ b/kafka/templates/init-job.yaml @@ -0,0 +1,49 @@ +{{- if .Values.init.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-init-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "kafka-init-job" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: kafka-init-job + spec: + restartPolicy: OnFailure + containers: + - name: kafka-init-job + image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" + imagePullPolicy: {{ .Values.init.image.pullPolicy }} + resources: +{{ toYaml .Values.init.resources | indent 12 }} + env: + - name: KAFKA_HOST + value: "{{ template "fullname" . }}:9092" + - name: ZOOKEEPER_CONNECTION_STRING + {{- if .Values.zookeeper.overrideUri }} + value: "{{ .Values.zookeeper.overrideUri }}" + {{- else }} + value: {{ .Release.Name }}-zookeeper:2181 + {{- end }} + - name: KAFKA_DELETE_TOPIC_ENABLE + value: "true" + - name: KAFKA_AUTO_CREATE_TOPICS + value: "false" + - name: JVM_MAX_HEAP_RATIO + value: {{ .Values.heap_ratio | quote }} + - name: KAFKA_STACK_SIZE + value: {{ .Values.stack_size | quote }} + {{- if .Values.init.topicConfig }} + - name: KAFKA_TOPIC_CONFIG + value: {{ .Values.init.topicConfig | quote }} + {{- end }} + - name: KAFKA_CREATE_TOPICS + value: {{ .Values.init.topics | join "," | quote }} +{{- end }} diff --git a/kafka/templates/pvc.yaml b/kafka/templates/pvc.yaml new file mode 100644 index 00000000..712819d6 --- /dev/null +++ b/kafka/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "fullname" . }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kafka/templates/static-svc.yaml b/kafka/templates/static-svc.yaml new file mode 100644 index 00000000..d622c9d0 --- /dev/null +++ b/kafka/templates/static-svc.yaml @@ -0,0 +1,19 @@ +{{- if .Values.static_service.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ .Values.static_service.name }} +spec: + type: {{ .Values.static_service.type }} + ports: + - name: kafka + port: {{ .Values.static_service.port }} + targetPort: kafka + selector: + app: {{ template "fullname" . }} +{{- end }} diff --git a/kafka/templates/svc.yaml b/kafka/templates/svc.yaml new file mode 100644 index 00000000..dd34b8f6 --- /dev/null +++ b/kafka/templates/svc.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "fullname" . }} +spec: + type: {{ .Values.service.type }} + ports: + - name: kafka + port: {{ .Values.service.port }} + targetPort: kafka + selector: + app: {{ template "fullname" . }} diff --git a/kafka/values.yaml b/kafka/values.yaml new file mode 100644 index 00000000..e7fe216b --- /dev/null +++ b/kafka/values.yaml @@ -0,0 +1,93 @@ +exporter: + enabled: false + image: + repository: rbrndt/kafka-prometheus + tag: latest + pullPolicy: IfNotPresent + port: 7204 +watcher: + enabled: false + image: + repository: monasca/kafka-watcher + tag: 0.0.4 + pullPolicy: IfNotPresent + resources: + requests: + memory: 32Mi + cpu: 25m + limits: + memory: 64Mi + cpu: 50m + port: 8080 + health_check_topic: kafka-health-check + group_id: kafka_watcher + watcher_period: 600 + watcher_timeout: 60 + stay_alive_on_failure: false +image: + repository: monasca/kafka + tag: 0.9.0.1-2.11-1.1.6 + pullPolicy: IfNotPresent +service: + type: ClusterIP + port: 9092 +resources: + requests: + memory: 1Gi + cpu: 250m + limits: + memory: 2Gi + cpu: 2000m +persistence: + storageClass: default + enabled: false + accessMode: ReadWriteOnce + size: 10Gi +memory_ratio: .85 +stack_size: 1024k +stay_alive_on_failure: false +init: + enabled: true + image: + repository: monasca/kafka-init + tag: 0.0.3 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 256Mi + cpu: 250m + topicConfig: '' + topics: [] +static_service: + enabled: false + type: ClusterIP + name: kafka + port: 9092 + +zookeeper: + overrideUri: '' + +cleanup: + name: cleanup + serviceAccount: '' + image: + repository: monasca/job-cleanup + tag: 1.2.1 + pullPolicy: IfNotPresent + resources: + requests: + memory: 64Mi + cpu: 50m + limits: + memory: 128Mi + cpu: 100m + wait: + retries: "24" + delay: "5.0" + timeout: "10" + +rbac: + create: false diff --git a/keystone-init/.helmignore b/keystone-init/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/keystone-init/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/keystone-init/Chart.yaml b/keystone-init/Chart.yaml new file mode 100644 index 00000000..bd6274ac --- /dev/null +++ b/keystone-init/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: Chart to initialize users in Keystone +name: keystone-init +version: 0.4.0 diff --git a/keystone-init/templates/NOTES.txt b/keystone-init/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/keystone-init/templates/_helpers.tpl b/keystone-init/templates/_helpers.tpl new file mode 100644 index 00000000..41ac2a93 --- /dev/null +++ b/keystone-init/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified cleanup name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "cleanup.fullname" -}} +{{- printf "%s-%s" .Release.Name "cleanup" | trunc 63 -}} +{{- end -}} diff --git a/keystone-init/templates/_keystone_env.tpl b/keystone-init/templates/_keystone_env.tpl new file mode 100644 index 00000000..1416da36 --- /dev/null +++ b/keystone-init/templates/_keystone_env.tpl @@ -0,0 +1,150 @@ +{{- /* +Read a single optional secret or string from values into an `env` `value:` or +`valueFrom:`, depending on the user-defined content of the value. + +Example: + - name: OS_AUTH_URL + {{ template "keystone_init_secret_env" .Values.auth.url }} + +Note that unlike keystone_init_keystone_env, secret_key can not have any default +values. + +Make sure to change the name of this template when copying to keep it unique, +e.g. chart_name_secret_env. +*/}} +{{- define "keystone_init_secret_env" -}} +{{- if eq (kindOf .) "map" -}} + valueFrom: + secretKeyRef: + name: "{{ .secret_name }}" + key: "{{ .secret_key }}" +{{- else -}} + value: "{{ . }}" +{{- end -}} +{{- end -}} + +{{- /* +Generate a list of environment vars for Keystone Auth + +Example: + env: +{{ include "keystone_init_keystone_env" .Values.my_pod.auth | indent 4 }} + +(indent level should be adjusted as necessary) + +Make sure to change the name of this template when copying to keep it unique, +e.g. chart_name_keystone_env. + +Note that keystone_init_secret_env is not used here because we want to provide +default key names. +*/}} +{{- define "keystone_init_keystone_env" -}} +- name: OS_AUTH_URL +{{- if eq (kindOf .url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .url.secret_name }}" + key: "{{ .url.secret_key | default "OS_AUTH_URL" }}" +{{- else }} + value: "{{ .url }}" +{{- end }} +{{- if .admin_url }} +- name: OS_ADMIN_URL +{{- if eq (kindOf .admin_url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .admin_url.secret_name }}" + key: "{{ .admin_url.secret_key | default "OS_ADMIN_URL" }}" +{{- else }} + value: "{{ .admin_url }}" +{{- end }} +{{- end }} +{{- if .api_version }} +- name: OS_IDENTITY_API_VERSION + value: "{{ .api_version }}" +{{- end }} +- name: OS_USERNAME +{{- if eq (kindOf .username) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .username.secret_name }}" + key: "{{ .username.secret_key | default "OS_USERNAME" }}" +{{- else }} + value: "{{ .username }}" +{{- end }} +- name: OS_PASSWORD +{{- if eq (kindOf .password) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .password.secret_name }}" + key: "{{ .password.secret_key | default "OS_PASSWORD" }}" +{{- else }} + value: "{{ .password }}" +{{- end }} +{{- if .user_domain_name }} +- name: OS_USER_DOMAIN_NAME +{{- if eq (kindOf .user_domain_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .user_domain_name.secret_name }}" + key: "{{ .user_domain_name.secret_key | default "OS_USER_DOMAIN_NAME" }}" +{{- else }} + value: "{{ .user_domain_name }}" +{{- end }} +{{- end }} +{{- if .project_name }} +- name: OS_PROJECT_NAME +{{- if eq (kindOf .project_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .project_name.secret_name }}" + key: "{{ .project_name.secret_key | default "OS_PROJECT_NAME" }}" +{{- else }} + value: "{{ .project_name }}" +{{- end }} +{{- end }} +{{- if .project_domain_name }} +- name: OS_PROJECT_DOMAIN_NAME +{{- if eq (kindOf .project_domain_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .project_domain_name.secret_name }}" + key: "{{ .project_domain_name.secret_key | default "OS_PROJECT_DOMAIN_NAME" }}" +{{- else }} + value: "{{ .project_domain_name }}" +{{- end }} +{{- end }} +{{- if .tenant_name }} +- name: OS_TENANT_NAME +{{- if eq (kindOf .tenant_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .tenant_name.secret_name }}" + key: "{{ .tenant_name.secret_key | default "OS_TENANT_NAME" }}" +{{- else }} + value: "{{ .tenant_name }}" +{{- end }} +{{- end }} +{{- if .tenant_id }} +- name: OS_TENANT_ID +{{- if eq (kindOf .tenant_id) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .tenant_id.secret_name }}" + key: "{{ .tenant_id.secret_key | default "OS_TENANT_ID" }}" +{{- else }} + value: "{{ .tenant_id }}" +{{- end }} +{{- end }} +{{- if .region_name }} +- name: OS_REGION_NAME +{{- if eq (kindOf .region_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .region_name.secret_name }}" + key: "{{ .region_name.secret_key | default "OS_REGION_NAME" }}" +{{- else }} + value: "{{ .region_name }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/keystone-init/templates/cleanup-hook.yaml b/keystone-init/templates/cleanup-hook.yaml new file mode 100644 index 00000000..6cfc5176 --- /dev/null +++ b/keystone-init/templates/cleanup-hook.yaml @@ -0,0 +1,47 @@ +apiVersion: batch/v1 +kind: Job +metadata: + # while not recommended, we add a random sequence to the end of the job name + # this job will attempt to delete itself when finished, but should it fail for + # some reason we don't want future upgrades to fail because of a name conflict + # (plus the future runs of this job will delete any previous iterations that + # failed to clean themselves up) + name: "{{ template "cleanup.fullname" . }}-job-{{ randAlphaNum 5 | lower }}" + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,post-delete + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + restartPolicy: OnFailure + containers: + - name: {{ template "name" . }}-{{ .Values.cleanup.name }}-job + image: "{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}" + imagePullPolicy: {{ .Values.cleanup.image.pullPolicy }} + resources: +{{ toYaml .Values.cleanup.resources | indent 12 }} + env: + - name: "WAIT_RETRIES" + value: "{{ .Values.cleanup.wait.retries }}" + - name: "WAIT_DELAY" + value: "{{ .Values.cleanup.wait.delay }}" + - name: "WAIT_TIMEOUT" + value: "{{ .Values.cleanup.wait.timeout }}" + {{- if .Values.cleanup.serviceAccount }} + serviceAccountName: {{ .Values.cleanup.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "cleanup.fullname" . }}" + {{- end }} diff --git a/keystone-init/templates/cleanup-role.yaml b/keystone-init/templates/cleanup-role.yaml new file mode 100644 index 00000000..6240a8ff --- /dev/null +++ b/keystone-init/templates/cleanup-role.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: Role +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete", "patch"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "delete"] +{{- end }} diff --git a/keystone-init/templates/cleanup-rolebinding.yaml b/keystone-init/templates/cleanup-rolebinding.yaml new file mode 100644 index 00000000..92d88a03 --- /dev/null +++ b/keystone-init/templates/cleanup-rolebinding.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ template "cleanup.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ template "cleanup.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/keystone-init/templates/cleanup-serviceaccount.yaml b/keystone-init/templates/cleanup-serviceaccount.yaml new file mode 100644 index 00000000..c021a7fa --- /dev/null +++ b/keystone-init/templates/cleanup-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/keystone-init/templates/keystone-init-job.yaml b/keystone-init/templates/keystone-init-job.yaml new file mode 100644 index 00000000..3c461b2f --- /dev/null +++ b/keystone-init/templates/keystone-init-job.yaml @@ -0,0 +1,51 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-job + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.keystone_init.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: +{{- if .Values.keystone_init.deadline }} + activeDeadlineSeconds: {{ .Values.keystone_init.deadline }} +{{- end }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.keystone_init.name }}" + spec: + restartPolicy: OnFailure + volumes: + - name: preload-config + configMap: + name: "{{ template "fullname" . }}-preload" + containers: + - name: {{ template "fullname" . }}-job + image: "{{ .Values.keystone_init.image.repository }}:{{ .Values.keystone_init.image.tag }}" + imagePullPolicy: {{ .Values.keystone_init.image.pullPolicy }} + resources: +{{ toYaml .Values.keystone_init.resources | indent 12 }} + env: + - name: LOG_LEVEL + value: {{ .Values.keystone_init.log_level }} + - name: KEYSTONE_TIMEOUT + value: "{{ .Values.keystone_init.timeout }}" + - name: KEYSTONE_VERIFY + value: "{{ .Values.keystone_init.verify }}" + - name: KEYSTONE_CERT + value: "{{ .Values.keystone_init.cert }}" +{{ include "keystone_init_keystone_env" .Values.keystone_init.auth | indent 12 }} + - name: PRELOAD_PATH + value: "/config/preload.yml" + volumeMounts: + - name: preload-config + mountPath: /config + {{- if .Values.keystone_init.serviceAccount }} + serviceAccountName: {{ .Values.keystone_init.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "fullname" . }}" + {{- end }} diff --git a/keystone-init/templates/keystone-preload-configmap.yaml b/keystone-init/templates/keystone-preload-configmap.yaml new file mode 100644 index 00000000..29935ecd --- /dev/null +++ b/keystone-init/templates/keystone-preload-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "fullname" . }}-preload" + labels: + app: "{{ template "fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + preload.yml: | +{{ toYaml .Values.keystone_init.preload | indent 4 }} diff --git a/keystone-init/templates/keystone-role.yaml b/keystone-init/templates/keystone-role.yaml new file mode 100644 index 00000000..6ad35c85 --- /dev/null +++ b/keystone-init/templates/keystone-role.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.rbac.create) (not .Values.keystone_init.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: Role +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.keystone_init.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "create"] +{{- end }} diff --git a/keystone-init/templates/keystone-rolebinding.yaml b/keystone-init/templates/keystone-rolebinding.yaml new file mode 100644 index 00000000..595a8aa2 --- /dev/null +++ b/keystone-init/templates/keystone-rolebinding.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.rbac.create) (not .Values.keystone_init.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.keystone_init.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ template "fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/keystone-init/templates/keystone-serviceaccount.yaml b/keystone-init/templates/keystone-serviceaccount.yaml new file mode 100644 index 00000000..17577dc7 --- /dev/null +++ b/keystone-init/templates/keystone-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.keystone_init.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.keystone_init.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/keystone-init/values.yaml b/keystone-init/values.yaml new file mode 100644 index 00000000..1fce894b --- /dev/null +++ b/keystone-init/values.yaml @@ -0,0 +1,109 @@ +# Default values for keystone-init. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +keystone_init: + name: keystone-init + + # an optional preexisting serviceAccount to use + # to create a service account with the deployment, + # deploy with rbac.create=true + serviceAccount: '' + + image: + repository: monasca/keystone-init + tag: 1.3.0 + pullPolicy: IfNotPresent + + # general options for the init job + log_level: INFO # python logging level + timeout: "10" # timeout in seconds + verify: "true" # if "true", verify SSL + cert: '' # cert to override if desired (must be mounted as configmap) + + # keystone authentication for this component + # note that these options allow the init container to connect to keystone and + # the referenced account must already exist + # each parameter may either be specified directly as a string OR reference a + # secret + # example: + # # plaintext (will be stored in Helm's ConfigMap) + # password: 'some-plaintext-password' + # + # # secret ref + # password: + # secret_name: some-secret-name + # # key is optional, will default to `OS_`-style variables + # secret_key: some-key + auth: + url: 'http://keystone:5000' + username: "admin" + password: "s3cr3t" + user_domain_name: Default + project_name: 'admin' + project_domain_name: Default + + # specify domains, projects, roles, and users to create + preload: + # global roles + global_roles: [] + + # named domains, the key name will be used to look up keystone domain name + domains: + # note that `default` is special and refers directly to the ID `default`, + # not the name `Default` + default: + # a list of project names that must exist (will be created) + projects: [] + + # a list of domain-scoped role names that must exist (will be created) + roles: [] + + # a list of user objects that must exist + # example: + # users: + # - username: some-user + # project: some-project # will be created if it does not exist + # roles: # will also be created automatically + # - a + # - b + # - c + # # if desired, create a secret (optional): + # secret: some-secret-name + # # alternatively, specify a namespace and name + # secret: some-namespace/some-secret-name + # # or even: + # secret: + # namespace: some-namespace + # name: some-secret-name + users: [] + + # container resource limits and requests + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +cleanup: + name: cleanup + serviceAccount: '' + image: + repository: monasca/job-cleanup + tag: 1.2.1 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 128Mi + cpu: 250m + wait: + retries: "10" + delay: "3.0" + timeout: "10" + +rbac: + create: false diff --git a/monasca-agent/.helmignore b/monasca-agent/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/monasca-agent/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/monasca-agent/Chart.yaml b/monasca-agent/Chart.yaml new file mode 100644 index 00000000..7392e448 --- /dev/null +++ b/monasca-agent/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +description: A Helm chart for Monasca-agent +name: monasca-agent +version: 0.2.3 +sources: +- https://github.com/openstack/monasca-agent +maintainers: +- name: Tim Buckley + email: timothy.jas.buckley@hpe.com diff --git a/monasca-agent/templates/_helpers.tpl b/monasca-agent/templates/_helpers.tpl new file mode 100644 index 00000000..308975b6 --- /dev/null +++ b/monasca-agent/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/monasca-agent/templates/configmap.yaml b/monasca-agent/templates/configmap.yaml new file mode 100644 index 00000000..d8c1c4ec --- /dev/null +++ b/monasca-agent/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.plugins.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ template "fullname" . }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{ toYaml .Values.plugins.config_files | indent 2 }} +{{- end}} diff --git a/monasca-agent/templates/daemonset.yaml b/monasca-agent/templates/daemonset.yaml new file mode 100644 index 00000000..a721a7de --- /dev/null +++ b/monasca-agent/templates/daemonset.yaml @@ -0,0 +1,124 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: "{{ template "fullname" . }}-daemonset" +spec: + template: + metadata: + labels: + component: "{{ template "fullname" . }}-daemonset" + app: {{ template "fullname" . }} + spec: + containers: + - name: {{ template "name" . }}-collector-daemonset + image: "{{ .Values.collector.image.repository }}:{{ .Values.collector.image.tag }}" + imagePullPolicy: {{ .Values.collector.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES + value: "true" + - name: KUBERNETES_TIMEOUT + value: {{ .Values.kubernetes.timeout | quote }} + - name: KUBERNETES_LABELS + value: {{ .Values.kubernetes.kubernetes_labels | quote }} + - name: PROMETHEUS + value: {{ .Values.prometheus.auto_detect_pod_endpoints | quote }} + - name: PROMETHEUS_TIMEOUT + value: {{ .Values.prometheus.timeout | quote }} + - name: PROMETHEUS_DETECT_METHOD + value: pod + - name: PROMETHEUS_KUBERNETES_LABELS + value: {{ .Values.prometheus.kubernetes_labels | quote }} + - name: CADVISOR + value: {{ .Values.cadvisor.enabled | quote }} + - name: CADVISOR_TIMEOUT + value: {{ .Values.cadvisor.timeout | quote }} + - name: OS_AUTH_URL + value: {{ .Values.keystone.url | quote }} + - name: OS_USERNAME + value: {{ .Values.keystone.os_username | quote }} + - name: OS_USER_DOMAIN_NAME + value: {{ .Values.keystone.os_user_domain_name | quote }} + - name: OS_PASSWORD + value: {{ .Values.keystone.os_password | quote }} + - name: OS_PROJECT_NAME + value: {{ .Values.keystone.os_project_name | quote }} + - name: OS_PROJECT_DOMAIN_NAME + value: {{ .Values.keystone.os_project_domain_name | quote }} + - name: LOG_LEVEL + value: {{ .Values.log_level | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + {{- if .Values.namespace_annotations }} + - name: KUBERNETES_NAMESPACE_ANNOTATIONS + value: {{ .Values.namespace_annotations | quote}} + {{- end}} + {{- if .Values.dimensions }} + - name: DIMENSIONS + value: {{ .Values.dimensions | quote}} + {{- end}} + - name: CHECK_FREQ + value: {{ .Values.collector.check_freq | quote }} + - name: NUM_COLLECTOR_THREADS + value: {{ .Values.collector.num_collector_threads | quote }} + - name: POOL_FULL_MAX_TRIES + value: {{ .Values.collector.pool_full_max_retries | quote }} + - name: SUB_COLLECTION_WARN + value: {{ .Values.collector.sub_collection_warn | quote }} + - name: {{ template "name" . }}-forwarder-daemonset + image: "{{ .Values.forwarder.image.repository }}:{{ .Values.forwarder.image.tag }}" + imagePullPolicy: {{ .Values.forwarder.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OS_AUTH_URL + value: {{ .Values.keystone.url | quote }} + - name: OS_USERNAME + value: {{ .Values.keystone.os_username | quote }} + - name: OS_USER_DOMAIN_NAME + value: {{ .Values.keystone.os_user_domain_name | quote }} + - name: OS_PASSWORD + value: {{ .Values.keystone.os_password | quote }} + - name: OS_PROJECT_NAME + value: {{ .Values.keystone.os_project_name | quote }} + - name: OS_PROJECT_DOMAIN_NAME + value: {{ .Values.keystone.os_project_domain_name | quote }} + - name: MONASCA_URL + value: {{ .Values.monasca_url | quote }} + - name: LOG_LEVEL + value: {{ .Values.log_level | quote }} + - name: INSECURE + value: {{ .Values.insecure | quote }} + - name: MAX_BATCH_SIZE + value: {{ .Values.forwarder.max_batch_size | quote }} + - name: MAX_MEASUREMENT_BUFFER_SIZE + value: {{ .Values.forwarder.max_measurement_buffer_size | quote }} + - name: BACKLOG_SEND_RATE + value: {{ .Values.forwarder.backlog_send_rate | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + - name: NON_LOCAL_TRAFFIC + value: {{ .Values.forwarder.non_local_traffic | quote }} diff --git a/monasca-agent/templates/deployment.yaml b/monasca-agent/templates/deployment.yaml new file mode 100644 index 00000000..a1ca991b --- /dev/null +++ b/monasca-agent/templates/deployment.yaml @@ -0,0 +1,143 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: "{{ template "fullname" . }}-deployment" +spec: + template: + metadata: + labels: + component: "{{ template "fullname" . }}-deployment" + app: {{ template "fullname" . }} + spec: + containers: + - name: {{ template "name" . }}-collector-deployment + image: "{{ .Values.collector.image.repository }}:{{ .Values.collector.image.tag }}" + imagePullPolicy: {{ .Values.collector.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES_API + value: "true" + - name: KUBERNETES_API_TIMEOUT + value: {{ .Values.kubernetes_api.timeout | quote }} + - name: KUBERNETES_API_LABELS + value: {{ .Values.kubernetes_api.kubernetes_labels | quote }} + - name: PROMETHEUS + value: {{ .Values.prometheus.auto_detect_service_endpoints | quote }} + - name: PROMETHEUS_TIMEOUT + value: {{ .Values.prometheus.timeout | quote }} + - name: PROMETHEUS_DETECT_METHOD + value: service + - name: PROMETHEUS_KUBERNETES_LABELS + value: {{ .Values.prometheus.kubernetes_labels | quote }} + - name: OS_AUTH_URL + value: {{ .Values.keystone.url | quote }} + - name: OS_USERNAME + value: {{ .Values.keystone.os_username | quote }} + - name: OS_USER_DOMAIN_NAME + value: {{ .Values.keystone.os_user_domain_name | quote }} + - name: OS_PASSWORD + value: {{ .Values.keystone.os_password | quote }} + - name: OS_PROJECT_NAME + value: {{ .Values.keystone.os_project_name | quote }} + - name: OS_PROJECT_DOMAIN_NAME + value: {{ .Values.keystone.os_project_domain_name | quote }} + - name: LOG_LEVEL + value: {{ .Values.log_level | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + {{- if .Values.namespace_annotations }} + - name: KUBERNETES_NAMESPACE_ANNOTATIONS + value: {{ .Values.namespace_annotations | quote}} + {{- end}} + {{- if .Values.kubernetes_api.storage.parameter_dimensions }} + - name: STORAGE_PARAMETERS_DIMENSIONS + value: {{ .Values.kubernetes_api.storage.parameter_dimensions | quote}} + {{- end}} + - name: REPORT_PERSISTENT_STORAGE + value: {{ .Values.kubernetes_api.storage.report | quote }} + {{- if .Values.dimensions }} + - name: DIMENSIONS + value: {{ .Values.dimensions | quote}} + {{- end}} + - name: CHECK_FREQ + value: {{ .Values.collector.check_freq | quote }} + - name: NUM_COLLECTOR_THREADS + value: {{ .Values.collector.num_collector_threads | quote }} + - name: POOL_FULL_MAX_TRIES + value: {{ .Values.collector.pool_full_max_retries | quote }} + - name: SUB_COLLECTION_WARN + value: {{ .Values.collector.sub_collection_warn | quote }} + {{- if .Values.plugins.enabled }} + volumeMounts: + - name: agent-config + mountPath: /plugins.d + {{- end}} + - name: {{ template "name" . }}-forwarder-deployment + image: "{{ .Values.forwarder.image.repository }}:{{ .Values.forwarder.image.tag }}" + imagePullPolicy: {{ .Values.forwarder.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OS_AUTH_URL + value: {{ .Values.keystone.url | quote }} + - name: OS_USERNAME + value: {{ .Values.keystone.os_username | quote }} + - name: OS_USER_DOMAIN_NAME + value: {{ .Values.keystone.os_user_domain_name | quote }} + - name: OS_PASSWORD + value: {{ .Values.keystone.os_password | quote }} + - name: OS_PROJECT_NAME + value: {{ .Values.keystone.os_project_name | quote }} + - name: OS_PROJECT_DOMAIN_NAME + value: {{ .Values.keystone.os_project_domain_name | quote }} + - name: MONASCA_URL + value: {{ .Values.monasca_url | quote }} + - name: LOG_LEVEL + value: {{ .Values.log_level | quote }} + - name: INSECURE + value: {{ .Values.insecure | quote }} + - name: MAX_BATCH_SIZE + value: {{ .Values.forwarder.max_batch_size | quote }} + - name: MAX_MEASUREMENT_BUFFER_SIZE + value: {{ .Values.forwarder.max_measurement_buffer_size | quote }} + - name: BACKLOG_SEND_RATE + value: {{ .Values.forwarder.backlog_send_rate | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + - name: NON_LOCAL_TRAFFIC + value: {{ .Values.forwarder.non_local_traffic | quote }} + {{- if .Values.plugins.enabled }} + volumes: + - name: agent-config + configMap: + name: {{ template "fullname" . }} + {{- end}} + {{- if .Values.plugins.enabled }} + volumes: + - name: agent-config + configMap: + name: {{ template "fullname" . }} + {{- end}} diff --git a/monasca-agent/templates/role.yaml b/monasca-agent/templates/role.yaml new file mode 100644 index 00000000..34b762e3 --- /dev/null +++ b/monasca-agent/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rbac.enabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1alpha1 +metadata: + name: "{{ .Release.Name }}-role" +rules: + - apiGroups: ["", "extensions", "storage.k8s.io"] + verbs: ["get", "list"] + resources: + - namespaces + - pods + - replicasets + - deployments + - replicationcontrollers + - nodes + - services + - componentstatuses + - storageclasses +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1alpha1 +metadata: + name: "{{ .Release.Name }}-role-binding" +subjects: + - kind: ServiceAccount + name: default + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: ClusterRole + name: "{{ .Release.Name }}-role" + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/monasca-agent/values.yaml b/monasca-agent/values.yaml new file mode 100644 index 00000000..639d5e44 --- /dev/null +++ b/monasca-agent/values.yaml @@ -0,0 +1,56 @@ +name: agent +collector: + image: + repository: monasca/agent-collector + tag: master-20180112-162543 + pullPolicy: IfNotPresent + check_freq: 30 + num_collector_threads: 1 + pool_full_max_retries: 4 + sub_collection_warn: 6 +forwarder: + image: + repository: monasca/agent-forwarder + tag: master-20180206-002800 + pullPolicy: IfNotPresent + max_batch_size: 0 + max_measurement_buffer_size: -1 + backlog_send_rate: 5 + non_local_traffic: "true" +insecure: False +log_level: WARN +keystone: + os_username: mini-mon + os_user_domain_name: Default + os_password: password + os_project_name: mini-mon + os_project_domain_name: Default + url: http://keystone:35357/v3 +monasca_url: http://monasca-api:8070/v2.0 +prometheus: + auto_detect_pod_endpoints: true + auto_detect_service_endpoints: true + kubernetes_labels: 'app' + timeout: 3 +kubernetes_api: + kubernetes_labels: 'app' + timeout: 3 + storage: + report: true +kubernetes: + kubernetes_labels: 'app' + timeout: 3 +cadvisor: + enabled: true + timeout: 3 +resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 512Mi + cpu: 500m +plugins: + enabled: false +rbac: + enabled: false diff --git a/monasca-alarms/Chart.yaml b/monasca-alarms/Chart.yaml new file mode 100644 index 00000000..dfd58b75 --- /dev/null +++ b/monasca-alarms/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +description: A Helm chart for adding Alarms for Monasca +name: monasca-alarms +version: 0.0.1 +sources: +- https://wiki.openstack.org/wiki/Monasca +maintainers: +- name: Michael Hoppal + email: michael.jam.hoppal@hpe.com diff --git a/monasca-alarms/README.md b/monasca-alarms/README.md new file mode 100644 index 00000000..0424cdfc --- /dev/null +++ b/monasca-alarms/README.md @@ -0,0 +1,112 @@ +# Monasca-alarms + +## Alarms for Monasca components + +[Monasca](https://wiki.openstack.org/wiki/Monasca), an +[Openstack](https://www.openstack.org/) official project, is a scalable +monitoring as a service solution. It monitors services and systems by a push +model. The Monasca Agent will collect metrics from each node and push them to +the Monasca API. It will then be processed by separate microservices for +storing, alarming and notifications. The architecture can be viewed +[here](https://wiki.openstack.org/wiki/File:Monasca-arch-component-diagram.png) + +This chart adds alarms for the components of Monasca so Monasca can monitor +itself. However, some components failing, for example Kafka, will have no +alarms generated as the threshold engine requires kafka to be working. + +## QuickStart + +```bash +$ helm repo add monasca http://monasca.io/monasca-helm +$ helm install monasca/monasca --name monasca --namespace monitoring +$ helm install monasca/monasca-alarms --name monasca-alarms --namespace monitoring +``` + +## Introduction + +This chart adds Alarms for the components of a [Monasca](https://wiki.openstack.org/wiki/Monasca) +deployment on a Kubernetes cluster using the Helm Package manager. + +## Prerequisites + +- Kubernetes 1.4+ +- Monasca installed using Helm + +## Installing the Chart + +Monasca-alarms can either be installed from the [monasca.io](https://monasca.io/) helm repo or by source. + +### Installing via Helm repo (recommended) + +```bash +$ helm install monasca/monasca-alarms --name monasca-alarms --namespace monitoring +``` +Note: monasca-alarms must be installed in the same namespace as monasca + +### Installing via source + +```bash +$ helm repo add monasca http://monasca.io/monasca-helm +$ helm dependency update monasca-alarms +$ helm install monasca-alarms --name monasca-alarms --namespace monitoring +``` + +Either option will add the alarms for the components of Monasca on the Kubernetes cluster +with the default configuration. The [configuration](#configuration) section lists the parameters +that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and +deletes the release. + +### Default Alarms for components + +By default Monasca alarms will be created for Kafka and Zookeeper. + +## Configuration + +The following tables lists the configurable parameters of the Monasca alarms chart +broken down by microservice and their default values. + +Specify each parameter using the `--set key=value[,key=value]` argument to +`helm install`. For example, + +```console +$ helm install monasca-alarms --name my-release \ + --set kafka.start_periods=4 +``` + +Alternatively, a YAML file that specifies the values for the below parameters +can be provided while installing the chart. For example, + +```console +$ helm install monasca-alarms --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + + +### Kafka + +Parameter | Description | Default +--------- | ----------- | ------- +`kafka.enabled` | Kafka alarms enabled | `true` +`kafka.start_periods` | How many periods Kafka is not started before alarming | `3` +`kafka.running_periods` | How many periods Kafka is not running before alarming | `1` + +### Zookeeper + +Parameter | Description | Default +--------- | ----------- | ------- +`zookeeper.enabled` | Zookeeper alarms enabled | `true` +`zookeeper.start_periods` | How many periods Zookeeper is not started before alarming | `3` +`zookeeper.running_periods` | How many periods Zookeeper is not running before alarming | `1` diff --git a/monasca-alarms/templates/_helpers.tpl b/monasca-alarms/templates/_helpers.tpl new file mode 100644 index 00000000..f0d83d2e --- /dev/null +++ b/monasca-alarms/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/monasca-alarms/templates/alarms.yaml b/monasca-alarms/templates/alarms.yaml new file mode 100644 index 00000000..00c4e8a5 --- /dev/null +++ b/monasca-alarms/templates/alarms.yaml @@ -0,0 +1,68 @@ +{{- if .Values.kafka.enabled }} +--- +apiVersion: "monasca.io/v1" +kind: AlarmDefinition +metadata: + name: kafka-not-starting + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +alarmDefinitionSpec: + name: "Kafka not started" + expression: "avg(kafka_watcher_status) < 0 times {{ .Values.kafka.start_periods }}" + match_by: [] + description: "Kafka has not started in {{ .Values.kafka.start_periods }} minutes" + severity: "HIGH" +--- +apiVersion: "monasca.io/v1" +kind: AlarmDefinition +metadata: + name: kafka-not-running + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +alarmDefinitionSpec: + name: "Kafka not running" + expression: "avg(kafka_watcher_status) > 0 times {{ .Values.kafka.running_periods }}" + match_by: [] + description: "Kafka is not running for {{ .Values.kafka.running_periods }} minutes" + severity: "HIGH" +{{- end }} +{{- if .Values.zookeeper.enabled }} +--- +apiVersion: "monasca.io/v1" +kind: AlarmDefinition +metadata: + name: zookeeper-not-starting + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +alarmDefinitionSpec: + name: "Zookeeper not started" + expression: "avg(zookeeper_watcher_status) < 0 times {{ .Values.zookeeper.start_periods }}" + match_by: [] + description: "Zookeeper not started in {{ .Values.zookeeper.start_periods }} minutes" + severity: "HIGH" +--- +apiVersion: "monasca.io/v1" +kind: AlarmDefinition +metadata: + name: zookeeper-not-running + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +alarmDefinitionSpec: + name: "Zookeeper not running" + expression: "avg(zookeeper_watcher_status) > 0 times {{ .Values.zookeeper.running_periods }}" + match_by: [] + description: "Zookeeper is not running for {{ .Values.zookeeper.running_periods }} minutes" + severity: "HIGH" +{{- end }} diff --git a/monasca-alarms/values.yaml b/monasca-alarms/values.yaml new file mode 100644 index 00000000..d64ae94d --- /dev/null +++ b/monasca-alarms/values.yaml @@ -0,0 +1,9 @@ +kafka: + enabled: true + start_periods: 3 + running_periods: 1 + +zookeeper: + enabled: true + start_periods: 3 + running_periods: 1 diff --git a/monasca/.helmignore b/monasca/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/monasca/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/monasca/Chart.yaml b/monasca/Chart.yaml new file mode 100644 index 00000000..275b9fa3 --- /dev/null +++ b/monasca/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +description: A Helm chart for Monasca running in Kubernetes +name: monasca +version: 0.6.4 +sources: +- https://wiki.openstack.org/wiki/Monasca +maintainers: +- name: Tim Buckley + email: timothy.jas.buckley@hpe.com diff --git a/monasca/README.md b/monasca/README.md new file mode 100644 index 00000000..6289bea5 --- /dev/null +++ b/monasca/README.md @@ -0,0 +1,574 @@ +# Monasca + +## An Open-Source Monitoring as a Service at Scale solution + +[Monasca](https://wiki.openstack.org/wiki/Monasca), an +[Openstack](https://www.openstack.org/) official project, is a scalable +monitoring as a service solution. It monitors services and systems by a push +model. The Monasca Agent will collect metrics from each node and push them to +the Monasca API. It will then be processed by separate microservices for +storing, alarming and notifications. The architecture can be viewed +[here](https://wiki.openstack.org/wiki/File:Monasca-arch-component-diagram.png) + +## QuickStart + +```bash +$ helm repo add monasca http://monasca.io/monasca-helm +$ helm install monasca/monasca --name monasca --namespace monitoring +``` + +## Introduction + +This chart bootstraps a [Monasca](https://wiki.openstack.org/wiki/Monasca) +deployment on a Kubernetes cluster using the Helm Package manager. + +## Prerequisites + +- Kubernetes 1.4+ + +## Installing the Chart + +Monasca can either be install from the [monasca.io](https://monasca.io/) helm repo or by source. + +### Installing via Helm repo (recommended) + +```bash +$ helm repo add monasca http://monasca.io/monasca-helm +$ helm install monasca/monasca --name monasca --namespace monitoring +``` + +### Installing via source + +```bash +$ helm repo add monasca http://monasca.io/monasca-helm +$ helm dependency update monasca +$ helm install monasca --name monasca --namespace monitoring +``` + +Either option will bring up Monasca on the Kubernetes cluster with the default +configuration. The [configuration](#configuration) section lists the parameters +that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and +deletes the release. + +### Default monitoring + +By default Monasca will monitor pod workloads (CPU, Network, Memory, etc.) and Kubernetes health. + +It will also autodetect Prometheus Endpoints by looking for the following annotations on services and pods + +* prometheus.io/scrape: Only scrape pods that have a value of 'true' +* prometheus.io/path: If the metrics path is not '/metrics' override this. +* prometheus.io/port: Scrape the pod on the indicated port instead of the default of '9102'. + +More information on our monitoring within in Kubernetes can be found on +[monasca.io](http://monasca.io/docs/kubernetes.html) + +## Configuration + +The following tables lists the configurable parameters of the Monasca chart +broken down by microservice and their default values. + +Specify each parameter using the `--set key=value[,key=value]` argument to +`helm install`. For example, + +```console +$ helm install monasca --name my-release \ + --set persister.replicaCount=4 +``` + +Alternatively, a YAML file that specifies the values for the below parameters +can be provided while installing the chart. For example, + +```console +$ helm install monasca --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Helm Tests for Monasca + +We have two test suites that can be run via Helm Test. + +These are Smoke Tests and Tempest Tests. By default only Smoke Tests are enabled. + +In both tests, Monasca must be deployed or upgraded using helm and then once all +pods have been created and all jobs have succeeded the tests can be run. + +### Tempest Tests + +These tests run the [Monasca tempest tests](https://github.com/openstack/monasca-api/tree/master/monasca_tempest_tests) + +Prior to running helm tests you must enable the tempest tests by running: + +```console +$ helm upgrade monasca monasca/monasca --set tempest_tests.enabled=true +``` + +Due to the amount of time that it takes to run the tests, the timeout parameter +must be specified. The time required for the tests vary according to your hardware +and how loaded your system is. Test times as low as 600 seconds but up to 3100 seconds +have been seen. Use the command below, but replacing 900 with the timeout that +works for your system: + +```console +$ helm test monasca --timeout 900 +``` + +If your timeout is not long enough, then you will see a result like this: + +```console +RUNNING: monasca-tempest-tests-test-pod +UNKNOWN: monasca-tempest-tests-test-pod: timed out waiting for the condition +``` + +You must then wait for the pod monasca-tempest-tests-test-pod to exit +and check its logs and exit status. + +If the tests all succeed, the pod will exit 0, otherwise, it will exit 1. + +To run the tests again, the pod monasca-tempest-tests-test-pod must be deleted. + +The tests are very sensitive to name resolution problems so if your Kubernetes +cluster has any problems resolving services, random tests will fail. + +### Smoke Tests + +These tests run the [Monasca smoke tests](https://github.com/monasca/smoke-test) + +Since they are enabled by default you do not have to take an extra step to +enable them and can run: + +```console +$ helm test monasca +``` + +You must then wait for the pod monasca-smoke-tests-test-pod to exit +and check its logs and exit status. + +If the tests all succeed, the pod will exit 0, otherwise, it will exit 1. + +To run the tests again, the pod monasca-smoke-tests-test-pod must be deleted. + +### Agent + +Parameter | Description | Default +--------- | ----------- | ------- +`agent.name` | Agent container name | `agent` +`agent.deployment_enabled` | Agent deployment enabled | `true` +`agent.daemonset_enabled` | Agent daemonset enabled | `true` +`agent.termination_grace_period` | Agent grace period before force terminating | `30` +`agent.daemonset_toleration.enabled` | Agent daemonset toleration is enabled | `false` +`agent.daemonset_toleration.operator` | Agent daemonset toleration operator | `true` +`agent.daemonset_toleration.effect` | Agent daemonset toleration effect | `true` +`agent.collector.image.repository` | Agent Collector container image repository | `monasca/agent-collector` +`agent.collector.image.tag` | Agent Collector container image tag | `master-20170707-154334` +`agent.collector.image.pullPolicy` | Agent Collector container image pull policy | `IfNotPresent` +`agent.collector.check_freq` | How often to run metric collection in seconds | `30` +`agent.collector.num_collector_threads` | Number of threads to use in collector for running checks | `1` +`agent.collector.pool_full_max_retries` | Maximum number of collection cycles where all of the threads in the pool are still running plugins before the collector will exit | `4` +`agent.collector.sub_collection_warn` | Number of seconds a plugin collection time exceeds that causes a warning to be logged for that plugin | `6` +`agent.forwarder.image.repository` | Agent Forwarder container image repository | `monasca/agent-forwarder` +`agent.forwarder.image.tag` | Agent Forwarder container image tag | `master-20170615-204444` +`agent.forwarder.image.pullPolicy` | Agent Forwarder container image pull policy | `IfNotPresent` +`agent.forwarder.max_batch_size` | Maximum batch size of measurements to write to monasca-api, 0 is no limit | `0` +`agent.forwarder.max_measurement_buffer_size` | Maximum number of measurements to buffer when unable to communicate with the monasca-api (-1 means no limit)| `-1` +`agent.forwarder.backlog_send_rate` | Maximum number of messages to send at one time when communication with the monasca-api is restored | `5` +`agent.dimensions` | Default dimensions to attach to every metric being sent | `` +`agent.plugins.enabled` | Enable passing in agent plugins | `False` +`agent.plugins.config_files` | List of plugin yamls to be used with the agent | `` +`agent.insecure` | Insecure connection to Keystone and Monasca API | `False` +`agent.log_level` | Log level of agent log files | `WARN` +`agent.keystone.username` | Agent Keystone username | `mini-mon` +`agent.keystone.user_domain_name` | Agent Keystone user domain | `Default` +`agent.keystone.password` | Agent Keystone password | `password` +`agent.keystone.project_name` | Agent Keystone project name | `mini-mon` +`agent.keystone.project_domain_name` | Agent Keystone project domain | `Default` +`agent.namespace_annotations` | Namespace annotations to set as metrics dimensions | `` +`agent.prometheus.auto_detect_pod_endpoints` | Autodetect Prometheus endpoints for scraping by pods | `true` +`agent.prometheus.auto_detect_service_endpoints` | Autodetect Prometheus endpoints for scraping by services | `true` +`agent.prometheus.kubernetes_labels` | A list of Kubernetes labels to include as dimensions from gathered metrics | `app` +`agent.prometheus.timeout` | The Prometheus endpoint connection timeout | `3` +`agent.kubernetes_api.kubernetes_labels` | A list of Kubernetes labels to include as dimensions from gathered metrics | `app` +`agent.kubernetes_api.timeout` | The K8s API connection timeout | `3` +`agent.kubernetes_api.storage.report` | Report bound pvc capacity metrics per a storage class | `true` +`agent.kubernetes_api.storage.parameter_dimensions` | Storage class parameters as dimensions | `` +`agent.kubernetes.kubernetes_labels` | A list of Kubernetes labels to include as dimensions from gathered metrics | `app` +`agent.kubernetes.timeout` | The cAdvisor/Kubelet connection timeout | `3` +`agent.kubernetes.enable_minimum_whitelist` | Only report minimum set of pod metrics (cpu, memory) | `false` +`agent.cadvisor.enabled` | Enable host metrics from cAdvisor | `true` +`agent.cadvisor.timeout` | The cAdvisor connection timeout | `3` +`agent.cadvisor.enable_minimum_whitelist` | Only report minimum set of host metrics (cpu, memory) | `false` +`agent.resources.requests.memory` | Memory request per agent pod | `256Mi` +`agent.resources.requests.cpu` | CPU request per agent pod | `100m` +`agent.resources.limits.memory` | Memory limit per agent pod | `512Mi` +`agent.resources.limits.cpu` | Memory limit per agent pod | `500m` + +### Aggregator + +Parameter | Description | Default +--------- | ----------- | ------- +`aggregator.name` | Aggregator container name | `aggregation` +`aggregator.enabled` | Aggregator enabled | `true` +`aggregator.image.repository` | Aggregator container image repository | `rbrndt/test-agg` +`aggregator.image.tag` | Aggregator container image tag | `.0.1.1` +`aggregator.image.pullPolicy` | Aggregator container image pull policy | `IfNotPresent` +`aggregator.window_size` | Window size in seconds of metrics to aggregate on. | `60` +`aggregator.window_lag` | Lag in seconds outside the window to accept metrics into current aggregations | `2` + +### Alarms Init Job + +Parameter | Description | Default +--------- | ----------- | ------- +`alarms.name` | Alarms container name | `alarms` +`alarms.enabled` | Alarms init job enabled | `true` +`alarms.image.repository` | Alarms init job container image repository | `rbrndt/test-agg` +`alarms.image.tag` | Alarms init job container image tag | `1.1.1` +`alarms.image.pullPolicy` | Alarms init job container image pull policy | `IfNotPresent` +`alarms.wait.retries` | Number of attempts to create alarms before giving up | `24` +`alarms.wait.delay` | Seconds to wait between retries | `5` +`alarms.wait.timeout` | Attempt connection timeout in seconds | `10` +`alarms.keystone.username` | Monasca Keystone user | `mini-mon` +`alarms.keystone.user_domain_name` | Monasca Keystone user domain | `Default` +`alarms.keystone.password` | Monasca Keystone password | `password` +`alarms.keystone.project_name` | Monasca Keystone project name | `mini-mon` +`alarms.keystone.project_domain_name` | Monasca Keystone project domain | `Default` + +### API + +Parameter | Description | Default +--------- | ----------- | ------- +`api.name` | API container name | `api` +`api.image.repository` | API container image repository | `monasca/api` +`api.image.tag` | API container image tag | `master-prometheus` +`api.image.pullPolicy` | API container image pull policy | `IfNotPresent` +`api.resources.requests.memory` | Memory request per API pod | `256Mi` +`api.resources.requests.cpu` | CPU request per API pod | `250m` +`api.resources.limits.memory` | Memory limit per API pod | `1Gi` +`api.resources.limits.cpu` | Memory limit per API pod | `2000m` +`api.replicaCount` | API pod replica count | `1` +`api.keystone.admin_password` | Keystone admin account password | `secretadmin` +`api.keystone.admin_user` | Keystone admin account user | `admin` +`api.keystone.admin_tenant` | Keystone admin account tenant | `admin` +`api.influxdb.user` | The influx username | `mon_api` +`api.influxdb.password` | The influx password | `password` +`api.influxdb.database` | The influx database | `mon` +`api.gunicorn_workers` | Number of gunicorn api workers | `1` +`api.service.port` | API service port | `8070` +`api.service.type` | API service type | `ClusterIP` +`api.service.node_port` | API node port if service type is set to NodePort | `` +`api.logging.log_level_root` | The level of the root logger | `WARN` +`api.logging.log_level_console` | Minimum level for console output | `WARN` +`api.mysql_disabled` | Disable requirement on mysql for API | `false` +`api.mysql_wait_retries` | Retries for mysql available checks | +`api.auth_disabled` | Disable Keystone authentication | `false` +`api.authorized_roles` | Roles for admin Users | `user, domainuser, domainadmin, monasca-user` +`api.side_container.enabled` | Enable API side container that collects metrics from the API and exposes as a Prometheus endpoint | `true` +`api.side_container.image.repository` | API side container image repository | `timothyb89/monasca-sidecar` +`api.side_container.image.tag` | API side container image tag | `1.0.0` +`api.side_container.image.pullPolicy` | API side container image pull policy | `IfNotPresent` +`api.side_container.resources.requests.memory` | Memory request per API side container | `128Mi` +`api.side_container.resources.requests.cpu` | CPU request per API side container | `50m` +`api.side_container.resources.limits.memory` | Memory limit per API side container | `256Mi` +`api.side_container.resources.limits.cpu` | Memory limit per API side container | `100m` + +### Client + +Parameter | Description | Default +--------- | ----------- | ------- +`client.name` | Client container name | `client` +`client.enabled` | Enable deploying client | `false` +`client.image.repository` | Client container image repository | `rbrndt/python-monascaclient` +`client.image.tag` | Client container image tag | `1.6.0` +`client.image.pullPolicy` | Client container image pull policy | `IfNotPresent` +`client.keystone.username` | Keystone user | `mini-mon` +`client.keystone.user_domain_name` | Keystone user domain | `Default` +`client.keystone.password` | Keystone password | `password` +`client.keystone.project_name` | Keystone project name | `mini-mon` +`client.keystone.project_domain_name` | Keystone project domain | `Default` + +### Forwarder + +Parameter | Description | Default +--------- | ----------- | ------- +`forwarder.name` | Forwarder container name | `forwarder` +`forwarder.image.repository` | Forwarder container image repository | `monasca/forwarder` +`forwarder.image.tag` | Forwarder container image tag | `master` +`forwarder.image.pullPolicy` | Forwarder container image pull policy | `IfNotPresent` +`forwarder.insecure` | Insecure connection to Monasca API | `False` +`forwarder.enabled` | Enable deploying the forwarder | `false` +`forwarder.replicaCount` | Replica count of Forwarder pods | `1` +`forwarder.logging.debug` | Enable debug logging | `false` +`forwarder.logging.verbose` | Enable verbose logging | `true` +`forwarder.config.remote_api_url` | Versioned monasca api url to forward metrics to | `http://monasca:8070/v2.0` +`forwarder.config.monasca_project_id` | Project ID to forward metrics under | `3564760a3dd44ae9bd6618d442fd758c` +`forwarder.config.use_insecure` | Use insecure when forwarding metrics | `false` +`forwarder.config.monasca_role` | Role to forward metrics under | `monasca-agent` +`forwarder.resources.requests.memory` | Memory request per forwarder pod | `128Mi` +`forwarder.resources.requests.cpu` | CPU request per forwarder pod | `50m` +`forwarder.resources.limits.memory` | Memory limit per forwarder pod | `256Mi` +`forwarder.resources.limits.cpu` | Memory limit per forwarder pod | `100m` + +### Grafana + +Parameter | Description | Default +--------- | ----------- | ------- +`grafana.name` | Grafana container name | `grafana` +`granfa.enabled` | Grafana enabled | `true` +`grafana.simple_name` | Whether to use `grafana.name` without prepending with `.Release.Name` | `false` +`grafana.image.repository` | Grafana container image repository | `monasca/grafana` +`grafana.image.tag` | Grafana container image tag | `4.1.0-pre1-1.0.0` +`grafana.image.pullPolicy` | Grafana container image pull policy | `IfNotPresent` +`grafana.service.port` | Grafana service port | `3000` +`grafana.service.type` | Grafana service type | `NodePort` +`grafana.resources.requests.memory` | Memory request per grafana pod | `64Mi` +`grafana.resources.requests.cpu` | CPU request per grafana pod | `50m` +`grafana.resources.limits.memory` | Memory limit per grafana pod | `128Mi` +`grafana.resources.limits.cpu` | Memory limit per grafana pod | `100m` + +### Keystone + +Parameter | Description | Default +--------- | ----------- | ------- +`keystone.name` | Keystone container name | `keystone` +`keystone.enabled` | Keystone enable flag. If false each micro service using keystone will use the override keystone variables | `true` +`keystone.override.public_url` | Keystone external url for public endpoint | `http://keystone:35357` +`keystone.override.admin_url` | Keystone external url for admin endpoint | `http://keystone:5000` +`keystone.image.repository` | Keystone container image repository | `monasca/keystone` +`keystone.image.tag` | Keystone container image tag | `1.0.7` +`keystone.image.pullPolicy` | Keystone container image pull policy | `IfNotPresent` +`keystone.bootstrap.user` | Keystone bootstrap username | `admin` +`keystone.bootstrap.password` | Keystone bootstrap password | `secretadmin` +`keystone.bootstrap.project` | Keystone bootstrap project | `admin` +`keystone.bootstrap.role` | Keystone bootstrap role | `admin` +`keystone.bootstrap.service` | Keystone bootstrap service | `keystone` +`keystone.bootstrap.region` | Keystone bootstrap region | `RegionOne` +`keystone.database_backend` | Keystone backend database | `mysql` +`keystone.mysql.database` | Keystone mysql database | `keystone` +`keystone.replicaCount` | Keystone pod replicas | `1` +`keystone.service.type` | Keystone service type | `ClusterIP` +`keystone.service.port` | Keystone service port | `35357` +`keystone.service.admin_port` | Keystone admin service port | `5000` +`keystone.service.admin_node_port` | Keystone admin service node port if service type is NodePort | `` +`keystone.service.node_port` | Keystone service node port if service type is NodePort | `` +`keystone.users.mini_mon.password` | Keystone container image pull policy | `password` +`keystone.users.monasca_agent.password` | Keystone container image pull policy | `password` +`keystone.users.admin.password` | Keystone container image pull policy | `secretadmin` +`keystone.users.demo.password` | Keystone container image pull policy | `secretadmin` +`keystone.users.monasca_read_only.password` | Keystone container image pull policy | `password` +`keystone.resources.requests.memory` | Memory request per keystone pod | `256Mi` +`keystone.resources.requests.cpu` | CPU request per keystone pod | `100m` +`keystone.resources.limits.memory` | Memory limit per keystone pod | `1Gi` +`keystone.resources.limits.cpu` | Memory limit per keystone pod | `500m` + + +### Influxdb + +Parameter | Description | Default +----------|-------------|-------- +`influxdb.enabled` | Influxdb enabled | `true` +`influxdb.imageTag` | Tag to use from `library/mysql` | `5.6` +`influxdb.image.repository` | docker repository for influxdb | `influxdb` +`influxdb.imagePullPolicy` | K8s pull policy for influxdb image | `IfNotPresent` +`influxdb.persistence.enabled` | If `true`, enable persistent storage | `false` +`influxdb.persistence.storageClass` | K8s storage class to use for persistence | `default` +`influxdb.persistence.accessMode` | PVC access mode | `ReadWriteOnce` +`influxdb.persistence.size` | PVC request size | `100Gi` +`influxdb.resources.requests.memory` | Memory request | `256Mi` +`influxdb.resources.requests.cpu` | CPU request | `100m` +`influxdb.resources.limits.memory` | Memory limit | `16Gi` +`influxdb.resources.limits.cpu` | CPU limit | `500m` +`influxdb.config.http.bind_address` | API Port| `8086` +`influxdb.config.data.cache_max_memory_size` | CPU limit | `1073741824` + + +### Influxdb Init Job + +Parameter | Description | Default +--------- | ----------- | ------- +`influx_init.enabled` | Influxdb initialization job enabled | `true` +`influx_init.image.repository` | docker repository for influx init | `monasca/influxdb-init` +`influx_init.image.tag` | Docker image tag | `1.0.0` +`influx_init.image.pullPolicy` | Kubernetes pull policy for image | `IfNotPresent` +`influx_init.shard_duration` | Influxdb shard duration | `1d` +`influx_init.default_retention` | Influxdb retention | `INF` + +### MySQL + +Parameter | Description | Default +----------|-------------|-------- +`mysql.enabled` | MySQL enabled | `true` +`mysql.imageTag` | Tag to use from `library/mysql` | `5.6` +`mysql.imagePullPolicy` | K8s pull policy for mysql image | `IfNotPresent` +`mysql.persistence.enabled` | If `true`, enable persistent storage | `false` +`mysql.persistence.storageClass` | K8s storage class to use for persistence | `default` +`mysql.persistence.accessMode` | PVC access mode | `ReadWriteOnce` +`mysql.persistence.size` | PVC request size | `10Gi` +`mysql.resources.requests.memory` | Memory request | `256Mi` +`mysql.resources.requests.cpu` | CPU request | `100m` +`mysql.resources.limits.memory` | Memory limit | `1Gi` +`mysql.resources.limits.cpu` | CPU limit | `500m` +`mysql.users.keystone.username` | Keystone MySQL username | `keystone` +`mysql.users.keystone.password` | Keystone MySQL password | `keystone` +`mysql.users.api.username` | API MySQL username | `monapi` +`mysql.users.api.password` | API MySQL password | `password` +`mysql.users.notification.username` | Notification MySQL username | `notification` +`mysql.users.notification.password` | Notification MySQL password | `password` +`mysql.users.thresh.username` | Thresh MySQL username | `thresh` +`mysql.users.thresh.password` | Thresh MySQL password | `password` +`mysql.users.grafana.username` | Grafana MySQL username | `grafana` +`mysql.users.grafana.password` | Grafana MySQL password | `password` + +### MySQL Init Job + +Parameter | Description | Default +--------- | ----------- | ------- +`mysql_init.enabled` | MySQL initialization job enabled | `true` +`mysql_init.image.repository` | docker repository for mysql-init | `monasca/mysql-init` +`mysql_init.image.tag` | Docker image tag | `1.2.0` +`mysql_init.image.pullPolicy` | Kubernetes pull polify for image | `IfNotPresent` +`mysql_init.disable_remote_root` | If `true`, disable root account after init finishes successfully | `true` +`mysql_init.keystone_db_enabled` | Setup Keystone Database. Use `false` with an external Keystone | `true` +`mysql_init.create_mon_users` | Create the Database users for Monasca | `true` +`mysql_init.grafana_db_enabled` | Setup Grafana Database | `true` + +### Notification + +Parameter | Description | Default +--------- | ----------- | ------- +`notification.name` | Notification container name | `notification` +`notification.enabled` | Notification engine enabled flag | `true` +`notification.image.repository` | Notification container image repository | `monasca/notification` +`notification.image.tag` | Notification container image tag | `master` +`notification.image.pullPolicy` | Notification container image pull policy | `IfNotPresent` +`notification.replicaCount` | Notification pod replica count | `1` +`notification.log_level` | Notification log level | `WARN` +`notification.plugins` | Notification plugins enabled | `pagerduty,webhook` +`notification.plugin_config.email.defined` | Notification email plugin configuration is defined | `false` +`notification.plugin_config.email.server` | SMTP server address | `` +`notification.plugin_config.email.port` | SMTP server port | `` +`notification.plugin_config.email.user` | SMTP username | `` +`notification.plugin_config.email.password` | SMTP password | `` +`notification.plugin_config.email.from_addr` | "from" field for emails sent, e.g. "Name" | `` +`notification.plugin_config.webhook.timeout` | Webhook timeout | `5` +`notification.plugin_config.hipchat.ssl_certs` | Path to SSL certs | `` +`notification.plugin_config.hipchat.timeout` | Hipchat timeout | `5` +`notification.plugin_config.hipchat.insecure` | Insecure when sending to Hipchat | `` +`notification.plugin_config.hipchat.proxy` | if set, use the given HTTP(S) proxy server to send Hipchat notifications | `` +`notification.plugin_config.slack.timeout` | Notification slack timeout | `5` +`notification.plugin_config.slack.certs` | Path to Slack certs | `` +`notification.plugin_config.slack.insecure` | Insecure when sending to Slack | `` +`notification.plugin_config.slack.proxy` | if set, use the given HTTP(S) proxy server to send Slack notifications | `` +`notification.resources.requests.memory` | Memory request per notification pod | `128Mi` +`notification.resources.requests.cpu` | CPU request per notification pod | `50m` +`notification.resources.limits.memory` | Memory limit per notification pod | `256Mi` +`notification.resources.limits.cpu` | Memory limit per notification pod | `100m` + +### Persister + +Parameter | Description | Default +--------- | ----------- | ------- +`persister.name` | Persister container name | `persister` +`persister.image.repository` | Persister container image repository | `monasca/persister` +`persister.image.tag` | Persister container image tag | `master` +`persister.image.pullPolicy` | Persister container image pull policy | `IfNotPresent` +`persister.replicaCount` | Persister pod replica count | `1` +`persister.influxdb.user` | Persister influx username | `mon_persister` +`persister.influxdb.password` | Persister influx password | `password` +`persister.influxdb.database` | Persister influx database | `mon` +`persister.logging.debug` | Persister debug logging enabled | `false` +`persister.logging.verbose` | Persister verbose logging enabled | `true` +`persister.resources.requests.memory` | Memory request per persister pod | `128Mi` +`persister.resources.requests.cpu` | CPU request per persister pod | `50m` +`persister.resources.limits.memory` | Memory limit per persister pod | `256Mi` +`persister.resources.limits.cpu` | Memory limit per persister pod | `100m` + +### Threshold Engine + +Parameter | Description | Default +--------- | ----------- | ------- +`thresh.name` | Thresh container name | `thresh` +`thresh.image.repository` | Thresh container image repository | `monasca/thresh` +`thresh.image.tag` | Thresh container image tag | `master` +`thresh.image.pullPolicy` | Thresh container image pull policy | `IfNotPresent` +`thresh.use_local` | Run in local mode | `true` +`thresh.secretSuffix` | MySQL secret suffix | `mysql-thresh-secret` +`thresh.spout.metricSpoutThreads` | Amount of metric spout threads | `2` +`thresh.spout.metricSpoutTasks` | Amount of metric spout tasks | `2` +`thresh.wait.retries` | Number of startup connection attempts to make before giving up | `24` +`thresh.wait.delay` | Seconds to wait between retries | `5` +`thresh.wait.timeout` | Attempt connection timeout in seconds | `10` +`thresh.memory_ratio` | Ratio of memory to reserve for the JVM out of cgroup limit | `.85` +`thresh.stack_size` | JVM stack size | `1024k` + +Storm-specific options are documented in the +[Storm chart](https://github.com/hpcloud-mon/monasca-helm/tree/master/storm). + +Storm is disabled and the Threshold Engine is run without Storm by default. To run the Threshold +Engine with Storm, set storm.enabled to true and thresh.enabled to false. + +### Tempest Tests + +Parameter | Description | Default +--------- | ----------- | ------- +`tempest_test.name` | Tempest Test container name | `tempest-tests` +`tempest_test.enabled` | If True, run Tempest Tests | `False` +`tempest_tests.image.repository` | Tempest Test container image repository | `monasca/tempest-tests` +`tempest_tests.image.tag` | Tempest Test container image tag | `1.0.0` +`tempest_tests.image.pullPolicy` | Tempest Test container image pull policy | `IfNotPresent` +`tempest_test.wait.enabled`| Enable Monasca API available checks | `True` +`tempest_test.wait.retries`| Retries for Monasca API available checks | `24` +`tempest_test.wait.delay` | Sleep time between Monasca API retries | `5` +`tempest_test.keystone.os_password` Password for Keystone User | `password` +`tempest_test.keystone.os_project_domain_name` | User Project Domain Name | `Default` +`tempest_test.keystone.os_project_name` | User Project Name | `mini-mon` +`tempest_test.keystone.os_username` | Keystone User Name | `mini-mon` +`tempest_test.keystone.os_tenant_name` | Keystone User Tenant(Project) Name | `mini-mon` +`tempest_test.keystone.os_domain_name` | Keystone User Domain Name | `Default` +`tempest_test.keystone.alt_username` | Alternate User Name | `mini-mon` +`tempest_test.keystone.alt_password` | Alternate User Password | `password` +`tempest_test.keystone.auth_use_ssl` | Use https for keystone Auth URI | `False` +`tempest_test.keystone.keystone_server` | Keystone Server Name | `keystone` +`tempest_test.keystone.keystone_port` | Keystone Server Port | `35357` +`tempest_test.keystone.use_dynamic_creds` | Whether to recreate creds for each test run | `True` +`tempest_test.keystone.admin_username` | Keystone Admin Domain Name | `mini-mon` +`tempest_test.keystone.admin_password` | Keystone Admin Domain Name | `password` +`tempest_test.keystone.admin_domain_name` | Keystone Admin Domain Name | `Default` +`tempest_test.keystone.ostestr_regex` | Selects which tests to run | `monasca_tempest_tests` +`tempest_test.keystone.stay_alive_on_failure` | If true, container runs 2 hours after tests fail | False + +### Smoke Tests + +Parameter | Description | Default +--------- | ----------- | ------- +`smoke_tests.name` | Smoke Test container name | `smoke-tests` +`smoke_tests.enabled` | If True, run Smoke Test when using helm test | `True` +`smoke_tests.image.repository` | Smoke Test container image repository | `monasca/smoke-tests` +`smoke_tests.image.tag` | Smoke Test container image tag | `1.0.0` +`smoke_tests.image.pullPolicy` | Smoke Test container image pull policy | `IfNotPresent` +`smoke_tests.keystone.username`| Keystone User Name | `mini-mon` +`smoke_tests.keystone.password`| Keystone User Tenant Name | `mini-mon` +`smoke_tests.keystone.tenant_name` | Keystone Domain name | `Default` + +### Alarm Definition Controller + +Parameter | Description | Default +--------- | ----------- | ------- +`alarm_definition_controller.name` | Alarm Definition Controller container name | `alarm-definition-controller` +`alarm_definition_controller.resource_enabled` | If True, create Alarm Definition third party resource | `True` +`alarm_definition_controller.controller_enabled` | If True, create Alarm Definition Controller | `True` +`alarm_definition_controller.image.repository` | Alarm Definition Controller container image repository | `monasca/alarm-definition-controller` +`alarm_definition_controller.image.tag` | Alarm Definition Controller container image tag | `1.0.0` +`alarm_definition_controller.image.pullPolicy` | Alarm Definition Controller container image pull policy | `IfNotPresent` +`alarm_definition_controller.version` | Alarm Definition Controller version | `v1` diff --git a/monasca/requirements.yaml b/monasca/requirements.yaml new file mode 100644 index 00000000..0d357202 --- /dev/null +++ b/monasca/requirements.yaml @@ -0,0 +1,21 @@ +dependencies: + - name: influxdb + version: 0.6.2-0.0.2 + condition: 'influxdb.enabled, global.influxdb.enabled' + repository: 'http://monasca.io/monasca-helm/' + - name: mysql + version: 0.2.4 + condition: 'mysql.enabled, global.mysql.enabled' + repository: 'https://kubernetes-charts.storage.googleapis.com/' + - name: kafka + version: 0.4.2 + condition: 'kafka.enabled, global.kafka.enabled' + repository: 'http://monasca.io/monasca-helm/' + - name: storm + version: 0.5.3 + condition: 'storm.enabled, global.storm.enabled' + repository: 'http://monasca.io/monasca-helm/' + - name: zookeeper + version: 0.3.8 + condition: 'zookeeper.enabled, global.zookeeper.enabled' + repository: 'http://monasca.io/monasca-helm/' diff --git a/monasca/templates/_helpers.tpl b/monasca/templates/_helpers.tpl new file mode 100644 index 00000000..5f5ac3a8 --- /dev/null +++ b/monasca/templates/_helpers.tpl @@ -0,0 +1,160 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified agent name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "agent.fullname" -}} +{{- printf "%s-%s" .Release.Name "agent" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified agent name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "aggregator.fullname" -}} +{{- printf "%s-%s" .Release.Name "aggregator" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified api name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "api.fullname" -}} +{{- printf "%s-%s" .Release.Name "api" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified forwarder name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "forwarder.fullname" -}} +{{- printf "%s-%s" .Release.Name "forwarder" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified grafana name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "grafana.fullname" -}} +{{- printf "%s-%s" .Release.Name "grafana" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified kafka name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "kafka.fullname" -}} +{{- printf "%s-%s" .Release.Name "kafka" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified keystone name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "keystone.fullname" -}} +{{- printf "%s-%s" .Release.Name "keystone" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified notification name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "notification.fullname" -}} +{{- printf "%s-%s" .Release.Name "notification" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified persister name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "persister.fullname" -}} +{{- printf "%s-%s" .Release.Name "persister" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified storm-supervisor name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "thresh.fullname" -}} +{{- printf "%s-%s" .Release.Name "thresh" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified zookeeper name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "zookeeper.fullname" -}} +{{- printf "%s-%s" .Release.Name "zookeeper" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified client name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "client.fullname" -}} +{{- printf "%s-%s" .Release.Name "client" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified cleanup name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "cleanup.fullname" -}} +{{- printf "%s-%s" .Release.Name "cleanup" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified alarms name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "alarms.fullname" -}} +{{- printf "%s-%s" .Release.Name "alarms" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified tempest test name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "tempest_tests.fullname" -}} +{{- printf "%s-%s" .Release.Name "tempest-tests" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified smoke tests name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "smoke_tests.fullname" -}} +{{- printf "%s-%s" .Release.Name "smoke-tests" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified memcached name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "memcached.fullname" -}} +{{- printf "%s-%s" .Release.Name "memcached" | trunc 63 -}} +{{- end -}} + +{{/* +Create a fully qualified alarm definition controller name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "alarm_definition_controller.fullname" -}} +{{- printf "%s-%s" .Release.Name "adc" | trunc 63 -}} +{{- end -}} diff --git a/monasca/templates/_secret_env.tpl b/monasca/templates/_secret_env.tpl new file mode 100644 index 00000000..9dc02d29 --- /dev/null +++ b/monasca/templates/_secret_env.tpl @@ -0,0 +1,155 @@ +{{- /* +Read a single optional secret or string from values into an `env` `value:` or +`valueFrom:`, depending on the user-defined content of the value. + +Example: + - name: OS_AUTH_URL + {{ template "monasca_secret_env" .Values.auth.url }} + +Note that unlike monasca_keystone_env, secret_key can not have any default +values. + +Make sure to change the name of this template when copying to keep it unique, +e.g. chart_name_secret_env. +*/}} +{{- define "monasca_secret_env" }} +{{- if eq (kindOf .) "map" }} +valueFrom: + secretKeyRef: + name: "{{ .secret_name }}" + key: "{{ .secret_key }}" +{{- else }} +value: "{{ . }}" +{{- end }} +{{- end }} + +{{- /* +Generate a list of environment vars for Keystone Auth + +Example: + env: +{{ include "monasca_keystone_env" .Values.my_pod.auth | indent 4 }} + +(indent level should be adjusted as necessary) + +Make sure to change the name of this template when copying to keep it unique, +e.g. chart_name_keystone_env. + +Note that monasca_secret_env is not used here because we want to provide +default key names. + +Note: this template does NOT set OS_AUTH_URL, since we may need to reference our +internal Keystone URL and Helm cannot pass more than one variable at once. +*/}} +{{- define "monasca_keystone_env" -}} +{{- if .api_version }} +- name: OS_IDENTITY_API_VERSION + value: "{{ .api_version }}" +{{- end }} +{{- if .domain_name }} +- name: OS_DOMAIN_NAME +{{- if eq (kindOf .domain_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .domain_name.secret_name }}" + key: "{{ .domain_name.secret_key | default "OS_DOMAIN_NAME" }}" +{{- else }} + value: "{{ .domain_name }}" +{{- end }} +{{- end }} +- name: OS_USERNAME +{{- if eq (kindOf .username) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .username.secret_name }}" + key: "{{ .username.secret_key | default "OS_USERNAME" }}" +{{- else }} + value: "{{ .username }}" +{{- end }} +- name: OS_PASSWORD +{{- if eq (kindOf .password) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .password.secret_name }}" + key: "{{ .password.secret_key | default "OS_PASSWORD" }}" +{{- else }} + value: "{{ .password }}" +{{- end }} +{{- if .user_domain_name }} +- name: OS_USER_DOMAIN_NAME +{{- if eq (kindOf .user_domain_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .user_domain_name.secret_name }}" + key: "{{ .user_domain_name.secret_key | default "OS_USER_DOMAIN_NAME" }}" +{{- else }} + value: "{{ .user_domain_name }}" +{{- end }} +{{- end }} +{{- if .project_name }} +- name: OS_PROJECT_NAME +{{- if eq (kindOf .project_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .project_name.secret_name }}" + key: "{{ .project_name.secret_key | default "OS_PROJECT_NAME" }}" +{{- else }} + value: "{{ .project_name }}" +{{- end }} +{{- end }} +{{- if .project_domain_name }} +- name: OS_PROJECT_DOMAIN_NAME +{{- if eq (kindOf .project_domain_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .project_domain_name.secret_name }}" + key: "{{ .project_domain_name.secret_key | default "OS_PROJECT_DOMAIN_NAME" }}" +{{- else }} + value: "{{ .project_domain_name }}" +{{- end }} +{{- end }} +{{- if .tenant_name }} +- name: OS_TENANT_NAME +{{- if eq (kindOf .tenant_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .tenant_name.secret_name }}" + key: "{{ .tenant_name.secret_key | default "OS_TENANT_NAME" }}" +{{- else }} + value: "{{ .tenant_name }}" +{{- end }} +{{- end }} +{{- if .tenant_id }} +- name: OS_TENANT_ID +{{- if eq (kindOf .tenant_id) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .tenant_id.secret_name }}" + key: "{{ .tenant_id.secret_key | default "OS_TENANT_ID" }}" +{{- else }} + value: "{{ .tenant_id }}" +{{- end }} +{{- end }} +{{- if .region_name }} +- name: OS_REGION_NAME +{{- if eq (kindOf .region_name) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .region_name.secret_name }}" + key: "{{ .region_name.secret_key | default "OS_REGION_NAME" }}" +{{- else }} + value: "{{ .region_name }}" +{{- end }} +{{- end }} +{{- if .auth_type }} +- name: OS_AUTH_TYPE +{{- if eq (kindOf .auth_type) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .auth_type.secret_name }}" + key: "{{ .auth_type.secret_key | default "OS_AUTH_TYPE" }}" +{{- else }} + value: "{{ .auth_type }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/monasca/templates/agent-clusterrole.yaml b/monasca/templates/agent-clusterrole.yaml new file mode 100644 index 00000000..b00ed851 --- /dev/null +++ b/monasca/templates/agent-clusterrole.yaml @@ -0,0 +1,30 @@ +{{- if and (.Values.rbac.create) (not .Values.agent.serviceAccount) }} +kind: ClusterRole +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +metadata: + name: "{{ template "agent.fullname" . }}" +rules: + - apiGroups: ["", "extensions", "storage.k8s.io"] + verbs: ["get", "list"] + resources: + - namespaces + - pods + - replicasets + - deployments + - replicationcontrollers + - nodes + - services + - componentstatuses + - storageclasses + - apiGroups: ["", "batch", "extensions", "storage.k8s.io"] + verbs: ["get", "list", "delete"] + resources: + - jobs + - pods +{{- end }} diff --git a/monasca/templates/agent-clusterrolebinding.yaml b/monasca/templates/agent-clusterrolebinding.yaml new file mode 100644 index 00000000..616ceb90 --- /dev/null +++ b/monasca/templates/agent-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and (.Values.rbac.create) (not .Values.agent.serviceAccount) }} +kind: ClusterRoleBinding +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +metadata: + name: "{{ template "agent.fullname" . }}" +subjects: + - kind: ServiceAccount + name: "{{ template "agent.fullname" . }}" + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: ClusterRole + name: "{{ template "agent.fullname" . }}" + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/monasca/templates/agent-configmap.yaml b/monasca/templates/agent-configmap.yaml new file mode 100644 index 00000000..eb88ea86 --- /dev/null +++ b/monasca/templates/agent-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.agent.plugins.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "agent.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.agent.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{ toYaml .Values.agent.plugins.config_files | indent 2 }} +{{- end}} diff --git a/monasca/templates/agent-daemonset.yaml b/monasca/templates/agent-daemonset.yaml new file mode 100644 index 00000000..4ca6ea5b --- /dev/null +++ b/monasca/templates/agent-daemonset.yaml @@ -0,0 +1,159 @@ +{{- if .Values.agent.daemonset_enabled }} +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "agent.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.agent.name }}-daemonset" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + component: "{{ .Values.agent.name }}-daemonset" + app: {{ template "fullname" . }} + spec: + {{- if .Values.agent.daemonset_toleration.enabled }} + tolerations: + - operator: "{{ .Values.agent.daemonset_toleration.operator }}" + effect: "{{ .Values.agent.daemonset_toleration.effect }}" + {{- end }} + terminationGracePeriodSeconds: {{ .Values.agent.termination_grace_period }} + containers: + - name: collector + image: "{{ .Values.agent.collector.image.repository }}:{{ .Values.agent.collector.image.tag }}" + imagePullPolicy: {{ .Values.agent.collector.image.pullPolicy }} + resources: +{{ toYaml .Values.agent.resources | indent 12 }} + env: + - name: KEYSTONE_DEFAULTS_ENABLED + value: "{{ .Values.agent.keystone.defaults_enabled }}" + - name: OS_AUTH_URL + {{- if .Values.agent.keystone.url }} + {{- if eq (kindOf .Values.agent.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.agent.keystone.url.secret_name }}" + key: "{{ .Values.agent.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.agent.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.agent.keystone | indent 12 }} + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES + value: "true" + - name: KUBERNETES_TIMEOUT + value: {{ .Values.agent.kubernetes.timeout | quote }} + - name: KUBERNETES_LABELS + value: {{ .Values.agent.kubernetes.kubernetes_labels | quote }} + - name: PROMETHEUS + value: {{ .Values.agent.prometheus.auto_detect_pod_endpoints | quote }} + - name: PROMETHEUS_TIMEOUT + value: {{ .Values.agent.prometheus.timeout | quote }} + - name: PROMETHEUS_DETECT_METHOD + value: pod + - name: PROMETHEUS_KUBERNETES_LABELS + value: {{ .Values.agent.prometheus.kubernetes_labels | quote }} + - name: CADVISOR + value: {{ .Values.agent.cadvisor.enabled | quote }} + - name: CADVISOR_TIMEOUT + value: {{ .Values.agent.cadvisor.timeout | quote }} + - name: LOG_LEVEL + value: {{ .Values.agent.log_level | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + {{- if .Values.agent.namespace_annotations }} + - name: KUBERNETES_NAMESPACE_ANNOTATIONS + value: {{ .Values.agent.namespace_annotations | quote}} + {{- end}} + {{- if .Values.agent.dimensions }} + - name: DIMENSIONS + value: {{ .Values.agent.dimensions | quote}} + {{- end}} + - name: CHECK_FREQ + value: {{ .Values.agent.collector.check_freq | quote }} + - name: NUM_COLLECTOR_THREADS + value: {{ .Values.agent.collector.num_collector_threads | quote }} + - name: POOL_FULL_MAX_TRIES + value: {{ .Values.agent.collector.pool_full_max_retries | quote }} + - name: SUB_COLLECTION_WARN + value: {{ .Values.agent.collector.sub_collection_warn | quote }} + {{- if .Values.agent.cadvisor.enable_minimum_whitelist }} + - name: CADVISOR_MINIMUM_WHITELIST + value: "true" + {{- end }} + {{- if .Values.agent.kubernetes.enable_minimum_whitelist }} + - name: KUBERNETES_MINIMUM_WHITELIST + value: "true" + {{- end }} + - name: forwarder + image: "{{ .Values.agent.forwarder.image.repository }}:{{ .Values.agent.forwarder.image.tag }}" + imagePullPolicy: {{ .Values.agent.forwarder.image.pullPolicy }} + resources: +{{ toYaml .Values.agent.resources | indent 12 }} + env: + - name: KEYSTONE_DEFAULTS_ENABLED + value: "{{ .Values.agent.keystone.defaults_enabled }}" + - name: OS_AUTH_URL + {{- if .Values.agent.keystone.url }} + {{- if eq (kindOf .Values.agent.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.agent.keystone.url.secret_name }}" + key: "{{ .Values.agent.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.agent.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.agent.keystone | indent 12 }} + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MONASCA_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0" + - name: LOG_LEVEL + value: {{ .Values.agent.log_level | quote }} + - name: INSECURE + value: {{ .Values.agent.insecure | quote }} + - name: MAX_BATCH_SIZE + value: {{ .Values.agent.forwarder.max_batch_size | quote }} + - name: MAX_MEASUREMENT_BUFFER_SIZE + value: {{ .Values.agent.forwarder.max_measurement_buffer_size | quote }} + - name: BACKLOG_SEND_RATE + value: {{ .Values.agent.forwarder.backlog_send_rate | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + - name: NON_LOCAL_TRAFFIC + value: {{ .Values.agent.forwarder.non_local_traffic | quote }} + {{- if .Values.agent.serviceAccount }} + serviceAccountName: {{ .Values.agent.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "agent.fullname" . }}" + {{- end }} +{{- end}} diff --git a/monasca/templates/agent-deployment.yaml b/monasca/templates/agent-deployment.yaml new file mode 100644 index 00000000..d23b877f --- /dev/null +++ b/monasca/templates/agent-deployment.yaml @@ -0,0 +1,157 @@ +{{- if .Values.agent.deployment_enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "agent.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.agent.name }}-deployment" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + component: "{{ .Values.agent.name }}-deployment" + app: {{ template "fullname" . }} + spec: + terminationGracePeriodSeconds: {{ .Values.agent.termination_grace_period }} + containers: + - name: collector + image: "{{ .Values.agent.collector.image.repository }}:{{ .Values.agent.collector.image.tag }}" + imagePullPolicy: {{ .Values.agent.collector.image.pullPolicy }} + resources: +{{ toYaml .Values.agent.resources | indent 12 }} + env: + - name: KEYSTONE_DEFAULTS_ENABLED + value: "{{ .Values.agent.keystone.defaults_enabled }}" + - name: OS_AUTH_URL + {{- if .Values.agent.keystone.url }} + {{- if eq (kindOf .Values.agent.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.agent.keystone.url.secret_name }}" + key: "{{ .Values.agent.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.agent.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.agent.keystone | indent 12 }} + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES_API + value: "true" + - name: KUBERNETES_API_TIMEOUT + value: {{ .Values.agent.kubernetes_api.timeout | quote }} + - name: KUBERNETES_API_LABELS + value: {{ .Values.agent.kubernetes_api.kubernetes_labels | quote }} + - name: PROMETHEUS + value: {{ .Values.agent.prometheus.auto_detect_service_endpoints | quote }} + - name: PROMETHEUS_TIMEOUT + value: {{ .Values.agent.prometheus.timeout | quote }} + - name: PROMETHEUS_DETECT_METHOD + value: service + - name: PROMETHEUS_KUBERNETES_LABELS + value: {{ .Values.agent.prometheus.kubernetes_labels | quote }} + - name: MONASCA_API_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0" + - name: LOG_LEVEL + value: {{ .Values.agent.log_level | quote }} + - name: HOSTNAME_FROM_KUBERNETES + value: "true" + {{- if .Values.agent.namespace_annotations }} + - name: KUBERNETES_NAMESPACE_ANNOTATIONS + value: {{ .Values.agent.namespace_annotations | quote}} + {{- end}} + {{- if .Values.agent.kubernetes_api.storage.parameter_dimensions }} + - name: STORAGE_PARAMETERS_DIMENSIONS + value: {{ .Values.agent.kubernetes_api.storage.parameter_dimensions | quote}} + {{- end}} + - name: REPORT_PERSISTENT_STORAGE + value: {{ .Values.agent.kubernetes_api.storage.report | quote }} + {{- if .Values.agent.dimensions }} + - name: DIMENSIONS + value: {{ .Values.agent.dimensions | quote}} + {{- end}} + - name: CHECK_FREQ + value: {{ .Values.agent.collector.check_freq | quote }} + - name: NUM_COLLECTOR_THREADS + value: {{ .Values.agent.collector.num_collector_threads | quote }} + - name: POOL_FULL_MAX_TRIES + value: {{ .Values.agent.collector.pool_full_max_retries | quote }} + - name: SUB_COLLECTION_WARN + value: {{ .Values.agent.collector.sub_collection_warn | quote }} + {{- if .Values.agent.plugins.enabled }} + volumeMounts: + - name: agent-config + mountPath: /plugins.d + {{- end}} + - name: forwarder + image: "{{ .Values.agent.forwarder.image.repository }}:{{ .Values.agent.forwarder.image.tag }}" + imagePullPolicy: {{ .Values.agent.forwarder.image.pullPolicy }} + resources: +{{ toYaml .Values.agent.resources | indent 12 }} + env: + - name: KEYSTONE_DEFAULTS_ENABLED + value: "{{ .Values.agent.keystone.defaults_enabled }}" + - name: AGENT_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: AGENT_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OS_AUTH_URL + {{- if .Values.agent.keystone.url }} + {{- if eq (kindOf .Values.agent.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.agent.keystone.url.secret_name }}" + key: "{{ .Values.agent.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.agent.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.agent.keystone | indent 12 }} + - name: MONASCA_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0" + - name: LOG_LEVEL + value: {{ .Values.agent.log_level | quote }} + - name: INSECURE + value: {{ .Values.agent.insecure | quote }} + - name: MAX_BATCH_SIZE + value: {{ .Values.agent.forwarder.max_batch_size | quote }} + - name: MAX_MEASUREMENT_BUFFER_SIZE + value: {{ .Values.agent.forwarder.max_measurement_buffer_size | quote }} + - name: BACKLOG_SEND_RATE + value: {{ .Values.agent.forwarder.backlog_send_rate | quote }} + - name: NON_LOCAL_TRAFFIC + value: {{ .Values.agent.forwarder.non_local_traffic | quote }} + {{- if .Values.agent.plugins.enabled }} + volumes: + - name: agent-config + configMap: + name: {{ template "agent.fullname" . }} + {{- end}} + {{- if .Values.agent.serviceAccount }} + serviceAccountName: {{ .Values.agent.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "agent.fullname" . }}" + {{- end }} +{{- end}} diff --git a/monasca/templates/agent-serviceaccount.yaml b/monasca/templates/agent-serviceaccount.yaml new file mode 100644 index 00000000..626830ac --- /dev/null +++ b/monasca/templates/agent-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.agent.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ template "agent.fullname" . }}" + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.agent.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/monasca/templates/aggregator-configmap.yaml b/monasca/templates/aggregator-configmap.yaml new file mode 100644 index 00000000..15d8bdcd --- /dev/null +++ b/monasca/templates/aggregator-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.aggregator.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "aggregator.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.aggregator.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{ toYaml .Values.aggregator.metric_configuration | indent 2 }} +{{- end }} diff --git a/monasca/templates/aggregator-deployment.yaml b/monasca/templates/aggregator-deployment.yaml new file mode 100644 index 00000000..911871b5 --- /dev/null +++ b/monasca/templates/aggregator-deployment.yaml @@ -0,0 +1,52 @@ +{{- if .Values.aggregator.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "aggregator.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.aggregator.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: {{ .Values.aggregator.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.aggregator.name }}" + annotations: + checksum/metric_config: {{ toYaml .Values.aggregator.metric_configuration | sha256sum }} + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8080" + spec: + containers: + - name: aggregator + image: "{{ .Values.aggregator.image.repository }}:{{ .Values.aggregator.image.tag }}" + imagePullPolicy: {{ .Values.aggregator.image.pullPolicy }} + resources: +{{ toYaml .Values.aggregator.resources | indent 10 }} + ports: + - containerPort: 8080 + name: metrics + env: + - name: AGGREGATION_WINDOW_SIZE + value: {{ .Values.aggregator.window_size | quote }} + - name: AGGREGATION_WINDOW_LAG + value: {{ .Values.aggregator.window_lag | quote }} + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ template "kafka.fullname" . }}:9092" + {{- end }} + volumeMounts: + - name: aggregator-config + mountPath: /specs + volumes: + - name: aggregator-config + configMap: + name: {{ template "aggregator.fullname" . }} +{{- end }} diff --git a/monasca/templates/alarm-definition-controller-deployment.yaml b/monasca/templates/alarm-definition-controller-deployment.yaml new file mode 100644 index 00000000..77ce4fb6 --- /dev/null +++ b/monasca/templates/alarm-definition-controller-deployment.yaml @@ -0,0 +1,59 @@ +{{- if .Values.alarm_definition_controller.controller_enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "alarm_definition_controller.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.alarm_definition_controller.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.alarm_definition_controller.name }}" + spec: + containers: + - name: adc + image: "{{ .Values.alarm_definition_controller.image.repository }}:{{ .Values.alarm_definition_controller.image.tag }}" + imagePullPolicy: {{ .Values.alarm_definition_controller.image.pullPolicy }} + resources: +{{ toYaml .Values.alarm_definition_controller.resources | indent 12 }} + env: + - name: OS_AUTH_URL + {{- if .Values.alarm_definition_controller.keystone.url }} + {{- if eq (kindOf .Values.alarm_definition_controller.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.alarm_definition_controller.keystone.url.secret_name }}" + key: "{{ .Values.alarm_definition_controller.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.alarm_definition_controller.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}" + {{- end }} +{{ include "monasca_keystone_env" .Values.alarm_definition_controller.keystone | indent 12 }} + - name: MONASCA_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0" + {{- if .Values.alarm_definition_controller.default_notification_name }} + - name: DEFAULT_NOTIFICATION + value: "{{ .Values.alarm_definition_controller.default_notification_name }}" + {{- end }} + - name: NAMESPACE + {{- if .Values.alarm_definition_controller.namespace }} + value: "{{ .Values.alarm_definition_controller.namespace }}" + {{- else }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + - name: VERSION + value: "{{ .Values.alarm_definition_controller.version }}" +{{- end }} diff --git a/monasca/templates/alarm-definition-resource.yaml b/monasca/templates/alarm-definition-resource.yaml new file mode 100644 index 00000000..bafd7d6d --- /dev/null +++ b/monasca/templates/alarm-definition-resource.yaml @@ -0,0 +1,9 @@ +{{- if .Values.alarm_definition_controller.resource_enabled }} +apiVersion: extensions/v1beta1 +kind: ThirdPartyResource +metadata: + name: alarm-definition.monasca.io +description: "A specification to create a Monasca alarm definition" +versions: +- name: {{ .Values.alarm_definition_controller.version }} +{{- end }} diff --git a/monasca/templates/alarms-configmap.yaml b/monasca/templates/alarms-configmap.yaml new file mode 100644 index 00000000..d7872ac2 --- /dev/null +++ b/monasca/templates/alarms-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alarms.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "alarms.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.alarms.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{ toYaml .Values.alarms.definitions_configuration | indent 2 }} +{{- end }} diff --git a/monasca/templates/alarms-init-job.yaml b/monasca/templates/alarms-init-job.yaml new file mode 100644 index 00000000..e7d85d67 --- /dev/null +++ b/monasca/templates/alarms-init-job.yaml @@ -0,0 +1,82 @@ +{{- if .Values.alarms.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "alarms.fullname" . }}-init-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.alarms.name }}-init-job" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.alarms.name }}-init-job" + spec: + restartPolicy: OnFailure + containers: + - name: alarms-init-job + image: "{{ .Values.alarms.image.repository }}:{{ .Values.alarms.image.tag }}" + imagePullPolicy: {{ .Values.alarms.image.pullPolicy }} + resources: +{{ toYaml .Values.alarms.resources | indent 12 }} + env: + - name: KEYSTONE_DEFAULTS_ENABLED + value: "{{ .Values.alarms.keystone.defaults_enabled }}" + - name: OS_AUTH_URL + {{- if .Values.alarms.keystone.url }} + {{- if eq (kindOf .Values.alarms.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.alarms.keystone.url.secret_name }}" + key: "{{ .Values.alarms.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.alarms.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.alarms.keystone | indent 12 }} + - name: MONASCA_API_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0" + - name: MONASCA_WAIT_FOR_API + value: "{{ .Values.alarms.wait.enabled }}" + - name: MONASCA_API_WAIT_RETRIES + value: "{{ .Values.alarms.wait.retries }}" + - name: MONASCA_API_WAIT_DELAY + value: "{{ .Values.alarms.wait.delay }}" + {{- if .Values.alarms.notification_name }} + - name: NOTIFICATION_NAME + value: "{{ .Values.alarms.notification_name }}" + {{- end }} + {{- if .Values.alarms.notification_type }} + - name: NOTIFICATION_TYPE + value: "{{ .Values.alarms.notification_type }}" + {{- end }} + {{- if .Values.alarms.notification_address_secret }} + - name: NOTIFICATION_ADDRESS + valueFrom: + secretKeyRef: + name: "{{ .Values.alarms.notification_address_secret }}" + key: "{{ .Values.alarms.notification_address_secret_key | default .Values.alarms.notification_address_secret }}" + {{- else if .Values.alarms.notification_address }} + - name: NOTIFICATION_ADDRESS + value: "{{ .Values.alarms.notification_address }}" + {{- end }} + volumeMounts: + - name: alarms-config + mountPath: /config/definitions.yml.j2 + subPath: definitions.yml.j2 + volumes: + - name: alarms-config + configMap: + name: {{ template "alarms.fullname" . }} + items: + - key: definitions.yml.j2 + path: definitions.yml.j2 +{{- end }} diff --git a/monasca/templates/api-deployment.yaml b/monasca/templates/api-deployment.yaml new file mode 100644 index 00000000..592999f9 --- /dev/null +++ b/monasca/templates/api-deployment.yaml @@ -0,0 +1,167 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "api.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.api.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: {{ .Values.api.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.api.name }}" + {{- if .Values.api.side_container.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "4888" + {{- end }} + spec: + containers: + - name: api + image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + resources: +{{ toYaml .Values.api.resources | indent 10 }} + ports: + - containerPort: 8070 + name: client + env: + - name: LOG_LEVEL_ROOT + value: {{ .Values.api.logging.log_level_root | quote }} + - name: LOG_LEVEL_CONSOLE + value: {{ .Values.api.logging.log_level_console | quote }} + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ template "kafka.fullname" . }}:9092" + {{- end }} + - name: INFLUX_HOST + value: "{{ .Release.Name }}-influxdb" + - name: INFLUX_PORT + value: {{ .Values.influxdb.config.http.bind_address | quote }} + - name: INFLUX_USER + value: {{ .Values.api.influxdb.user | quote }} + - name: INFLUX_PASSWORD + value: {{ .Values.api.influxdb.password | quote }} + - name: INFLUX_DB + value: {{ .Values.api.influxdb.database | quote }} + {{- if .Values.api.mysql_disabled }} + - name: API_MYSQL_DISABLED + value: {{ .Values.api.mysql_disabled | quote }} + {{- end}} + {{- if .Values.api.mysql_disabled }} + - name: MYSQL_WAIT_RETRIES + value: {{ .Values.api.mysql_wait_retries | quote }} + {{- end}} + - name: MYSQL_HOST + {{- if .Values.api.mysql.host }} + {{- if eq (kindOf .Values.api.mysql.host) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.api.mysql.host.secret_name }}" + key: "{{ .Values.api.mysql.host.secret_key | default "host" }}" + {{- else }} + value: "{{ .Values.api.mysql.host }}" + {{- end}} + {{- else }} + value: "{{ .Release.Name }}-mysql" + {{- end}} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + {{- if .Values.api.mysql.username.secret_name }} + name: "{{ .Values.api.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-api-secret" + {{- end}} + key: "{{ .Values.api.mysql.username.secret_key | default "username" }}" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.api.mysql.password.secret_name }} + name: "{{ .Values.api.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-api-secret" + {{- end}} + key: "{{ .Values.api.mysql.password.secret_key | default "password" }}" + - name: MYSQL_DB + value: "mon" + - name: MEMCACHED_URI + {{- if .Values.api.memcachedUri }} + value: "{{ .Values.api.memcachedUri }}" + {{- else if .Values.memcached.enabled }} + value: "{{ template "memcached.fullname" . }}:{{ .Values.memcached.service.port | default "11211" }}" + {{- else }} + value: "" + {{- end }} + - name: KEYSTONE_IDENTITY_URI + {{- if .Values.api.keystone.identity_url }} +{{- include "monasca_secret_env" .Values.api.keystone.identity_url | indent 14 }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}" + {{- end }} + - name: KEYSTONE_AUTH_URI + {{- if .Values.api.keystone.auth_url }} +{{- include "monasca_secret_env" .Values.api.keystone.auth_url | indent 14 }} + {{- else if .Values.keystone.override.admin_url }} + value: "{{ .Values.keystone.override.admin_url }}" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.admin_port }}" + {{- end }} + - name: KEYSTONE_ADMIN_USER +{{- include "monasca_secret_env" .Values.api.keystone.username | indent 14 }} + - name: KEYSTONE_ADMIN_PASSWORD +{{- include "monasca_secret_env" .Values.api.keystone.password | indent 14 }} + - name: KEYSTONE_ADMIN_TENANT +{{- include "monasca_secret_env" .Values.api.keystone.tenant_name | indent 14 }} + {{- if .Values.api.auth_disabled }} + - name: API_AUTH_DISABLED + value: "true" + {{- end}} + {{- if .Values.api.authorized_roles }} + - name: AUTHORIZED_ROLES + value: {{ .Values.api.authorized_roles | quote }} + {{- end}} + {{- if .Values.api.http_proxy }} + - name: http_proxy + value: {{ .Values.api.http_proxy | quote }} + - name: HTTP_PROXY + value: {{ .Values.api.http_proxy | quote }} + {{- end }} + {{- if .Values.api.https_proxy }} + - name: https_proxy + value: {{ .Values.api.https_proxy | quote }} + - name: HTTPS_PROXY + value: {{ .Values.api.https_proxy | quote }} + {{- end }} + {{- if .Values.api.no_proxy }} + - name: no_proxy + value: {{ .Values.api.no_proxy | quote }} + - name: NO_PROXY + value: {{ .Values.api.no_proxy | quote }} + {{- end }} + {{- if .Values.api.side_container.enabled }} + - name: SIDECAR_URL + value: http://localhost:4888/v1/ingest + {{- end }} + - name: GUNICORN_WORKERS + value: {{ .Values.api.gunicorn_workers | quote }} + {{- if .Values.api.side_container.enabled }} + - name: sidecar + image: "{{ .Values.api.side_container.image.repository }}:{{ .Values.api.side_container.image.tag }}" + imagePullPolicy: {{ .Values.api.side_container.image.pullPolicy }} + resources: +{{ toYaml .Values.api.side_container.resources | indent 10 }} + ports: + - containerPort: 4888 + name: scrape + {{- end }} diff --git a/monasca/templates/api-svc.yaml b/monasca/templates/api-svc.yaml new file mode 100644 index 00000000..8642e5de --- /dev/null +++ b/monasca/templates/api-svc.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.api.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "api.fullname" . }} +spec: + type: {{ .Values.api.service.type }} + ports: + - name: http + port: {{ .Values.api.service.port}} + {{- if .Values.api.service.node_port }} + nodePort: {{ .Values.api.service.node_port }} + {{- end }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.api.name }}" diff --git a/monasca/templates/cleanup-hook.yaml b/monasca/templates/cleanup-hook.yaml new file mode 100644 index 00000000..d50e4a2c --- /dev/null +++ b/monasca/templates/cleanup-hook.yaml @@ -0,0 +1,47 @@ +apiVersion: batch/v1 +kind: Job +metadata: + # while not recommended, we add a random sequence to the end of the job name + # this job will attempt to delete itself when finished, but should it fail for + # some reason we don't want future upgrades to fail because of a name conflict + # (plus the future runs of this job will delete any previous iterations that + # failed to clean themselves up) + name: "{{ template "cleanup.fullname" . }}-job-{{ randAlphaNum 5 | lower }}" + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}-job" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,post-delete + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}-job" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + restartPolicy: OnFailure + containers: + - name: {{ template "name" . }}-{{ .Values.cleanup.name }}-job + image: "{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}" + imagePullPolicy: {{ .Values.cleanup.image.pullPolicy }} + resources: +{{ toYaml .Values.cleanup.resources | indent 12 }} + env: + - name: "WAIT_RETRIES" + value: "{{ .Values.cleanup.wait.retries }}" + - name: "WAIT_DELAY" + value: "{{ .Values.cleanup.wait.delay }}" + - name: "WAIT_TIMEOUT" + value: "{{ .Values.cleanup.wait.timeout }}" + {{- if .Values.cleanup.serviceAccount }} + serviceAccountName: {{ .Values.cleanup.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "cleanup.fullname" . }}" + {{- end }} diff --git a/monasca/templates/cleanup-role.yaml b/monasca/templates/cleanup-role.yaml new file mode 100644 index 00000000..6240a8ff --- /dev/null +++ b/monasca/templates/cleanup-role.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: Role +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete", "patch"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "delete"] +{{- end }} diff --git a/monasca/templates/cleanup-rolebinding.yaml b/monasca/templates/cleanup-rolebinding.yaml new file mode 100644 index 00000000..92d88a03 --- /dev/null +++ b/monasca/templates/cleanup-rolebinding.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ template "cleanup.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ template "cleanup.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/monasca/templates/cleanup-serviceaccount.yaml b/monasca/templates/cleanup-serviceaccount.yaml new file mode 100644 index 00000000..c021a7fa --- /dev/null +++ b/monasca/templates/cleanup-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/monasca/templates/client-deployment.yaml b/monasca/templates/client-deployment.yaml new file mode 100644 index 00000000..38037f7a --- /dev/null +++ b/monasca/templates/client-deployment.yaml @@ -0,0 +1,48 @@ +{{- if .Values.client.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "client.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.client.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + component: "{{ .Values.client.name }}-deployment" + app: {{ template "fullname" . }} + spec: + containers: + - name: client + image: "{{ .Values.client.image.repository }}:{{ .Values.client.image.tag }}" + imagePullPolicy: {{ .Values.client.image.pullPolicy }} + command: + - "sh" + - "-c" + - "while true; do sleep 86400; done" + resources: +{{ toYaml .Values.client.resources | indent 12 }} + env: + - name: OS_AUTH_URL + {{- if .Values.client.keystone.url }} + {{- if eq (kindOf .Values.client.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.client.keystone.url.secret_name }}" + key: "{{ .Values.client.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.client.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.client.keystone | indent 12 }} + - name: MONASCA_API_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0" +{{- end }} diff --git a/monasca/templates/forwarder-configmap.yaml b/monasca/templates/forwarder-configmap.yaml new file mode 100644 index 00000000..2aa71767 --- /dev/null +++ b/monasca/templates/forwarder-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.forwarder.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "forwarder.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.forwarder.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{ toYaml .Values.forwarder.metric_configuration | indent 2 }} +{{- end }} diff --git a/monasca/templates/forwarder-deployment.yaml b/monasca/templates/forwarder-deployment.yaml new file mode 100644 index 00000000..bb016323 --- /dev/null +++ b/monasca/templates/forwarder-deployment.yaml @@ -0,0 +1,68 @@ +{{- if .Values.forwarder.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "forwarder.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.forwarder.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: {{ .Values.forwarder.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.forwarder.name }}" + annotations: + checksum/metric_config: {{ toYaml .Values.forwarder.metric_configuration | sha256sum }} + spec: + containers: + - name: forwarder + image: "{{ .Values.forwarder.image.repository }}:{{ .Values.forwarder.image.tag }}" + imagePullPolicy: {{ .Values.forwarder.image.pullPolicy }} + resources: +{{ toYaml .Values.forwarder.resources | indent 10 }} + env: + - name: MONASCA_PROJECT_ID + value: {{ .Values.forwarder.config.monasca_project_id | quote }} + - name: REMOTE_API_URL + value: {{ .Values.forwarder.config.remote_api_url | quote }} + - name: DEBUG + value: {{ .Values.forwarder.logging.debug | quote }} + - name: VERBOSE + value: {{ .Values.forwarder.logging.verbose | quote }} + - name: ZOOKEEPER_URL + {{- if .Values.zookeeper.overrideUri }} + value: "{{ .Values.zookeeper.overrideUri }}" + {{- else }} + value: "{{ template "zookeeper.fullname" . }}:2181" + {{- end }} + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ template "kafka.fullname" . }}:9092" + {{- end }} + - name: USE_INSECURE + value: {{ .Values.forwarder.config.use_insecure | quote}} + - name: MONASCA_ROLE + value: {{ .Values.forwarder.config.monasca_role | quote }} + {{- if .Values.forwarder.metric_project_id }} + - name: METRIC_PROJECT_ID + value: {{ .Values.forwarder.config.metric_project_id | quote }} + {{- end }} + volumeMounts: + - name: forwarder-config + mountPath: /config/forwarder_metric_match.yml.j2 + subPath: forwarder_metric_match.yml.j2 + volumes: + - name: forwarder-config + configMap: + name: {{ template "forwarder.fullname" . }} + items: + - key: forwarder_metric_match.yml + path: forwarder_metric_match.yml.j2 +{{- end }} diff --git a/monasca/templates/grafana-configmap.yaml b/monasca/templates/grafana-configmap.yaml new file mode 100644 index 00000000..344f8093 --- /dev/null +++ b/monasca/templates/grafana-configmap.yaml @@ -0,0 +1,37 @@ +{{- if .Values.grafana.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.grafana.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + grafana.ini: | + [paths] + plugins = /var/lib/grafana/plugins + + [auth.basic] + enabled = false + + [users] + allow_sign_up = true + allow_org_create = true + + [auth.keystone] + enabled = true + verify_ssl_cert = false + v3 = true + default_domain = Default + + [log.console] + level = trace + + [database] + type = mysql + name = grafana + ssl_mode = disable +{{- end}} diff --git a/monasca/templates/grafana-deployment.yaml b/monasca/templates/grafana-deployment.yaml new file mode 100644 index 00000000..14467307 --- /dev/null +++ b/monasca/templates/grafana-deployment.yaml @@ -0,0 +1,76 @@ +{{- if .Values.grafana.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.grafana.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.grafana.name }}" + spec: + containers: + - name: grafana + image: "{{ .Values.grafana.image.repository }}:{{ .Values.grafana.image.tag }}" + imagePullPolicy: {{ .Values.grafana.image.pullPolicy }} + resources: +{{ toYaml .Values.grafana.resources | indent 12 }} + ports: + - name: http + containerPort: 3000 + volumeMounts: + - name: grafana-config + mountPath: /etc/grafana + env: + - name: GF_AUTH_KEYSTONE_AUTH_URL + {{- if .Values.grafana.keystone_url }} +{{- include "monasca_secret_env" .Values.grafana.keystone_url | indent 14 }} + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.admin_port }}" + {{- end }} + - name: GF_DATABASE_HOST + {{- if .Values.grafana.mysql.host }} + {{- if eq (kindOf .Values.grafana.mysql.host) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.grafana.mysql.host.secret_name }}" + key: "{{ .Values.grafana.mysql.host.secret_key | default "host" }}" + {{- else }} + value: "{{ .Values.grafana.mysql.host }}" + {{- end}} + {{- else }} + value: "{{ .Release.Name }}-mysql" + {{- end}} + - name: GF_DATABASE_PORT +{{- include "monasca_secret_env" .Values.grafana.mysql.port | indent 14 }} + - name: GF_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.grafana.mysql.password.secret_name}} + name: "{{ .Values.grafana.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-grafana-secret" + {{- end}} + key: "{{ .Values.grafana.mysql.password.secret_key | default "password" }}" + - name: GF_DATABASE_USER + valueFrom: + secretKeyRef: + {{- if .Values.grafana.mysql.username.secret_name}} + name: "{{ .Values.grafana.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-grafana-secret" + {{- end}} + key: "{{ .Values.grafana.mysql.username.secret_key | default "username" }}" + volumes: + - name: grafana-config + configMap: + name: {{ template "grafana.fullname" . }} +{{- end}} diff --git a/monasca/templates/grafana-init-job.yaml b/monasca/templates/grafana-init-job.yaml new file mode 100644 index 00000000..89474256 --- /dev/null +++ b/monasca/templates/grafana-init-job.yaml @@ -0,0 +1,41 @@ +{{- if .Values.grafana.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "grafana.fullname" . }}-init-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.grafana.name }}-init-job" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.grafana.name }}-init-job" + spec: + restartPolicy: OnFailure + containers: + - name: grafana-init-job + image: "{{ .Values.grafana_init.image.repository }}:{{ .Values.grafana_init.image.tag }}" + imagePullPolicy: {{ .Values.grafana_init.image.pullPolicy }} + resources: +{{ toYaml .Values.grafana_init.resources | indent 12 }} + env: + - name: LOG_LEVEL + value: {{ .Values.grafana_init.log_level }} + - name: GRAFANA_URL + {{- if $.Values.grafana.simple_name }} + value: "http://{{ $.Values.grafana.name}}:{{ .Values.grafana.service.port }}" + {{- else }} + value: "http://{{ template "grafana.fullname" . }}:{{ .Values.grafana.service.port }}" + {{- end }} + - name: GRAFANA_USERNAME +{{- include "monasca_secret_env" .Values.grafana_init.username | indent 14 }} + - name: GRAFANA_PASSWORD +{{- include "monasca_secret_env" .Values.grafana_init.password | indent 14 }} + - name: DATASOURCE_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}" +{{- end}} diff --git a/monasca/templates/grafana-svc.yaml b/monasca/templates/grafana-svc.yaml new file mode 100644 index 00000000..cb797677 --- /dev/null +++ b/monasca/templates/grafana-svc.yaml @@ -0,0 +1,24 @@ +{{- if .Values.grafana.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if $.Values.grafana.simple_name }} + name: {{ $.Values.grafana.name }} + {{- else }} + name: {{ template "grafana.fullname" . }} + {{- end }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.grafana.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.grafana.service.type }} + ports: + - name: http + port: {{ .Values.grafana.service.port }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.grafana.name }}" +{{- end}} diff --git a/monasca/templates/influx-init-job.yaml b/monasca/templates/influx-init-job.yaml new file mode 100644 index 00000000..24c0b868 --- /dev/null +++ b/monasca/templates/influx-init-job.yaml @@ -0,0 +1,31 @@ +{{- if .Values.influx_init.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-influx-init-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + spec: + restartPolicy: OnFailure + containers: + - name: influx-init-job + image: "{{ .Values.influx_init.image.repository }}:{{ .Values.influx_init.image.tag }}" + imagePullPolicy: {{ .Values.influx_init.image.pullPolicy }} + env: + - name: INFLUXDB_URL + value: "http://{{ .Release.Name }}-influxdb:{{ .Values.influxdb.config.http.bind_address }}" + - name: INFLUXDB_SHARD_DURATION + value: {{ .Values.influx_init.shard_duration | quote }} + - name: INFLUXDB_DEFAULT_RETENTION + value: {{ .Values.influx_init.default_retention | quote }} + resources: +{{ toYaml .Values.influx_init.resources | indent 12 }} +{{- end }} diff --git a/monasca/templates/keystone-configmap.yaml b/monasca/templates/keystone-configmap.yaml new file mode 100644 index 00000000..58f4d8b4 --- /dev/null +++ b/monasca/templates/keystone-configmap.yaml @@ -0,0 +1,63 @@ +{{- if .Values.keystone.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.keystone.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "keystone.fullname" . }} +data: + preload.yml: | + users: + - username: mini-mon + password: {{ .Values.keystone.users.mini_mon.password }} + project: mini-mon + role: monasca-user + + - username: monasca-agent + password: {{ .Values.keystone.users.monasca_agent.password }} + project: mini-mon + role: monasca-agent + + - username: mini-mon + password: {{ .Values.keystone.users.mini_mon.password }} + project: mini-mon + role: admin + + - username: admin + password: {{ .Values.keystone.users.admin.password }} + project: admin + role: monasca-user + + - username: demo + password: {{ .Values.keystone.users.demo.password }} + project: demo + role: monasca-user + + - username: monasca-read-only-user + password: {{ .Values.keystone.users.monasca_read_only.password }} + project: mini-mon + role: monasca-read-only-user + + endpoints: + - name: monasca + description: Monasca monitoring service + type: monitoring + region: RegionOne + interfaces: + - name: internal + url: http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0 + - name: public + url: http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0 + {{- if .Values.api.service.node_port }} + resolve: true + {{- end }} + - name: admin + url: http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}/v2.0 + {{- if .Values.api.service.node_port }} + resolve: true + {{- end }} +{{- end}} diff --git a/monasca/templates/keystone-deployment.yaml b/monasca/templates/keystone-deployment.yaml new file mode 100644 index 00000000..37c044b6 --- /dev/null +++ b/monasca/templates/keystone-deployment.yaml @@ -0,0 +1,85 @@ +{{- if .Values.keystone.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.keystone.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "keystone.fullname" . }} +spec: + replicas: {{ .Values.keystone.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.keystone.name }}" + spec: + volumes: + - name: preload-config + configMap: + name: {{ template "keystone.fullname" . }} + items: + - key: preload.yml + path: preload.yml + containers: + - name: keystone + image: "{{ .Values.keystone.image.repository }}:{{ .Values.keystone.image.tag }}" + imagePullPolicy: {{ .Values.keystone.image.pullPolicy }} + resources: +{{ toYaml .Values.keystone.resources | indent 12 }} + env: + - name: KEYSTONE_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KEYSTONE_USERNAME + value: {{ .Values.keystone.bootstrap.user | quote }} + - name: KEYSTONE_PASSWORD + value: {{ .Values.keystone.bootstrap.password | quote }} + - name: KEYSTONE_PROJECT + value: {{ .Values.keystone.bootstrap.project | quote }} + - name: KEYSTONE_ROLE + value: {{ .Values.keystone.bootstrap.role | quote }} + - name: KEYSTONE_SERVICE + value: {{ .Values.keystone.bootstrap.service | quote }} + - name: KEYSTONE_REGION + value: {{ .Values.keystone.bootstrap.region | quote }} + - name: KEYSTONE_DATABASE_BACKEND + value: {{ .Values.keystone.database_backend | quote }} + - name: KEYSTONE_MYSQL_HOST + value: "{{ .Release.Name }}-mysql" + - name: KEYSTONE_MYSQL_USER + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mysql-keystone-secret" + key: username + - name: KEYSTONE_MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mysql-keystone-secret" + key: password + - name: KEYSTONE_MYSQL_DATABASE + value: {{ .Values.keystone.mysql.database | quote }} + - name: KEYSTONE_MYSQL_TCP_PORT + value: "3306" + {{- if .Values.keystone.service.node_port }} + {{- if .Values.keystone.service.admin_node_port }} + - name: KUBERNETES_RESOLVE_PUBLIC_ENDPOINTS + value: "true" + - name: KEYSTONE_SERVICE_NAME + value: "{{ template "keystone.fullname" . }}" + {{- end }} + {{- end }} + ports: + - name: http + containerPort: 5000 + - name: admin + containerPort: 35357 + volumeMounts: + - name: preload-config + mountPath: /preload.yml + subPath: preload.yml +{{- end}} diff --git a/monasca/templates/keystone-svc.yaml b/monasca/templates/keystone-svc.yaml new file mode 100644 index 00000000..112b731d --- /dev/null +++ b/monasca/templates/keystone-svc.yaml @@ -0,0 +1,30 @@ +{{- if .Values.keystone.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.keystone.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "keystone.fullname" . }} +spec: + type: {{ .Values.keystone.service.type }} + ports: + - name: http + port: {{ .Values.keystone.service.port }} + targetPort: http + {{- if .Values.keystone.service.node_port }} + nodePort: {{ .Values.keystone.service.node_port }} + {{- end }} + - name: admin + port: {{ .Values.keystone.service.admin_port }} + targetPort: admin + {{- if .Values.keystone.service.admin_node_port }} + nodePort: {{ .Values.keystone.service.admin_node_port }} + {{- end }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.keystone.name }}" +{{- end}} diff --git a/monasca/templates/memcached-deployment.yaml b/monasca/templates/memcached-deployment.yaml new file mode 100644 index 00000000..8396a166 --- /dev/null +++ b/monasca/templates/memcached-deployment.yaml @@ -0,0 +1,29 @@ +{{- if .Values.memcached.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "memcached.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.memcached.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: {{ .Values.memcached.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.memcached.name }}" + spec: + containers: + - name: memcached + image: "{{ .Values.memcached.image.repository }}:{{ .Values.memcached.image.tag }}" + imagePullPolicy: {{ .Values.memcached.image.pullPolicy }} + resources: +{{ toYaml .Values.memcached.resources | indent 10 }} + ports: + - containerPort: 11211 + name: memcached +{{- end }} diff --git a/monasca/templates/memcached-svc.yaml b/monasca/templates/memcached-svc.yaml new file mode 100644 index 00000000..3b896b01 --- /dev/null +++ b/monasca/templates/memcached-svc.yaml @@ -0,0 +1,24 @@ +{{- if .Values.memcached.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.memcached.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "memcached.fullname" . }} +spec: + type: {{ .Values.memcached.service.type | default "ClusterIP" }} + ports: + - name: memcached + port: {{ .Values.memcached.service.port | default "11211" }} + targetPort: memcached + {{- if .Values.memcached.service.node_port }} + nodePort: {{ .Values.memcached.service.node_port }} + {{- end }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.memcached.name }}" +{{- end}} diff --git a/monasca/templates/mysql-api-secret.yaml b/monasca/templates/mysql-api-secret.yaml new file mode 100644 index 00000000..a7d62214 --- /dev/null +++ b/monasca/templates/mysql-api-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-mysql-api-secret" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +type: Opaque +data: + username: {{ b64enc .Values.mysql.users.api.username | quote }} + password: {{ b64enc .Values.mysql.users.api.password | quote }} diff --git a/monasca/templates/mysql-grafana-secret.yaml b/monasca/templates/mysql-grafana-secret.yaml new file mode 100644 index 00000000..b30ff8a9 --- /dev/null +++ b/monasca/templates/mysql-grafana-secret.yaml @@ -0,0 +1,17 @@ +{{- if .Values.grafana.enabled }} +{{- if .Values.grafana.local_mysql_enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-mysql-grafana-secret" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +type: Opaque +data: + username: {{ b64enc .Values.mysql.users.grafana.username | quote }} + password: {{ b64enc .Values.mysql.users.grafana.password | quote }} +{{- end}} +{{- end}} diff --git a/monasca/templates/mysql-init-job.yaml b/monasca/templates/mysql-init-job.yaml new file mode 100644 index 00000000..0f5c1563 --- /dev/null +++ b/monasca/templates/mysql-init-job.yaml @@ -0,0 +1,128 @@ +{{- if .Values.mysql_init.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-mysql-init-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + spec: + restartPolicy: OnFailure + containers: + - name: mysql-init-job + image: "{{ .Values.mysql_init.image.repository }}:{{ .Values.mysql_init.image.tag }}" + imagePullPolicy: {{ .Values.mysql_init.image.pullPolicy }} + resources: +{{ toYaml .Values.mysql_init.resources | indent 12 }} + env: + - name: MYSQL_INIT_DISABLE_REMOTE_ROOT + value: {{ .Values.mysql_init.disable_remote_root | quote }} + - name: MYSQL_INIT_RANDOM_PASSWORD + value: "false" + - name: MYSQL_INIT_HOST + {{- if .Values.mysql_init.host }} + {{- if eq (kindOf .Values.mysql_init.host) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.mysql_init.host.secret_name }}" + key: "{{ .Values.mysql_init.host.secret_key }}" + {{- else }} + value: "{{ .Values.mysql_init.host }}" + {{- end}} + {{- else }} + value: "{{ .Release.Name }}-mysql" + {{- end}} + - name: MYSQL_INIT_USERNAME +{{- include "monasca_secret_env" .Values.mysql_init.username | indent 14 }} + - name: MYSQL_INIT_PASSWORD +{{- include "monasca_secret_env" .Values.mysql_init.password | indent 14 }} + - name: MYSQL_INIT_PORT +{{- include "monasca_secret_env" .Values.mysql_init.port | indent 14 }} + - name: CREATE_MON_USERS + value: {{ .Values.mysql_init.create_mon_users | quote }} + - name: GRAFANA_DB_ENABLED + value: {{ .Values.mysql_init.grafana_db_enabled | quote }} + - name: KEYSTONE_DB_ENABLED + value: {{ .Values.mysql_init.keystone_db_enabled | quote }} + {{- if .Values.mysql_init.keystone_db_enabled }} + - name: KEYSTONE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.keystone.mysql.username.secret_name }} + name: "{{ .Values.keystone.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-keystone-secret" + {{- end}} + key: "{{ .Values.keystone.mysql.username.secret_key | default "username" }}" + - name: KEYSTONE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.keystone.mysql.password.secret_name }} + name: "{{ .Values.keystone.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-keystone-secret" + {{- end}} + key: "{{ .Values.keystone.mysql.password.secret_key | default "password" }}" + {{- end}} + - name: API_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.api.mysql.username.secert_key }} + name: "{{ .Values.api.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-api-secret" + {{- end}} + key: "{{ .Values.api.mysql.username.secret_key | default "username" }}" + - name: API_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.api.mysql.password.secert_key }} + name: "{{ .Values.api.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-api-secret" + {{- end}} + key: "{{ .Values.api.mysql.password.secret_key | default "password" }}" + - name: NOTIFICATION_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.notification.mysql.username.secret_name }} + name: "{{ .Values.notification.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-notification-secret" + {{- end}} + key: "{{ .Values.notification.mysql.username.secret_key | default "username" }}" + - name: NOTIFICATION_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.notification.mysql.password.secret_name }} + name: "{{ .Values.notification.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-notification-secret" + {{- end}} + key: "{{ .Values.notification.mysql.password.secret_key | default "password" }}" + - name: THRESH_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.thresh.mysql.username.secret_name }} + name: "{{ .Values.thresh.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-thresh-secret" + {{- end}} + key: "{{ .Values.thresh.mysql.username.secret_key | default "username" }}" + - name: THRESH_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.thresh.mysql.password.secret_name }} + name: "{{ .Values.thresh.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-thresh-secret" + {{- end}} + key: "{{ .Values.thresh.mysql.password.secret_key | default "password" }}" +{{- end }} diff --git a/monasca/templates/mysql-keystone-secret.yaml b/monasca/templates/mysql-keystone-secret.yaml new file mode 100644 index 00000000..df95e5a7 --- /dev/null +++ b/monasca/templates/mysql-keystone-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-mysql-keystone-secret" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +type: Opaque +data: + username: {{ b64enc .Values.mysql.users.keystone.username | quote }} + password: {{ b64enc .Values.mysql.users.keystone.password | quote }} diff --git a/monasca/templates/mysql-notification-secret.yaml b/monasca/templates/mysql-notification-secret.yaml new file mode 100644 index 00000000..086e20a3 --- /dev/null +++ b/monasca/templates/mysql-notification-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-mysql-notification-secret" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +type: Opaque +data: + username: {{ b64enc .Values.mysql.users.notification.username | quote }} + password: {{ b64enc .Values.mysql.users.notification.password | quote }} diff --git a/monasca/templates/mysql-thresh-secret.yaml b/monasca/templates/mysql-thresh-secret.yaml new file mode 100644 index 00000000..f2c2766f --- /dev/null +++ b/monasca/templates/mysql-thresh-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ .Release.Name }}-mysql-thresh-secret" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" +type: Opaque +data: + username: {{ b64enc .Values.mysql.users.thresh.username | quote }} + password: {{ b64enc .Values.mysql.users.thresh.password | quote }} diff --git a/monasca/templates/notification-deployment.yaml b/monasca/templates/notification-deployment.yaml new file mode 100644 index 00000000..c8336b41 --- /dev/null +++ b/monasca/templates/notification-deployment.yaml @@ -0,0 +1,141 @@ +{{- if .Values.notification.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.notification.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "notification.fullname" . }} +spec: + replicas: {{ .Values.notification.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.notification.name }}" + spec: + containers: + - name: notification + image: "{{ .Values.notification.image.repository }}:{{ .Values.notification.image.tag }}" + imagePullPolicy: {{ .Values.notification.image.pullPolicy }} + resources: +{{ toYaml .Values.notification.resources | indent 12 }} + env: + - name: MYSQL_DB_HOST + {{- if .Values.notification.mysql.host }} + {{- if eq (kindOf .Values.notification.mysql.host) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.notification.mysql.host.secret_name }}" + key: "{{ .Values.notification.mysql.host.secret_key | default "host" }}" + {{- else }} + value: "{{ .Values.notification.mysql.host }}" + {{- end}} + {{- else }} + value: "{{ .Release.Name }}-mysql" + {{- end}} + - name: MYSQL_DB_PORT +{{- include "monasca_secret_env" .Values.notification.mysql.port | indent 14 }} + - name: MYSQL_DB_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.notification.mysql.username.secret_name }} + name: "{{ .Values.notification.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-notification-secret" + {{- end}} + key: "{{ .Values.notification.mysql.username.secret_key | default "username" }}" + - name: MYSQL_DB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.notification.mysql.password.secret_name }} + name: "{{ .Values.notification.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-notification-secret" + {{- end}} + key: "{{ .Values.notification.mysql.password.secret_key | default "password" }}" + - name: MYSQL_DB_DATABASE + value: "mon" + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ template "kafka.fullname" . }}:9092" + {{- end }} + - name: ZOOKEEPER_URL + {{- if .Values.zookeeper.overrideUri }} + value: "{{ .Values.zookeeper.overrideUri }}" + {{- else }} + value: "{{ template "zookeeper.fullname" . }}:2181" + {{- end }} + - name: LOG_LEVEL + value: {{ .Values.notification.log_level | quote }} + - name: NF_PLUGINS + value: {{ .Values.notification.plugins | quote }} + {{- if .Values.notification.plugin_config.email.defined }} + - name: NF_EMAIL_SERVER + value: {{ .Values.notification.plugin_config.email.server | quote }} + - name: NF_EMAIL_PORT + value: {{ .Values.notification.plugin_config.email.port | quote }} + {{- if .Values.notification.plugin_config.email.user }} + - name: NF_EMAIL_USER + value: {{ .Values.notification.plugin_config.email.user | quote }} + - name: NF_EMAIL_PASSWORD + value: {{ .Values.notification.plugin_config.email.password | quote }} + {{- end }} + - name: NF_EMAIL_FROM_ADDR + value: {{ .Values.notification.plugin_config.email.from_addr | quote }} + {{- end }} + - name: NF_WEBHOOK_TIMEOUT + value: {{ .Values.notification.plugin_config.webhook.timeout | quote }} + {{- if .Values.notification.plugin_config.hipchat.ssl_certs }} + - name: NF_HIPCHAT_SSL_CERTS + value: {{ .Values.notification.plugin_config.hipchat.ssl_certs | quote }} + {{- end }} + - name: NF_HIPCHAT_TIMEOUT + value: {{ .Values.notification.plugin_config.hipchat.timeout | quote }} + {{- if .Values.notification.plugin_config.hipchat.insecure }} + - name: NF_HIPCHAT_INSECURE + value: {{ .Values.notification.plugin_config.hipchat.insecure | quote }} + {{- end }} + {{- if .Values.notification.plugin_config.hipchat.proxy }} + - name: NF_HIPCHAT_PROXY + value: {{ .Values.notification.plugin_config.hipchat.proxy | quote }} + {{- end }} + - name: NF_SLACK_TIMEOUT + value: {{ .Values.notification.plugin_config.slack.timeout | quote }} + {{- if .Values.notification.plugin_config.slack.certs }} + - name: NF_SLACK_CERTS + value: {{ .Values.notification.plugin_config.slack.certs | quote }} + {{- end }} + {{- if .Values.notification.plugin_config.slack.insecure }} + - name: NF_SLACK_INSECURE + value: {{ .Values.notification.plugin_config.slack.insecure | quote }} + {{- end }} + {{- if .Values.notification.plugin_config.slack.proxy }} + - name: NF_SLACK_PROXY + value: {{ .Values.notification.plugin_config.slack.proxy | quote }} + {{- end }} + {{- if .Values.notification.plugin_config.hipchat.template }} + - name: NF_HIPCHAT_TEMPLATE + value: "/hipchat-template.yml.j2" + {{- end }} + {{- if .Values.notification.plugin_config.hipchat.template }} + volumeMounts: + - name: hipchat-template + mountPath: /hipchat-template.yml.j2 + subPath: hipchat-template.yml.j2 + {{- end }} + {{- if .Values.notification.plugin_config.hipchat.template }} + volumes: + - name: hipchat-template + configMap: + name: "{{ template "notification.fullname" . }}-hipchat-template" + items: + - key: hipchat-template.yml.j2 + path: hipchat-template.yml.j2 + {{- end }} +{{- end}} diff --git a/monasca/templates/notification-hipchat-configmap.yaml b/monasca/templates/notification-hipchat-configmap.yaml new file mode 100644 index 00000000..5399b81a --- /dev/null +++ b/monasca/templates/notification-hipchat-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.notification.enabled }} +{{- if .Values.notification.plugin_config.hipchat.template }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "notification.fullname" . }}-hipchat-template" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.notification.name }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + hipchat-template.yml.j2: | +{{ .Values.notification.plugin_config.hipchat.template | indent 4 }} +{{- end }} +{{- end }} diff --git a/monasca/templates/persister-deployment.yaml b/monasca/templates/persister-deployment.yaml new file mode 100644 index 00000000..b748fe07 --- /dev/null +++ b/monasca/templates/persister-deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.persister.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "persister.fullname" . }} +spec: + replicas: {{ .Values.persister.replicaCount }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.persister.name }}" + spec: + containers: + - name: persister + image: "{{ .Values.persister.image.repository }}:{{ .Values.persister.image.tag }}" + imagePullPolicy: {{ .Values.persister.image.pullPolicy }} + resources: +{{ toYaml .Values.persister.resources | indent 10 }} + env: + - name: DEBUG + value: {{ .Values.persister.logging.debug | quote }} + - name: VERBOSE + value: {{ .Values.persister.logging.verbose | quote }} + - name: ZOOKEEPER_URI + {{- if .Values.zookeeper.overrideUri }} + value: "{{ .Values.zookeeper.overrideUri }}" + {{- else }} + value: "{{ template "zookeeper.fullname" . }}:2181" + {{- end }} + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ template "kafka.fullname" . }}:9092" + {{- end }} + - name: INFLUX_PORT + value: {{ .Values.influxdb.config.http.bind_address | quote }} + - name: INFLUX_USER + value: {{ .Values.persister.influxdb.user | quote }} + - name: INFLUX_PASSWORD + value: {{ .Values.persister.influxdb.password | quote }} + - name: INFLUX_DB + value: {{ .Values.persister.influxdb.database | quote }} + - name: INFLUX_HOST + value: "{{ .Release.Name }}-influxdb" + - name: KAFKA_METRICS_BATCH_SIZE + value: {{ .Values.persister.kafka.metrics.batch_size | quote }} + - name: KAFKA_METRICS_WAIT_TIME + value: {{ .Values.persister.kafka.metrics.wait_time | quote }} + - name: KAFKA_ALARM_HISTORY_BATCH_SIZE + value: {{ .Values.persister.kafka.alarm_history.batch_size | quote }} + - name: KAFKA_ALARM_HISTORY_WAIT_TIME + value: {{ .Values.persister.kafka.alarm_history.wait_time | quote }} diff --git a/monasca/templates/smoke-test-pod.yaml b/monasca/templates/smoke-test-pod.yaml new file mode 100644 index 00000000..b454ce5b --- /dev/null +++ b/monasca/templates/smoke-test-pod.yaml @@ -0,0 +1,44 @@ +{{- if .Values.smoke_tests.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "smoke_tests.fullname" . }}-test-pod + annotations: + "helm.sh/hook": test-success + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.smoke_tests.name }}-test-pod" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + restartPolicy: Never + containers: + - name: smoke-tests + image: "{{ .Values.smoke_tests.image.repository }}:{{ .Values.smoke_tests.image.tag }}" + imagePullPolicy: {{ .Values.smoke_tests.image.pullPolicy }} + resources: +{{ toYaml .Values.smoke_tests.resources | indent 8 }} + ports: + - containerPort: 8080 + name: smoke-tests + env: + - name: OS_AUTH_URL + {{- if .Values.smoke_tests.keystone.url }} + {{- if eq (kindOf .Values.smoke_tests.keystone.url) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.smoke_tests.keystone.url.secret_name }}" + key: "{{ .Values.smoke_tests.keystone.url.secret_key | default "OS_AUTH_URL" }}" + {{- else }} + value: "{{ .Values.smoke_tests.keystone.url }}" + {{- end }} + {{- else if .Values.keystone.override.public_url }} + value: "{{ .Values.keystone.override.public_url }}/v3" + {{- else }} + value: "http://{{ template "keystone.fullname" . }}:{{ .Values.keystone.service.port }}/v3" + {{- end }} +{{ include "monasca_keystone_env" .Values.smoke_tests.keystone | indent 8 }} + - name: MONASCA_URL + value: "http://{{ template "api.fullname" . }}:{{ .Values.api.service.port }}" +{{- end }} diff --git a/monasca/templates/static-api-svc.yaml b/monasca/templates/static-api-svc.yaml new file mode 100644 index 00000000..fc997921 --- /dev/null +++ b/monasca/templates/static-api-svc.yaml @@ -0,0 +1,23 @@ +{{- if .Values.api.static_service.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.api.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ .Values.api.static_service.name }} +spec: + type: {{ .Values.api.static_service.type }} + ports: + - name: http + port: {{ .Values.api.static_service.port}} + {{- if .Values.api.static_service.node_port }} + nodePort: {{ .Values.api.static_service.node_port }} + {{- end }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.api.name }}" +{{- end }} diff --git a/monasca/templates/static-keystone-svc.yaml b/monasca/templates/static-keystone-svc.yaml new file mode 100644 index 00000000..f6d592e4 --- /dev/null +++ b/monasca/templates/static-keystone-svc.yaml @@ -0,0 +1,32 @@ +{{- if .Values.keystone.enabled }} +{{- if .Values.keystone.static_service.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.keystone.name }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ .Values.keystone.static_service.name }} +spec: + type: {{ .Values.keystone.static_service.type }} + ports: + - name: http + port: {{ .Values.keystone.static_service.port }} + targetPort: http + {{- if .Values.keystone.static_service.node_port }} + nodePort: {{ .Values.keystone.static_service.node_port }} + {{- end }} + - name: admin + port: {{ .Values.keystone.static_service.admin_port }} + targetPort: admin + {{- if .Values.keystone.static_service.admin_node_port }} + nodePort: {{ .Values.keystone.static_service.admin_node_port }} + {{- end }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.keystone.name }}" +{{- end }} +{{- end }} diff --git a/monasca/templates/tempest-tests-pod.yaml b/monasca/templates/tempest-tests-pod.yaml new file mode 100644 index 00000000..4d25a4c0 --- /dev/null +++ b/monasca/templates/tempest-tests-pod.yaml @@ -0,0 +1,61 @@ +{{- if .Values.tempest_tests.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "tempest_tests.fullname" . }}-test-pod + annotations: + "helm.sh/hook": test-success + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.tempest_tests.name }}-test-pod" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + restartPolicy: Never + containers: + - name: tempest-tests + image: "{{ .Values.tempest_tests.image.repository }}:{{ .Values.tempest_tests.image.tag }}" + imagePullPolicy: {{ .Values.tempest_tests.image.pullPolicy }} + env: + - name: MONASCA_WAIT_FOR_API + value: "{{ .Values.tempest_tests.wait.enabled }}" + - name: MONASCA_API_WAIT_RETRIES + value: "{{ .Values.tempest_tests.wait.retries }}" + - name: MONASCA_API_WAIT_DELAY + value: "{{ .Values.tempest_tests.wait.delay }}" + - name: OS_PASSWORD + value: "{{ .Values.tempest_tests.keystone.os_password }}" + - name: OS_USERNAME + value: "{{ .Values.tempest_tests.keystone.os_username }}" + - name: KEYSTONE_SERVER + value: {{ template "keystone.fullname" . }} + - name: KEYSTONE_PORT + value: "{{ .Values.keystone.service.port }}" + - name: OS_TENANT_NAME + value: "{{ .Values.tempest_tests.keystone.os_tenant_name }}" + - name: OS_DOMAIN_NAME + value: "{{ .Values.tempest_tests.keystone.os_domain_name }}" + - name: ALT_USERNAME + value: "{{ .Values.tempest_tests.keystone.alt_username }}" + - name: ALT_PASSWORD + value: "{{ .Values.tempest_tests.keystone.alt_password }}" + - name: ALT_TENANT_NAME + value: "{{ .Values.tempest_tests.keystone.alt_tenant_name }}" + - name: AUTH_USE_SSL + value: "{{ .Values.tempest_tests.keystone.auth_use_ssl }}" + - name: USE_DYNAMIC_CREDS + value: "{{ .Values.tempest_tests.use_dynamic_creds }}" + - name: ADMIN_PROJECT_NAME + value: "{{ .Values.tempest_tests.keystone.admin_project_name }}" + - name: ADMIN_USERNAME + value: "{{ .Values.tempest_tests.keystone.admin_username }}" + - name: ADMIN_PASSWORD + value: "{{ .Values.tempest_tests.keystone.admin_password }}" + - name: ADMIN_DOMAIN_NAME + value: "{{ .Values.tempest_tests.keystone.admin_domain_name }}" + - name: OSTESTR_REGEX + value: "{{ .Values.tempest_tests.ostestr_regex }}" + - name: STAY_ALIVE_ON_FAILURE + value: "{{ .Values.tempest_tests.stay_alive_on_failure }}" +{{- end }} diff --git a/monasca/templates/thresh-deployment.yaml b/monasca/templates/thresh-deployment.yaml new file mode 100644 index 00000000..951d0de4 --- /dev/null +++ b/monasca/templates/thresh-deployment.yaml @@ -0,0 +1,135 @@ +{{- if .Values.thresh.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "thresh.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.thresh.name }}-deployment" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.thresh.name }}-deployment" + spec: + restartPolicy: Always + containers: + - name: thresh + image: "{{ .Values.thresh.image.repository }}:{{ .Values.thresh.image.tag }}" + imagePullPolicy: {{ .Values.thresh.image.pullPolicy }} + resources: +{{ toYaml .Values.thresh.resources | indent 12 }} + env: + - name: STORM_HOSTNAME_FROM_IP + value: "true" + - name: STORM_WAIT_RETRIES + value: "{{ .Values.thresh.wait.retries }}" + - name: STORM_WAIT_DELAY + value: "{{ .Values.thresh.wait.delay }}" + - name: STORM_WAIT_TIMEOUT + value: "{{ .Values.thresh.wait.timeout }}" + {{- if .Values.zookeeper.overrideUri }} + - name: ZOOKEEPER_SERVERS + value: "{{ (.Values.zookeeper.overrideUri | split ":")._0 }}" + - name: STORM_ZOOKEEPER_PORT + value: "{{ (.Values.zookeeper.overrideUri | split ":")._1 }}" + {{- else }} + - name: ZOOKEEPER_SERVERS + value: "{{ template "zookeeper.fullname" . }}" + - name: STORM_ZOOKEEPER_PORT + value: "2181" + {{- end }} + - name: NIMBUS_SEEDS + value: "{{ .Release.Name }}-nimbus" + - name: METRIC_SPOUT_THREADS + value: "{{ .Values.thresh.spout.metricSpoutThreads }}" + - name: METRIC_SPOUT_TASKS + value: "{{ .Values.thresh.spout.metricSpoutTasks }}" + - name: EVENT_SPOUT_THREADS + value: "{{ .Values.thresh.spout.eventSpoutThreads }}" + - name: EVENT_SPOUT_TASKS + value: "{{ .Values.thresh.spout.eventSpoutTasks }}" + - name: EVENT_BOLT_THREADS + value: "{{ .Values.thresh.bolt.eventBoltThreads }}" + - name: EVENT_BOLT_TASKS + value: "{{ .Values.thresh.bolt.eventBoltTasks }}" + - name: FILTERING_BOLT_THREADS + value: "{{ .Values.thresh.bolt.filteringBoltThreads }}" + - name: FILTERING_BOLT_TASKS + value: "{{ .Values.thresh.bolt.filteringBoltTasks }}" + - name: ALARM_CREATION_BOLT_THREADS + value: "{{ .Values.thresh.bolt.alarmCreationBoltThreads }}" + - name: ALARM_CREATION_BOLT_TASKS + value: "{{ .Values.thresh.bolt.alarmCreationBoltTasks }}" + - name: AGGREGATION_BOLT_THREADS + value: "{{ .Values.thresh.bolt.aggregationBoltThreads }}" + - name: AGGREGATION_BOLT_TASKS + value: "{{ .Values.thresh.bolt.aggregationBoltTasks }}" + - name: THRESHOLDING_BOLT_THREADS + value: "{{ .Values.thresh.bolt.thresholdingBoltThreads }}" + - name: THRESHOLDING_BOLT_TASKS + value: "{{ .Values.thresh.bolt.thresholdingBoltTasks }}" + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ .Release.Name }}-kafka:9092" + {{- end }} + - name: USE_SSL_ENABLED + value: "{{ .Values.thresh.use_ssl_enabled | default "false" }}" + - name: MYSQL_DB_HOST + {{- if .Values.thresh.mysql.host }} + {{- if eq (kindOf .Values.thresh.mysql.host) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.thresh.mysql.host.secret_name }}" + key: "{{ .Values.thresh.mysql.host.secret_key | default "host" }}" + {{- else }} + value: "{{ .Values.thresh.mysql.host }}" + {{- end}} + {{- else }} + value: "{{ .Release.Name }}-mysql" + {{- end}} + - name: MYSQL_DB_PORT +{{- include "monasca_secret_env" .Values.thresh.mysql.port | indent 14 }} + - name: MYSQL_DB_DATABASE + value: "mon" + - name: MYSQL_DB_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.thresh.mysql.username.secret_name }} + name: "{{ .Values.thresh.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-thresh-secret" + {{- end}} + key: "{{ .Values.thresh.mysql.username.secret_key | default "username" }}" + - name: MYSQL_DB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.thresh.mysql.password.secret_name }} + name: "{{ .Values.thresh.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-thresh-secret" + {{- end }} + key: "{{ .Values.thresh.mysql.password.secret_key | default "password" }}" + - name: NO_STORM_CLUSTER + value: "{{ .Values.thresh.use_local }}" + - name: WORKER_MAX_HEAP_MB + value: "{{ .Values.thresh.workerMaxHeapMB }}" + - name: JVM_MAX_HEAP_RATIO + value: {{ .Values.thresh.heap_ratio | quote }} + - name: THRESH_STACK_SIZE + value: {{ .Values.thresh.stack_size | quote }} + - name: JVM_MAX_RATIO + value: {{ .Values.thresh.memory_ratio | quote }} + {{- if .Values.thresh.jmx.enabled }} + - name: LOCAL_JMX + value: "true" + - name: LOCAL_JMX_PORT + value: {{ .Values.thresh.jmx.port | quote }} + {{- end }} +{{- end }} diff --git a/monasca/templates/thresh-init-job.yaml b/monasca/templates/thresh-init-job.yaml new file mode 100644 index 00000000..907e39e0 --- /dev/null +++ b/monasca/templates/thresh-init-job.yaml @@ -0,0 +1,119 @@ +{{- if .Values.storm.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "thresh.fullname" . }}-init-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.storm.thresh.name }}-init-job" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.storm.thresh.name }}-init-job" + spec: + restartPolicy: OnFailure + containers: + - name: {{ template "name" . }}-{{ .Values.storm.thresh.name }}-init-job + image: "{{ .Values.storm.thresh.image.repository }}:{{ .Values.storm.thresh.image.tag }}" + imagePullPolicy: {{ .Values.storm.thresh.image.pullPolicy }} + resources: +{{ toYaml .Values.storm.thresh.resources | indent 12 }} + env: + - name: STORM_HOSTNAME_FROM_IP + value: "true" + - name: STORM_WAIT_RETRIES + value: "{{ .Values.storm.thresh.wait.retries }}" + - name: STORM_WAIT_DELAY + value: "{{ .Values.storm.thresh.wait.delay }}" + - name: STORM_WAIT_TIMEOUT + value: "{{ .Values.storm.thresh.wait.timeout }}" + {{- if .Values.zookeeper.overrideUri }} + - name: ZOOKEEPER_SERVERS + value: "{{ (.Values.zookeeper.overrideUri | split ":")._0 }}" + - name: STORM_ZOOKEEPER_PORT + value: "{{ (.Values.zookeeper.overrideUri | split ":")._1 }}" + {{- else }} + - name: ZOOKEEPER_SERVERS + value: "{{ template "zookeeper.fullname" . }}" + - name: STORM_ZOOKEEPER_PORT + value: "2181" + {{- end }} + - name: NIMBUS_SEEDS + value: "{{ .Release.Name }}-storm-nimbus" + - name: METRIC_SPOUT_THREADS + value: "{{ .Values.storm.thresh.spout.metricSpoutThreads }}" + - name: METRIC_SPOUT_TASKS + value: "{{ .Values.storm.thresh.spout.metricSpoutTasks }}" + - name: EVENT_SPOUT_THREADS + value: "{{ .Values.storm.thresh.spout.eventSpoutThreads }}" + - name: EVENT_SPOUT_TASKS + value: "{{ .Values.storm.thresh.spout.eventSpoutTasks }}" + - name: EVENT_BOLT_THREADS + value: "{{ .Values.storm.thresh.bolt.eventBoltThreads }}" + - name: EVENT_BOLT_TASKS + value: "{{ .Values.storm.thresh.bolt.eventBoltTasks }}" + - name: FILTERING_BOLT_THREADS + value: "{{ .Values.storm.thresh.bolt.filteringBoltThreads }}" + - name: FILTERING_BOLT_TASKS + value: "{{ .Values.storm.thresh.bolt.filteringBoltTasks }}" + - name: ALARM_CREATION_BOLT_THREADS + value: "{{ .Values.storm.thresh.bolt.alarmCreationBoltThreads }}" + - name: ALARM_CREATION_BOLT_TASKS + value: "{{ .Values.storm.thresh.bolt.alarmCreationBoltTasks }}" + - name: AGGREGATION_BOLT_THREADS + value: "{{ .Values.storm.thresh.bolt.aggregationBoltThreads }}" + - name: AGGREGATION_BOLT_TASKS + value: "{{ .Values.storm.thresh.bolt.aggregationBoltTasks }}" + - name: THRESHOLDING_BOLT_THREADS + value: "{{ .Values.storm.thresh.bolt.thresholdingBoltThreads }}" + - name: THRESHOLDING_BOLT_TASKS + value: "{{ .Values.storm.thresh.bolt.thresholdingBoltTasks }}" + - name: KAFKA_URI + {{- if .Values.kafka.overrideUri }} + value: "{{ .Values.kafka.overrideUri }}" + {{- else }} + value: "{{ .Release.Name }}-kafka:9092" + {{- end }} + - name: USE_SSL_ENABLED + value: "{{ .Values.thresh.use_ssl_enabled | default "false" }}" + - name: MYSQL_DB_HOST + {{- if .Values.thresh.mysql.host }} + {{- if eq (kindOf .Values.thresh.mysql.host) "map" }} + valueFrom: + secretKeyRef: + name: "{{ .Values.thresh.mysql.host.secret_name }}" + key: "{{ .Values.thresh.mysql.host.secret_key | default "host" }}" + {{- else }} + value: "{{ .Values.thresh.mysql.host }}" + {{- end}} + {{- else }} + value: "{{ .Release.Name }}-mysql" + {{- end}} + - name: MYSQL_DB_PORT +{{- include "monasca_secret_env" .Values.thresh.mysql.port | indent 14 }} + - name: MYSQL_DB_DATABASE + value: "mon" + - name: MYSQL_DB_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.thresh.mysql.username.secret_name }} + name: "{{ .Values.thresh.mysql.username.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-thresh-secret" + {{- end}} + key: "{{ .Values.thresh.mysql.username.secret_key | default "username" }}" + - name: MYSQL_DB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.thresh.mysql.password.secret_name }} + name: "{{ .Values.thresh.mysql.password.secret_name }}" + {{- else }} + name: "{{ .Release.Name }}-mysql-thresh-secret" + {{- end}} + key: "{{ .Values.thresh.mysql.password.secret_key | default "password" }}" +{{- end }} diff --git a/monasca/values.yaml b/monasca/values.yaml new file mode 100644 index 00000000..773bc91d --- /dev/null +++ b/monasca/values.yaml @@ -0,0 +1,1650 @@ +mysql_init: + enabled: true + image: + repository: monasca/mysql-init + tag: 1.5.4 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 256Mi + cpu: 500m + disable_remote_root: false + keystone_db_enabled: true + create_mon_users: true + grafana_db_enabled: true + +influx_init: + enabled: true + image: + repository: monasca/influxdb-init + tag: 1.0.3 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 256Mi + cpu: 500m + shard_duration: 1d + default_retention: INF + +grafana_init: + image: + repository: monasca/grafana-init + tag: 1.2.1 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 256Mi + cpu: 500m + log_level: INFO + username: mini-mon + password: password + datasource: + type: monasca + access_mode: proxy + +influxdb: + enabled: true + image: + repo: "influxdb" + tag: "1.3.5-alpine" + pullPolicy: IfNotPresent + persistence: + enabled: false + storageClass: default # Set to storage being used + accessMode: ReadWriteOnce + size: 100Gi + resources: + requests: + memory: 256Mi + cpu: 0.1 + limits: + memory: 16Gi + cpu: 8 + config: + http: + bind_address: 8086 + data: + cache_max_memory_size: "1073741824" + +mysql: + enabled: true + imageTag: "5.6" + imagePullPolicy: IfNotPresent + persistence: + enabled: false + storageClass: default + accessMode: ReadWriteOnce + size: 10Gi + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 1Gi + cpu: 500m + mysqlRootPassword: secretmysql + users: + api: + username: monapi + password: password + notification: + username: notification + password: password + thresh: + username: thresh + password: password + keystone: + username: keystone + password: keystone + grafana: + username: grafana + password: password + +agent: + name: agent + + # an optional preexisting ServiceAccount to use + # to create a service account automatically for the agent, deploy with: + # rbac.create=true + serviceAccount: '' + + daemonset_enabled: true + deployment_enabled: true + daemonset_toleration: + enabled: false + termination_grace_period: 30 + collector: + image: + repository: monasca/agent-collector + tag: master-20180112-162543 + pullPolicy: IfNotPresent + check_freq: 30 + num_collector_threads: 1 + pool_full_max_retries: 4 + sub_collection_warn: 6 + forwarder: + image: + repository: monasca/agent-forwarder + tag: master-20180206-002800 + pullPolicy: IfNotPresent + max_batch_size: 0 + max_measurement_buffer_size: -1 + backlog_send_rate: 5 + non_local_traffic: "true" + log_level: WARN + insecure: False + keystone: + username: mini-mon + user_domain_name: Default + password: password + project_name: mini-mon + project_domain_name: Default + prometheus: + auto_detect_pod_endpoints: true + auto_detect_service_endpoints: true + kubernetes_labels: 'app' + timeout: 3 + kubernetes_api: + kubernetes_labels: 'app' + timeout: 3 + storage: + report: true + kubernetes: + kubernetes_labels: 'app' + timeout: 3 + enable_minimum_whitelist: false + cadvisor: + enabled: true + timeout: 3 + enable_minimum_whitelist: false + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 512Mi + cpu: 500m + plugins: + enabled: false + +api: + name: api + image: + repository: monasca/api + tag: master-20180105-072513 + pullPolicy: IfNotPresent + replicaCount: 1 + keystone: + username: admin + password: secretadmin + tenant_name: admin + identity_url: '' + auth_url: '' + mysql: + username: + secret_key: username + password: + secret_key: password + influxdb: + user: mon_api + password: password + database: mon + static_service: + enabled: false + type: ClusterIP + port: 8070 + name: monasca-api + service: + port: 8070 + type: ClusterIP + logging: + log_level_root: WARN + log_level_console: WARN + auth_disabled: false + side_container: + enabled: true + image: + repository: timothyb89/monasca-sidecar + tag: 1.0.0 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 1Gi + cpu: 2000m + gunicorn_workers: 1 + mysql_disabled: false + +memcached: + name: memcached + enabled: true + image: + repository: memcached + tag: 1.5.0-alpine + pullPolicy: IfNotPresent + replicaCount: 1 + service: + type: ClusterIP + resources: + requests: + memory: 32Mi + cpu: 50m + limits: + memory: 64Mi + cpu: 100m + +forwarder: + name: forwarder + enabled: false + image: + repository: monasca/forwarder + tag: 1.0.1 + pullPolicy: IfNotPresent + replicaCount: 1 + logging: + debug: false + verbose: true + config: + remote_api_url: http://monasca:8070/v2.0 + monasca_project_id: 3564760a3dd44ae9bd6618d442fd758c + use_insecure: false + monasca_role: monasca-agent + resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + metric_configuration: + forwarder_metric_match.yml: | + metrics_to_forward: + - name: kubernetes.node.allocatable.cpu_agg + - name: cpu.total_time_sec_agg + +grafana: + name: grafana + simple_name: false + enabled: true + image: + repository: monasca/grafana + tag: 4.0.0-1.4.1 + pullPolicy: IfNotPresent + service: + type: NodePort + port: 3000 + local_mysql_enabled: true + mysql: + username: + secret_key: username + password: + secret_key: password + port: 3306 + resources: + requests: + memory: 64Mi + cpu: 50m + limits: + memory: 128Mi + cpu: 100m + +keystone: + name: keystone + enabled: true + override: + public_url: '' + admin_url: '' + bootstrap: + user: admin + password: secretadmin + project: admin + role: admin + service: keystone + region: RegionOne + database_backend: mysql + image: + pullPolicy: IfNotPresent + tag: 1.1.3 + repository: monasca/keystone + mysql: + database: keystone + username: + secret_key: username + password: + secret_key: password + replicaCount: 1 + service: + type: ClusterIP + port: 35357 + admin_port: 5000 + static_service: + enabled: false + type: ClusterIP + port: 35357 + admin_port: 5000 + name: keystone + users: + mini_mon: + password: password + monasca_agent: + password: password + admin: + password: secretadmin + demo: + password: secretadmin + monasca_read_only: + password: password + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 1Gi + cpu: 500m + +notification: + name: notification + enabled: true + image: + repository: monasca/notification + tag: master-20171004-112434 + pullPolicy: IfNotPresent + replicaCount: 1 + mysql: + username: + secret_key: username + password: + secret_key: password + port: "3306" + log_level: WARN + plugins: pagerduty,webhook + plugin_config: + email: + defined: false + webhook: + timeout: 5 + slack: + timeout: 5 + hipchat: + timeout: 5 + resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 500m + +persister: + name: persister + image: + repository: monasca/persister + tag: master-20180111-234331 + pullPolicy: IfNotPresent + replicaCount: 1 + influxdb: + user: mon_persister + password: password + database: mon + logging: + debug: false + verbose: true + kafka: + metrics: + batch_size: 1000 + wait_time: 15 + alarm_history: + batch_size: 1000 + wait_time: 15 + resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m +storm: + name: storm + enabled: false + image: + repository: monasca/storm + tag: 1.1.1-1.0.11 + pullPolicy: IfNotPresent + persistence: + storageClass: default + enabled: false + accessMode: ReadWriteOnce + size: 4Gi + service: + type: ClusterIP + port: 6627 + nimbus_resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 2Gi + cpu: 500m + supervisor_resources: + requests: + memory: 2Gi + cpu: 250m + limits: + memory: 4Gi + cpu: 2000m + thresh: + name: thresh + image: + repository: monasca/thresh + tag: master-20171205-104226 + pullPolicy: IfNotPresent + mysql: + port: "3306" + resources: + requests: + memory: 256Mi + cpu: 256m + limits: + memory: 512Mi + cpu: 1000m + secretSuffix: mysql-thresh-secret + spout: + metricSpoutThreads: 2 + metricSpoutTasks: 2 + eventSpoutThreads: 2 + eventSpoutTasks: 2 + bolt: + eventBoltThreads: 2 + eventBoltTasks: 2 + filteringBoltThreads: 2 + filteringBoltTasks: 2 + alarmCreationBoltThreads: 2 + alarmCreationBoltTasks: 2 + aggregationBoltThreads: 2 + aggregationBoltTasks: 2 + thresholdingBoltThreads: 2 + thresholdingBoltTasks: 2 + wait: + retries: 24 + delay: 5 + timeout: 10 + +thresh: + name: thresh + enabled: true + use_local: true + image: + repository: monasca/thresh + tag: master-20171205-104226 + pullPolicy: IfNotPresent + resources: + requests: + memory: 256Mi + cpu: 256m + limits: + memory: 512Mi + cpu: 1000m + secretSuffix: mysql-thresh-secret + mysql: + username: + secret_key: username + password: + secret_key: password + port: 3306 + spout: + metricSpoutThreads: 2 + metricSpoutTasks: 2 + eventSpoutThreads: 2 + eventSpoutTasks: 2 + bolt: + eventBoltThreads: 2 + eventBoltTasks: 2 + filteringBoltThreads: 2 + filteringBoltTasks: 2 + alarmCreationBoltThreads: 2 + alarmCreationBoltTasks: 2 + aggregationBoltThreads: 2 + aggregationBoltTasks: 2 + thresholdingBoltThreads: 2 + thresholdingBoltTasks: 2 + jmx: + enabled: false + port: 9090 + wait: + retries: 24 + delay: 5 + timeout: 10 + memory_ratio: .85 + stack_size: 1024k + +alarms: + name: alarms + enabled: true + image: + repository: monasca/alarms + tag: 1.2.0 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 256Mi + cpu: 500m + wait: + enabled: true + retries: 24 + delay: 5 + keystone: + username: mini-mon + user_domain_name: Default + password: password + project_name: mini-mon + project_domain_name: Default + definitions_configuration: + definitions.yml.j2: | + notifications: + - name: "{{ NOTIFICATION_NAME | default('default') }}" + type: "{{ NOTIFICATION_TYPE | default('email') }}" + address: "{{ NOTIFICATION_ADDRESS | default('root@localhost') }}" + + alarm_definitions: + - name: "Kubernetes Node Ready Status" + expression: "max(kubernetes.node.ready_status) > 0" + description: "Alarms when the Kubernetes Node is not ready" + severity: "HIGH" + match_by: + - "hostname" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + - name: "Kubernetes Kubelet Status" + expression: "max(kubelet.health_status) > 0" + description: "Alarms when the kubelet has a bad health status" + severity: "HIGH" + match_by: + - "hostname" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + - name: "Kubernetes API Status" + expression: "max(kubernetes.api.health_status) > 0" + description: "Alarms when the Kubernetes API has a bad health status" + severity: "HIGH" + match_by: + - "hostname" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + - name: "Kubernetes Node Disk Pressure" + expression: "max(kubernetes.node.disk_pressure) > 0" + description: "Alarms when the Kubernetes node has memory pressure" + severity: "HIGH" + match_by: + - "hostname" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + - name: "Kubernetes Node CPU Pressure" + expression: "max(kubernetes.node.memory_pressure) > 0" + description: "Alarms when the Kubernetes node has disk pressure" + severity: "HIGH" + match_by: + - "hostname" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + - name: "Kubernetes Out Of Disk" + expression: "max(kubernetes.node.out_of_disk) > 0" + description: "Alarms when the Kubernetes node is out of disk" + severity: "HIGH" + match_by: + - "hostname" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + - name: "Kubernetes Component Status" + expression: "max(kubernetes.component_status) > 0" + description: "Alarms when a Kubernetes component has a bad status" + severity: "HIGH" + match_by: + - "component_name" + alarm_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + ok_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + undetermined_actions: + - "{{ NOTIFICATION_NAME | default('default') }}" + +client: + name: client + enabled: false + image: + repository: monasca/client + tag: 1.6.0 + pullPolicy: IfNotPresent + resources: + requests: + memory: 64Mi + cpu: 200m + limits: + memory: 128Mi + cpu: 500m + keystone: + username: mini-mon + password: password + user_domain_name: Default + project_name: mini-mon + project_domain_name: Default + +rbac: + create: false + +cleanup: + name: cleanup + + # an optional preexisting ServiceAccount to use + # to create a service account for the job automatically, deploy with: + # rbac.create=true + serviceAccount: '' + image: + repository: monasca/job-cleanup + tag: 1.2.1 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 256Mi + cpu: 500m + wait: + retries: "24" + delay: "5.0" + timeout: "10" + +aggregator: + enabled: true + name: aggregator + image: + repository: monasca/aggregator + tag: 0.2.0 + pullPolicy: IfNotPresent + window_size: 60 + window_lag: 2 + resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 250m + metric_configuration: + aggregation-specifications.yaml: | + aggregationSpecifications: + - aggregatedMetricName: deployment.cpu.system_time_agg + filteredMetricName: pod.cpu.system_time + function: max + groupedDimensions: [deployment, pod_name] + name: cpu.system_time + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.cpu.system_time_agg + filteredMetricName: pod.cpu.system_time + function: max + groupedDimensions: [daemon_set, pod_name] + name: cpu.system_time + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.cpu.system_time_agg + filteredMetricName: pod.cpu.system_time + function: max + groupedDimensions: [namespace, pod_name] + name: cpu.system_time + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.cpu.system_time_agg + filteredMetricName: pod.cpu.system_time + function: max + groupedDimensions: [pod_name] + name: cpu.system_time + rollup: {function: sum} + - aggregatedMetricName: deployment.cpu.system_time_sec_agg + filteredMetricName: pod.cpu.system_time_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: cpu.system_time_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.cpu.system_time_sec_agg + filteredMetricName: pod.cpu.system_time_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: cpu.system_time_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.cpu.system_time_sec_agg + filteredMetricName: pod.cpu.system_time_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: cpu.system_time_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.cpu.system_time_sec_agg + filteredMetricName: pod.cpu.system_time_sec + function: avg + groupedDimensions: [pod_name] + name: cpu.system_time_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.cpu.total_time_agg + filteredMetricName: pod.cpu.total_time + function: max + groupedDimensions: [deployment, pod_name] + name: cpu.total_time + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.cpu.total_time_agg + filteredMetricName: pod.cpu.total_time + function: max + groupedDimensions: [daemon_set, pod_name] + name: cpu.total_time + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.cpu.total_time_agg + filteredMetricName: pod.cpu.total_time + function: max + groupedDimensions: [namespace, pod_name] + name: cpu.total_time + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.cpu.total_time_agg + filteredMetricName: pod.cpu.total_time + function: max + groupedDimensions: [pod_name] + name: cpu.total_time + rollup: {function: sum} + - aggregatedMetricName: deployment.cpu.total_time_sec_agg + filteredMetricName: pod.cpu.total_time_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: cpu.total_time_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.cpu.total_time_sec_agg + filteredMetricName: pod.cpu.total_time_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: cpu.total_time_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.cpu.total_time_sec_agg + filteredMetricName: pod.cpu.total_time_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: cpu.total_time_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.cpu.total_time_sec_agg + filteredMetricName: pod.cpu.total_time_sec + function: avg + groupedDimensions: [pod_name] + name: cpu.total_time_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.cpu.user_time_agg + filteredMetricName: pod.cpu.user_time + function: max + groupedDimensions: [deployment, pod_name] + name: cpu.user_time + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.cpu.user_time_agg + filteredMetricName: pod.cpu.user_time + function: max + groupedDimensions: [daemon_set, pod_name] + name: cpu.user_time + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.cpu.user_time_agg + filteredMetricName: pod.cpu.user_time + function: max + groupedDimensions: [namespace, pod_name] + name: cpu.user_time + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.cpu.user_time_agg + filteredMetricName: pod.cpu.user_time + function: max + groupedDimensions: [pod_name] + name: cpu.user_time + rollup: {function: sum} + - aggregatedMetricName: deployment.cpu.user_time_sec_agg + filteredMetricName: pod.cpu.user_time_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: cpu.user_time_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.cpu.user_time_sec_agg + filteredMetricName: pod.cpu.user_time_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: cpu.user_time_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.cpu.user_time_sec_agg + filteredMetricName: pod.cpu.user_time_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: cpu.user_time_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.cpu.user_time_sec_agg + filteredMetricName: pod.cpu.user_time_sec + function: avg + groupedDimensions: [pod_name] + name: cpu.user_time_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.mem.cache_bytes_agg + filteredMetricName: pod.mem.cache_bytes + function: avg + groupedDimensions: [deployment, pod_name] + name: mem.cache_bytes + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.mem.cache_bytes_agg + filteredMetricName: pod.mem.cache_bytes + function: avg + groupedDimensions: [daemon_set, pod_name] + name: mem.cache_bytes + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.mem.cache_bytes_agg + filteredMetricName: pod.mem.cache_bytes + function: avg + groupedDimensions: [namespace, pod_name] + name: mem.cache_bytes + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.mem.cache_bytes_agg + filteredMetricName: pod.mem.cache_bytes + function: avg + groupedDimensions: [pod_name] + name: mem.cache_bytes + rollup: {function: sum} + - aggregatedMetricName: deployment.mem.fail_count_agg + filteredMetricName: pod.mem.fail_count + function: avg + groupedDimensions: [deployment, pod_name] + name: mem.fail_count + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.mem.fail_count_agg + filteredMetricName: pod.mem.fail_count + function: avg + groupedDimensions: [daemon_set, pod_name] + name: mem.fail_count + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.mem.fail_count_agg + filteredMetricName: pod.mem.fail_count + function: avg + groupedDimensions: [namespace, pod_name] + name: mem.fail_count + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.mem.fail_count_agg + filteredMetricName: pod.mem.fail_count + function: avg + groupedDimensions: [pod_name] + name: mem.fail_count + rollup: {function: sum} + - aggregatedMetricName: deployment.mem.rss_bytes_agg + filteredMetricName: pod.mem.rss_bytes + function: avg + groupedDimensions: [deployment, pod_name] + name: mem.rss_bytes + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.mem.rss_bytes_agg + filteredMetricName: pod.mem.rss_bytes + function: avg + groupedDimensions: [daemon_set, pod_name] + name: mem.rss_bytes + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.mem.rss_bytes_agg + filteredMetricName: pod.mem.rss_bytes + function: avg + groupedDimensions: [namespace, pod_name] + name: mem.rss_bytes + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.mem.rss_bytes_agg + filteredMetricName: pod.mem.rss_bytes + function: avg + groupedDimensions: [pod_name] + name: mem.rss_bytes + rollup: {function: sum} + - aggregatedMetricName: deployment.mem.swap_bytes_agg + filteredMetricName: pod.mem.swap_bytes + function: avg + groupedDimensions: [deployment, pod_name] + name: mem.swap_bytes + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.mem.swap_bytes_agg + filteredMetricName: pod.mem.swap_bytes + function: avg + groupedDimensions: [daemon_set, pod_name] + name: mem.swap_bytes + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.mem.swap_bytes_agg + filteredMetricName: pod.mem.swap_bytes + function: avg + groupedDimensions: [namespace, pod_name] + name: mem.swap_bytes + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.mem.swap_bytes_agg + filteredMetricName: pod.mem.swap_bytes + function: avg + groupedDimensions: [pod_name] + name: mem.swap_bytes + rollup: {function: sum} + - aggregatedMetricName: deployment.mem.used_bytes_agg + filteredMetricName: pod.mem.used_bytes + function: avg + groupedDimensions: [deployment, pod_name] + name: mem.used_bytes + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.mem.used_bytes_agg + filteredMetricName: pod.mem.used_bytes + function: avg + groupedDimensions: [daemon_set, pod_name] + name: mem.used_bytes + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.mem.used_bytes_agg + filteredMetricName: pod.mem.used_bytes + function: avg + groupedDimensions: [namespace, pod_name] + name: mem.used_bytes + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.mem.used_bytes_agg + filteredMetricName: pod.mem.used_bytes + function: avg + groupedDimensions: [pod_name] + name: mem.used_bytes + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_bytes_agg + filteredMetricName: pod.net.in_bytes + function: max + groupedDimensions: [deployment, pod_name] + name: net.in_bytes + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_bytes_agg + filteredMetricName: pod.net.in_bytes + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.in_bytes + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_bytes_agg + filteredMetricName: pod.net.in_bytes + function: max + groupedDimensions: [namespace, pod_name] + name: net.in_bytes + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_bytes_agg + filteredMetricName: pod.net.in_bytes + function: max + groupedDimensions: [pod_name] + name: net.in_bytes + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_bytes_sec_agg + filteredMetricName: pod.net.in_bytes_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.in_bytes_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_bytes_sec_agg + filteredMetricName: pod.net.in_bytes_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.in_bytes_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_bytes_sec_agg + filteredMetricName: pod.net.in_bytes_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.in_bytes_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_bytes_sec_agg + filteredMetricName: pod.net.in_bytes_sec + function: avg + groupedDimensions: [pod_name] + name: net.in_bytes_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_dropped_packets_agg + filteredMetricName: pod.net.in_dropped_packets + function: max + groupedDimensions: [deployment, pod_name] + name: net.in_dropped_packets + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_dropped_packets_agg + filteredMetricName: pod.net.in_dropped_packets + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.in_dropped_packets + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_dropped_packets_agg + filteredMetricName: pod.net.in_dropped_packets + function: max + groupedDimensions: [namespace, pod_name] + name: net.in_dropped_packets + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_dropped_packets_agg + filteredMetricName: pod.net.in_dropped_packets + function: max + groupedDimensions: [pod_name] + name: net.in_dropped_packets + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_dropped_packets_sec_agg + filteredMetricName: pod.net.in_dropped_packets_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.in_dropped_packets_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_dropped_packets_sec_agg + filteredMetricName: pod.net.in_dropped_packets_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.in_dropped_packets_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_dropped_packets_sec_agg + filteredMetricName: pod.net.in_dropped_packets_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.in_dropped_packets_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_dropped_packets_sec_agg + filteredMetricName: pod.net.in_dropped_packets_sec + function: avg + groupedDimensions: [pod_name] + name: net.in_dropped_packets_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_errors_agg + filteredMetricName: pod.net.in_errors + function: max + groupedDimensions: [deployment, pod_name] + name: net.in_errors + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_errors_agg + filteredMetricName: pod.net.in_errors + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.in_errors + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_errors_agg + filteredMetricName: pod.net.in_errors + function: max + groupedDimensions: [namespace, pod_name] + name: net.in_errors + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_errors_agg + filteredMetricName: pod.net.in_errors + function: max + groupedDimensions: [pod_name] + name: net.in_errors + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_errors_sec_agg + filteredMetricName: pod.net.in_errors_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.in_errors_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_errors_sec_agg + filteredMetricName: pod.net.in_errors_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.in_errors_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_errors_sec_agg + filteredMetricName: pod.net.in_errors_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.in_errors_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_errors_sec_agg + filteredMetricName: pod.net.in_errors_sec + function: avg + groupedDimensions: [pod_name] + name: net.in_errors_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_packets_agg + filteredMetricName: pod.net.in_packets + function: max + groupedDimensions: [deployment, pod_name] + name: net.in_packets + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_packets_agg + filteredMetricName: pod.net.in_packets + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.in_packets + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_packets_agg + filteredMetricName: pod.net.in_packets + function: max + groupedDimensions: [namespace, pod_name] + name: net.in_packets + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_packets_agg + filteredMetricName: pod.net.in_packets + function: max + groupedDimensions: [pod_name] + name: net.in_packets + rollup: {function: sum} + - aggregatedMetricName: deployment.net.in_packets_sec_agg + filteredMetricName: pod.net.in_packets_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.in_packets_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.in_packets_sec_agg + filteredMetricName: pod.net.in_packets_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.in_packets_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.in_packets_sec_agg + filteredMetricName: pod.net.in_packets_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.in_packets_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.in_packets_sec_agg + filteredMetricName: pod.net.in_packets_sec + function: avg + groupedDimensions: [pod_name] + name: net.in_packets_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_bytes_agg + filteredMetricName: pod.net.out_bytes + function: max + groupedDimensions: [deployment, pod_name] + name: net.out_bytes + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_bytes_agg + filteredMetricName: pod.net.out_bytes + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.out_bytes + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_bytes_agg + filteredMetricName: pod.net.out_bytes + function: max + groupedDimensions: [namespace, pod_name] + name: net.out_bytes + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_bytes_agg + filteredMetricName: pod.net.out_bytes + function: max + groupedDimensions: [pod_name] + name: net.out_bytes + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_bytes_sec_agg + filteredMetricName: pod.net.out_bytes_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.out_bytes_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_bytes_sec_agg + filteredMetricName: pod.net.out_bytes_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.out_bytes_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_bytes_sec_agg + filteredMetricName: pod.net.out_bytes_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.out_bytes_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_bytes_sec_agg + filteredMetricName: pod.net.out_bytes_sec + function: avg + groupedDimensions: [pod_name] + name: net.out_bytes_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_dropped_packets_agg + filteredMetricName: pod.net.out_dropped_packets + function: max + groupedDimensions: [deployment, pod_name] + name: net.out_dropped_packets + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_dropped_packets_agg + filteredMetricName: pod.net.out_dropped_packets + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.out_dropped_packets + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_dropped_packets_agg + filteredMetricName: pod.net.out_dropped_packets + function: max + groupedDimensions: [namespace, pod_name] + name: net.out_dropped_packets + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_dropped_packets_agg + filteredMetricName: pod.net.out_dropped_packets + function: max + groupedDimensions: [pod_name] + name: net.out_dropped_packets + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_dropped_packets_sec_agg + filteredMetricName: pod.net.out_dropped_packets_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.out_dropped_packets_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_dropped_packets_sec_agg + filteredMetricName: pod.net.out_dropped_packets_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.out_dropped_packets_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_dropped_packets_sec_agg + filteredMetricName: pod.net.out_dropped_packets_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.out_dropped_packets_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_dropped_packets_sec_agg + filteredMetricName: pod.net.out_dropped_packets_sec + function: avg + groupedDimensions: [pod_name] + name: net.out_dropped_packets_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_errors_agg + filteredMetricName: pod.net.out_errors + function: max + groupedDimensions: [deployment, pod_name] + name: net.out_errors + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_errors_agg + filteredMetricName: pod.net.out_errors + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.out_errors + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_errors_agg + filteredMetricName: pod.net.out_errors + function: max + groupedDimensions: [namespace, pod_name] + name: net.out_errors + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_errors_agg + filteredMetricName: pod.net.out_errors + function: max + groupedDimensions: [pod_name] + name: net.out_errors + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_errors_sec_agg + filteredMetricName: pod.net.out_errors_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.out_errors_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_errors_sec_agg + filteredMetricName: pod.net.out_errors_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.out_errors_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_errors_sec_agg + filteredMetricName: pod.net.out_errors_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.out_errors_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_errors_sec_agg + filteredMetricName: pod.net.out_errors_sec + function: avg + groupedDimensions: [pod_name] + name: net.out_errors_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_packets_agg + filteredMetricName: pod.net.out_packets + function: max + groupedDimensions: [deployment, pod_name] + name: net.out_packets + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_packets_agg + filteredMetricName: pod.net.out_packets + function: max + groupedDimensions: [daemon_set, pod_name] + name: net.out_packets + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_packets_agg + filteredMetricName: pod.net.out_packets + function: max + groupedDimensions: [namespace, pod_name] + name: net.out_packets + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_packets_agg + filteredMetricName: pod.net.out_packets + function: max + groupedDimensions: [pod_name] + name: net.out_packets + rollup: {function: sum} + - aggregatedMetricName: deployment.net.out_packets_sec_agg + filteredMetricName: pod.net.out_packets_sec + function: avg + groupedDimensions: [deployment, pod_name] + name: net.out_packets_sec + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.net.out_packets_sec_agg + filteredMetricName: pod.net.out_packets_sec + function: avg + groupedDimensions: [daemon_set, pod_name] + name: net.out_packets_sec + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.net.out_packets_sec_agg + filteredMetricName: pod.net.out_packets_sec + function: avg + groupedDimensions: [namespace, pod_name] + name: net.out_packets_sec + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.net.out_packets_sec_agg + filteredMetricName: pod.net.out_packets_sec + function: avg + groupedDimensions: [pod_name] + name: net.out_packets_sec + rollup: {function: sum} + - aggregatedMetricName: deployment.restart_count_agg + filteredMetricName: pod.restart_count + function: max + groupedDimensions: [deployment, pod_name] + name: restart_count + rollup: + function: sum + groupedDimensions: [deployment] + - aggregatedMetricName: daemon_set.restart_count_agg + filteredMetricName: pod.restart_count + function: max + groupedDimensions: [daemon_set, pod_name] + name: restart_count + rollup: + function: sum + groupedDimensions: [daemon_set] + - aggregatedMetricName: namespace.restart_count_agg + filteredMetricName: pod.restart_count + function: max + groupedDimensions: [namespace, pod_name] + name: restart_count + rollup: + function: sum + groupedDimensions: [namespace] + - aggregatedMetricName: cluster.restart_count_agg + filteredMetricName: pod.restart_count + function: max + groupedDimensions: [pod_name] + name: restart_count + rollup: {function: sum} + +tempest_tests: + name: tempest-tests + enabled: False + image: + repository: monasca/tempest-tests + tag: 1.0.2 + pullPolicy: IfNotPresent + wait: + enabled: True + retries: 24 + delay: 5 + keystone: + os_username: mini-mon + os_password: password + os_tenant_name: mini-mon + os_domain_name: Default + alt_username: mini-mon + alt_password: password + alt_tenant_name: mini-mon + auth_use_ssl: False + keystone_server: keystone + keystone_port: 35357 + use_dynamic_creds: True + admin_project_name: mini-mon + admin_username: mini-mon + admin_password: password + admin_domain_name: Default + ostestr_regex: monasca_tempest_tests + stay_alive_on_failure: False + +smoke_tests: + name: smoke-tests + enabled: True + image: + repository: monasca/smoke-tests + tag: 1.0.3 + pullPolicy: IfNotPresent + resources: + requests: + memory: 64Mi + cpu: 100m + limits: + memory: 128Mi + cpu: 500m + keystone: + username: mini-mon + password: password + tenant_name: mini-mon + domain_name: Default + +alarm_definition_controller: + name: adc + controller_enabled: false + resource_enabled: false + image: + repository: monasca/alarm-definition-controller + tag: 1.1.0 + pullPolicy: IfNotPresent + resources: + requests: + memory: 16Mi + cpu: 20m + limits: + memory: 32Mi + cpu: 35m + keystone: + username: mini-mon + password: password + tenant_name: mini-mon + domain_name: Default + namespace: '' + version: v1 + +kafka: + enabled: true + overrideUri: '' + init: + topics: + - metrics:64:1 + - alarm-state-transitions:12:1 + - alarm-notifications:12:1 + - retry-notifications:3:1 + - events:12:1 + - 60-seconds-notifications:3:1 + - kafka-health-check:1:1 + +zookeeper: + enabled: true + overrideUri: '' diff --git a/mysql-users-init/.helmignore b/mysql-users-init/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/mysql-users-init/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/mysql-users-init/Chart.yaml b/mysql-users-init/Chart.yaml new file mode 100644 index 00000000..f29ebc78 --- /dev/null +++ b/mysql-users-init/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: Chart to initialize users and databases in MySQL +name: mysql-users-init +version: 0.2.1 diff --git a/mysql-users-init/templates/NOTES.txt b/mysql-users-init/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/mysql-users-init/templates/_helpers.tpl b/mysql-users-init/templates/_helpers.tpl new file mode 100644 index 00000000..3c563cec --- /dev/null +++ b/mysql-users-init/templates/_helpers.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified cleanup name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "cleanup.fullname" -}} +{{- printf "%s-%s" .Release.Name "cleanup" | trunc 63 -}} +{{- end -}} + +{{- /* +Read a single optional secret or string from values into an `env` `value:` or +`valueFrom:`, depending on the user-defined content of the value. + +Example: + - name: OS_AUTH_URL +{{ include "mysql_users_secret_env" .Values.auth.url | indent 4 }} + +Make sure to change the name of this template when copying to keep it unique, +e.g. chart_name_secret_env. +*/}} +{{- define "mysql_users_init_secret_env" -}} +{{- if eq (kindOf .) "map" -}} +valueFrom: + secretKeyRef: + name: "{{ .secret_name }}" + key: "{{ .secret_key }}" +{{- else -}} +value: "{{ . }}" +{{- end -}} +{{- end -}} diff --git a/mysql-users-init/templates/cleanup-hook.yaml b/mysql-users-init/templates/cleanup-hook.yaml new file mode 100644 index 00000000..6cfc5176 --- /dev/null +++ b/mysql-users-init/templates/cleanup-hook.yaml @@ -0,0 +1,47 @@ +apiVersion: batch/v1 +kind: Job +metadata: + # while not recommended, we add a random sequence to the end of the job name + # this job will attempt to delete itself when finished, but should it fail for + # some reason we don't want future upgrades to fail because of a name conflict + # (plus the future runs of this job will delete any previous iterations that + # failed to clean themselves up) + name: "{{ template "cleanup.fullname" . }}-job-{{ randAlphaNum 5 | lower }}" + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,post-delete + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.cleanup.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + restartPolicy: OnFailure + containers: + - name: {{ template "name" . }}-{{ .Values.cleanup.name }}-job + image: "{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}" + imagePullPolicy: {{ .Values.cleanup.image.pullPolicy }} + resources: +{{ toYaml .Values.cleanup.resources | indent 12 }} + env: + - name: "WAIT_RETRIES" + value: "{{ .Values.cleanup.wait.retries }}" + - name: "WAIT_DELAY" + value: "{{ .Values.cleanup.wait.delay }}" + - name: "WAIT_TIMEOUT" + value: "{{ .Values.cleanup.wait.timeout }}" + {{- if .Values.cleanup.serviceAccount }} + serviceAccountName: {{ .Values.cleanup.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "cleanup.fullname" . }}" + {{- end }} diff --git a/mysql-users-init/templates/cleanup-role.yaml b/mysql-users-init/templates/cleanup-role.yaml new file mode 100644 index 00000000..6240a8ff --- /dev/null +++ b/mysql-users-init/templates/cleanup-role.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: Role +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete", "patch"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "delete"] +{{- end }} diff --git a/mysql-users-init/templates/cleanup-rolebinding.yaml b/mysql-users-init/templates/cleanup-rolebinding.yaml new file mode 100644 index 00000000..92d88a03 --- /dev/null +++ b/mysql-users-init/templates/cleanup-rolebinding.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ template "cleanup.fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ template "cleanup.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/mysql-users-init/templates/cleanup-serviceaccount.yaml b/mysql-users-init/templates/cleanup-serviceaccount.yaml new file mode 100644 index 00000000..c021a7fa --- /dev/null +++ b/mysql-users-init/templates/cleanup-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.cleanup.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "cleanup.fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.cleanup.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/mysql-users-init/templates/mysql-users-init-job.yaml b/mysql-users-init/templates/mysql-users-init-job.yaml new file mode 100644 index 00000000..b90907ea --- /dev/null +++ b/mysql-users-init/templates/mysql-users-init-job.yaml @@ -0,0 +1,52 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-job + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.mysql_users_init.name }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: +{{- if .Values.mysql_users_init.deadline }} + activeDeadlineSeconds: {{ .Values.mysql_users_init.deadline }} +{{- end }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.mysql_users_init.name }}" + spec: + restartPolicy: OnFailure + volumes: + - name: preload-config + configMap: + name: "{{ template "fullname" . }}-preload" + containers: + - name: {{ template "fullname" . }}-job + image: "{{ .Values.mysql_users_init.image.repository }}:{{ .Values.mysql_users_init.image.tag }}" + imagePullPolicy: {{ .Values.mysql_users_init.image.pullPolicy }} + resources: +{{ toYaml .Values.mysql_users_init.resources | indent 12 }} + env: + - name: LOG_LEVEL + value: {{ .Values.mysql_users_init.log_level }} + - name: MYSQL_INIT_HOST +{{ include "mysql_users_init_secret_env" .Values.mysql_users_init.mysql.host | indent 14 }} + - name: MYSQL_INIT_PORT +{{ include "mysql_users_init_secret_env" .Values.mysql_users_init.mysql.port | indent 14 }} + - name: MYSQL_INIT_USERNAME +{{ include "mysql_users_init_secret_env" .Values.mysql_users_init.mysql.username | indent 14 }} + - name: MYSQL_INIT_PASSWORD +{{ include "mysql_users_init_secret_env" .Values.mysql_users_init.mysql.password | indent 14 }} + - name: PRELOAD_PATH + value: "/config/preload.yml" + volumeMounts: + - name: preload-config + mountPath: /config + {{- if .Values.mysql_users_init.serviceAccount }} + serviceAccountName: {{ .Values.mysql_users_init.serviceAccount | quote }} + {{- else if .Values.rbac.create }} + serviceAccountName: "{{ template "fullname" . }}" + {{- end }} diff --git a/mysql-users-init/templates/mysql-users-init-role.yaml b/mysql-users-init/templates/mysql-users-init-role.yaml new file mode 100644 index 00000000..631eebe2 --- /dev/null +++ b/mysql-users-init/templates/mysql-users-init-role.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.rbac.create) (not .Values.mysql_users_init.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: Role +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.mysql_users_init.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "create"] +{{- end }} diff --git a/mysql-users-init/templates/mysql-users-init-rolebinding.yaml b/mysql-users-init/templates/mysql-users-init-rolebinding.yaml new file mode 100644 index 00000000..cad0fa4c --- /dev/null +++ b/mysql-users-init/templates/mysql-users-init-rolebinding.yaml @@ -0,0 +1,26 @@ +{{- if and (.Values.rbac.create) (not .Values.mysql_users_init.serviceAccount) }} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} +apiVersion: rbac.authorization.k8s.io/v1alpha1 +{{- end }} +kind: RoleBinding +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.mysql_users_init.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: "{{ .Release.Namespace }}" +roleRef: + kind: Role + name: {{ template "fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/mysql-users-init/templates/mysql-users-init-serviceaccount.yaml b/mysql-users-init/templates/mysql-users-init-serviceaccount.yaml new file mode 100644 index 00000000..3143bda6 --- /dev/null +++ b/mysql-users-init/templates/mysql-users-init-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.rbac.create) (not .Values.mysql_users_init.serviceAccount) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Values.mysql_users_init.name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- end }} diff --git a/mysql-users-init/templates/mysql-users-preload-configmap.yaml b/mysql-users-init/templates/mysql-users-preload-configmap.yaml new file mode 100644 index 00000000..0932e0a9 --- /dev/null +++ b/mysql-users-init/templates/mysql-users-preload-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "fullname" . }}-preload" + labels: + app: "{{ template "fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + preload.yml: | +{{ toYaml .Values.mysql_users_init.preload | indent 4 }} diff --git a/mysql-users-init/values.yaml b/mysql-users-init/values.yaml new file mode 100644 index 00000000..9861fa80 --- /dev/null +++ b/mysql-users-init/values.yaml @@ -0,0 +1,72 @@ +# Default values for mysql-users-init. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +mysql_users_init: + name: job + + # an optional preexisting serviceAccount to use + # to create a service account with the deployment, + # deploy with rbac.create=true + serviceAccount: '' + + image: + repository: monasca/mysql-users-init + tag: 1.1.0 + pullPolicy: IfNotPresent + + # general options for the init job + log_level: INFO # python logging level + + # mysql connection details for this component + # note that these options allow the init container to connect to mysql and + # the referenced account must already exist + # each parameter may either be specified directly as a string OR reference a + # secret + # example: + # # plaintext (will be stored in Helm's ConfigMap) + # password: 'some-plaintext-password' + # + # # secret ref + # password: + # secret_name: some-secret-name + # secret_key: some-key + mysql: + host: mysql + port: '3306' + username: root + password: password + + preload: + users: [] + databases: [] + + # container resource limits and requests + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +cleanup: + name: cleanup + serviceAccount: '' + image: + repository: monasca/job-cleanup + tag: 1.2.1 + pullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi + cpu: 200m + limits: + memory: 128Mi + cpu: 250m + wait: + retries: "24" + delay: "5.0" + timeout: "10" + +rbac: + create: false diff --git a/storm/.helmignore b/storm/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/storm/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/storm/Chart.yaml b/storm/Chart.yaml new file mode 100644 index 00000000..d2b3e2fb --- /dev/null +++ b/storm/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: Apache Storm configured for Monasca +name: storm +version: 0.5.3 diff --git a/storm/README.md b/storm/README.md new file mode 100644 index 00000000..6cb8dc11 --- /dev/null +++ b/storm/README.md @@ -0,0 +1,41 @@ +`monasca/storm` Chart +===================== + +This chart deploys the [`monasca/storm`][1] container to a Kubernetes cluster. + +Configuration +------------- + +Parameter | Description | Default +--------- | ----------- | ------- +`storm.name` | Storm container name | `storm` +`storm.image.repository` | Storm container image repository | `monasca/storm` +`storm.image.tag` | Storm container image tag | `1.0.3` +`storm.image.pullPolicy` | Storm container image pull policy | `Always` +`storm.persistence.storageClass` | Zookeeper storage class | `default` +`storm.persistence.enabled` | Zookeeper persistent storage enabled flag | `false` +`storm.persistence.accessMode` | Zookeeper persistent storage accessMode | `ReadWriteOnce` +`storm.persistence.size` | Zookeeper persistent storage size | `10Gi` +`storm.service.port` | Storm nimbus service port | `6627` +`storm.service.type` | Storm nimbus service type | `ClusterIP` +`storm.supervisor_ports` | Storm Supervisor ports (number of workers) | `6701,6702` +`storm.nimbus_resources.requests.memory` | Memory request per Storm container | `512Mi` +`storm.nimbus_resources.requests.cpu` | CPU request per Storm container | `100m` +`storm.nimbus_resources.limits.memory` | Memory limit per Storm container | `2Gi` +`storm.nimbus_resources.limits.cpu` | Memory limit per Storm container | `500m` +`storm.supervisor_resources.requests.memory` | Memory request per Storm container | `2Gi` +`storm.supervisor_resources.requests.cpu` | CPU request per Storm container | `500m` +`storm.supervisor_resources.limits.memory` | Memory limit per Storm container | `4Gi` +`storm.supervisor_resources.limits.cpu` | Memory limit per Storm container | `2000m` + +Additional options are available when deployed alongside [`monasca-thresh`][2]: + +Parameter | Description | Default +--------- | ----------- | ------- +`kafka.service.port` | Kafka port | `9092` +`kafka.zookeeper.service.port` | ZooKeeper port to use | `2181` +`thresh.spout.metricSpoutThreads` | Number of metric spout threads | `2` +`thresh.spout.metricSpoutTasks` | Number of metric spout tasks | `2` + +[1]: https://github.com/hpcloud-mon/monasca-docker/tree/master/storm +[2]: https://github.com/hpcloud-mon/monasca-helm/tree/master/monasca#threshold-engine diff --git a/storm/templates/NOTES.txt b/storm/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/storm/templates/_helpers.tpl b/storm/templates/_helpers.tpl new file mode 100644 index 00000000..479981d1 --- /dev/null +++ b/storm/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified storm-nimbus name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "storm.fullname" -}} +{{- printf "%s-%s" .Release.Name "storm" | trunc 63 -}} +{{- end -}} diff --git a/storm/templates/nimbus-deployment.yaml b/storm/templates/nimbus-deployment.yaml new file mode 100644 index 00000000..8c82c9b2 --- /dev/null +++ b/storm/templates/nimbus-deployment.yaml @@ -0,0 +1,50 @@ +{{- if .Values.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "storm.fullname" . }}-nimbus + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.name }}-nimbus" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.name }}-nimbus" + spec: + containers: + - name: {{ template "name" . }}-{{ .Values.name }}-nimbus + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["storm", "nimbus"] + resources: +{{ toYaml .Values.nimbus_resources | indent 12 }} + ports: + - containerPort: {{ .Values.service.port }} + name: nimbus + env: + - name: STORM_LOCAL_HOSTNAME + value: "{{ .Release.Name }}-storm-nimbus" + - name: ZOOKEEPER_SERVERS + value: "{{ .Release.Name }}-zookeeper" + - name: STORM_ZOOKEEPER_PORT + value: "2181" + - name: NIMBUS_SEEDS + value: "{{ template "storm.fullname" . }}-nimbus" + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ template "storm.fullname" . }}-nimbus + {{- else }} + emptyDir: {} + {{- end -}} +{{- end}} diff --git a/storm/templates/nimbus-pvc.yaml b/storm/templates/nimbus-pvc.yaml new file mode 100644 index 00000000..58de82fd --- /dev/null +++ b/storm/templates/nimbus-pvc.yaml @@ -0,0 +1,21 @@ +{{- if .Values.enabled }} +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "storm.fullname" . }}-nimbus + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.name }}-nimbus" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} +{{- end }} diff --git a/storm/templates/nimbus-svc.yaml b/storm/templates/nimbus-svc.yaml new file mode 100644 index 00000000..5af7746c --- /dev/null +++ b/storm/templates/nimbus-svc.yaml @@ -0,0 +1,20 @@ +{{- if .Values.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "storm.fullname" . }}-nimbus + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.name }}-nimbus" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.service.type }} + ports: + - name: nimbus + port: {{ .Values.service.port }} + selector: + app: {{ template "fullname" . }} + component: "{{ .Values.name }}-nimbus" +{{- end}} diff --git a/storm/templates/supervisor-deployment.yaml b/storm/templates/supervisor-deployment.yaml new file mode 100644 index 00000000..743ae0c3 --- /dev/null +++ b/storm/templates/supervisor-deployment.yaml @@ -0,0 +1,60 @@ +{{- if .Values.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "storm.fullname" . }}-supervisor + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + component: "{{ .Values.name }}-supervisor" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + component: "{{ .Values.name }}-supervisor" + spec: + containers: + - name: {{ template "name" . }}-{{ .Values.name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["storm", "supervisor"] + resources: +{{ toYaml .Values.supervisor_resources | indent 12 }} + env: + - name: STORM_HOSTNAME_FROM_IP + value: "true" + - name: ZOOKEEPER_SERVERS + value: "{{ .Release.Name }}-zookeeper" + - name: STORM_ZOOKEEPER_PORT + value: "2181" + - name: NIMBUS_SEEDS + value: "{{ template "storm.fullname" . }}-nimbus" + - name: SUPERVISOR_SLOTS_PORTS + value: {{ .Values.supervisor_ports | join "," | quote }} + - name: METRIC_SPOUT_THREADS + value: "{{ .Values.thresh.spout.metricSpoutThreads }}" + - name: METRIC_SPOUT_TASKS + value: "{{ .Values.thresh.spout.metricSpoutTasks }}" + - name: KAFKA_URI + value: "{{ .Release.Name }}-kafka:9092" + - name: MYSQL_DB_HOST + value: "{{ .Release.Name }}-mysql" + - name: MYSQL_DB_PORT + value: "3306" + - name: MYSQL_DB_DATABASE + value: "mon" + - name: MYSQL_DB_USERNAME + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-{{ .Values.thresh.secretSuffix }}" + key: username + - name: MYSQL_DB_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-{{ .Values.thresh.secretSuffix }}" + key: password +{{- end}} diff --git a/storm/values.yaml b/storm/values.yaml new file mode 100644 index 00000000..32d98d81 --- /dev/null +++ b/storm/values.yaml @@ -0,0 +1,35 @@ +name: storm +enabled: true +image: + repository: monasca/storm + tag: 1.1.1-1.0.11 + pullPolicy: Always +persistence: + storageClass: default + enabled: false + accessMode: ReadWriteOnce + size: 4Gi +service: + type: ClusterIP + port: 6627 +supervisor_ports: [ 6701, 6702 ] +nimbus_resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 2Gi + cpu: 500m +supervisor_resources: + requests: + memory: 2Gi + cpu: 250m + limits: + memory: 4Gi + cpu: 2000m + +thresh: + secretSuffix: mysql-thresh-secret + spout: + metricSpoutThreads: 2 + metricSpoutTasks: 2 diff --git a/zookeeper/.helmignore b/zookeeper/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/zookeeper/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/zookeeper/Chart.yaml b/zookeeper/Chart.yaml new file mode 100644 index 00000000..ef50676b --- /dev/null +++ b/zookeeper/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: A Helm chart for Zookeeper +name: zookeeper +version: 0.3.8 diff --git a/zookeeper/README.md b/zookeeper/README.md new file mode 100644 index 00000000..8d510cb1 --- /dev/null +++ b/zookeeper/README.md @@ -0,0 +1,28 @@ +### Zookeeper Configurations + +Parameter | Description | Default +--------- | ----------- | ------- +`image.repository` | Zookeeper container image repository | `zookeeper` +`image.tag` | Zookeeper container image tag | `3.3` +`image.pullPolicy` | Zookeeper container image pull policy | `IfNotPresent` +`service.type` | Zookeeper service type | `ClusterIP` +`persistence.storageClass` | Zookeeper storage class | `default` +`persistence.enabled` | Zookeeper persistent storage enabled flag | `false` +`persistence.accessMode` | Zookeeper persistent storage accessMode | `ReadWriteOnce` +`persistence.size` | Zookeeper persistent storage size | `10Gi` +`persistence.purge_interval` | Number of hours between disk purge | `1` +`persistence.snap_retain_count` | Number of snapshots to retain in dataDir | `3` +`resources.requests.memory` | Memory request per zookeeper pod | `256Mi` +`resources.requests.cpu` | CPU request per zookeeper pod | `100m` +`resources.limits.cpu` | Memory limit per zookeeper pod | `1000m` +`resources.limits.memory` | Memory limit per zookeeper pod | `512Mi` +`java.max_ram_fraction` | Fraction of Ram to deveote to Heap (1/n) | `2` +`watcher.enabled` | Zookeeper watcher enabled flag | `false` +`watcher.image.repository` | Zookeeper watcher container image repository | `monasca/zookeeper-watcher` +`watcher.image.tag` | Zookeeper watcher container image tag | `latest` +`watcher.image.pullPolicy` | Zookeeper watcher container image pull policy | `IfNotPresent` +`watcher.health_check_path` | Zookeeper watcher health check path | `zookeeper-health-check` +`watcher.watcher_period` | Zookeeper watcher period | `600` +`watcher.watcher_timeout` | Zookeeper watcher read/write timeout | `60` +`watcher.stay_alive_on_failure` | If `true`, watcher container stays alive for 2 hours after watcher exits | `false` +`watcher.port` | Zookeeper watcher port to expose Promethues metrics on | `8080` diff --git a/zookeeper/templates/_helpers.tpl b/zookeeper/templates/_helpers.tpl new file mode 100644 index 00000000..f0d83d2e --- /dev/null +++ b/zookeeper/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/zookeeper/templates/zookeeper-configmap.yaml b/zookeeper/templates/zookeeper-configmap.yaml new file mode 100644 index 00000000..8faadf3d --- /dev/null +++ b/zookeeper/templates/zookeeper-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + zoo.cfg: | + clientPort=2181 + dataDir=/data + dataLogDir=/data + tickTime=2000 + initLimit=5 + syncLimit=2 + maxClientCnxns=1000 + autopurge.snapRetainCount={{ .Values.persistence.snap_retain_count }} + autopurge.purgeInterval={{ .Values.persistence.purge_interval }} + log4j.properties: | + # Root logger option + log4j.rootLogger=INFO, stdout + + # Direct log messages to stdout + log4j.appender.stdout=org.apache.log4j.ConsoleAppender + log4j.appender.stdout.Target=System.out + log4j.appender.stdout.layout=org.apache.log4j.PatternLayout + log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n diff --git a/zookeeper/templates/zookeeper-deployment.yaml b/zookeeper/templates/zookeeper-deployment.yaml new file mode 100644 index 00000000..57518ff6 --- /dev/null +++ b/zookeeper/templates/zookeeper-deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ template "fullname" . }} + {{- if .Values.watcher.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.watcher.port }}" + monasca.io/usek8slabels: "false" + monasca.io/whitelist: | + - zookeeper_average_round_trip_time + - zookeeper_dropped_message_count + - zookeeper_max_round_trip_time + - zookeeper_min_round_trip_time + - zookeeper_read_failure_count + - zookeeper_running_average_round_trip_time + - zookeeper_watcher_status + - zookeeper_write_failure_count + - go_memstats_heap_objects + - go_memstats_heap_inuse_bytes + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: SERVER_JVMFLAGS + value: "-XX:MaxRAMFraction={{ .Values.java.max_ram_fraction }} -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XshowSettings:vm" + ports: + - name: client + containerPort: 2181 + - name: peer + containerPort: 2888 + - name: leader-election + containerPort: 3888 + volumeMounts: + - name: data-volume + mountPath: /data + - name: config-volume + mountPath: /conf + {{- if .Values.watcher.enabled }} + - name: watcher + image: "{{ .Values.watcher.image.repository }}:{{ .Values.watcher.image.tag }}" + imagePullPolicy: {{ .Values.watcher.image.pullPolicy }} + resources: +{{ toYaml .Values.watcher.resources | indent 12 }} + env: + - name: HEALTH_CHECK_PATH + value: {{ .Values.watcher.health_check_path | quote }} + - name: ZOOKEEPER_SERVERS + value: "localhost" + - name: PROMETHEUS_ENDPOINT + value: "0.0.0.0:{{ .Values.watcher.port }}" + - name: WATCHER_PERIOD + value: {{ .Values.watcher.watcher_period | quote }} + - name: WATCHER_TIMEOUT + value: {{ .Values.watcher.watcher_timeout | quote }} + - name: STAY_ALIVE_ON_FAILURE + value: {{ .Values.watcher.stay_alive_on_failure | quote }} + ports: + - name: metrics + containerPort: {{ .Values.watcher.port }} + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "fullname" . }} + - name: data-volume + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ template "fullname" . }} + {{- else }} + emptyDir: {} + {{- end -}} diff --git a/zookeeper/templates/zookeeper-pvc.yaml b/zookeeper/templates/zookeeper-pvc.yaml new file mode 100644 index 00000000..c6a1b0c4 --- /dev/null +++ b/zookeeper/templates/zookeeper-pvc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/zookeeper/templates/zookeeper-static-svc.yaml b/zookeeper/templates/zookeeper-static-svc.yaml new file mode 100644 index 00000000..82c5b285 --- /dev/null +++ b/zookeeper/templates/zookeeper-static-svc.yaml @@ -0,0 +1,22 @@ +{{- if .Values.static_service.enabled }} +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ .Values.static_service.name }} +spec: + type: {{ .Values.static_service.type }} + ports: + - name: client + port: 2181 + - name: peer + port: 2888 + - name: leader-election + port: 3888 + selector: + app: {{ template "fullname" . }} +{{- end }} diff --git a/zookeeper/templates/zookeeper-svc.yaml b/zookeeper/templates/zookeeper-svc.yaml new file mode 100644 index 00000000..def59fc2 --- /dev/null +++ b/zookeeper/templates/zookeeper-svc.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + ports: + - name: client + port: 2181 + - name: peer + port: 2888 + - name: leader-election + port: 3888 + type: {{ .Values.service.type }} + selector: + app: {{ template "fullname" . }} diff --git a/zookeeper/values.yaml b/zookeeper/values.yaml new file mode 100644 index 00000000..e3fd76b8 --- /dev/null +++ b/zookeeper/values.yaml @@ -0,0 +1,45 @@ +name: zookeeper +image: + repository: zookeeper + tag: 3.4.10 + pullPolicy: IfNotPresent +service: + type: ClusterIP +persistence: + storageClass: default + enabled: false + accessMode: ReadWriteOnce + size: 10Gi + purge_interval: 1 + snap_retain_count: 3 +resources: + requests: + memory: 256Mi + cpu: 100m + limits: + cpu: 1000m + memory: 512Mi +java: + max_ram_fraction: 2 +watcher: + enabled: false + image: + repository: monasca/zookeeper-watcher + tag: 0.0.2 + pullPolicy: IfNotPresent + resources: + requests: + memory: 32Mi + cpu: 25m + limits: + memory: 64Mi + cpu: 50m + port: 8080 + health_check_path: zookeeper-health-check + watcher_period: 600 + watcher_timeout: 60 + stay_alive_on_failure: false +static_service: + enabled: false + type: ClusterIP + name: zookeeper