Remove Kibana indices before pod start up

The ps removes kibana indices from elasticsearch when a pod comes up. It also removes the source code in values.yaml for the flush job since it is not needed at this point. Change-Id: Icb0376fed4872308b26e608d5be0fbac504d802d
2021-08-19 08:38:05 -07:00 · 2021-08-19 08:38:05 -07:00 · 122dcef629
commit 122dcef629
parent fa174c00db
6 changed files with 53 additions and 30 deletions
--- a/kibana/Chart.yaml
+++ b/kibana/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v7.1.0
 description: OpenStack-Helm Kibana
 name: kibana
-version: 0.1.5
+version: 0.1.6
 home: https://www.elastic.co/products/kibana
 sources:
  - https://github.com/elastic/kibana
--- a/kibana/templates/bin/_create_kibana_index_patterns.sh.tpl
+++ b/kibana/templates/bin/_create_kibana_index_patterns.sh.tpl
@ -14,6 +14,23 @@ limitations under the License.
 */}}
 set -ex
 {{- if .Values.manifests.wait_for_kibana_pods_readiness }}
 echo "Waiting for all Kibana pods to become Ready"
 count=1
 # Wait up to 30 minutes for all Kibana pods to become Ready.  This does not necessarily mean
 # Kibana pods will take up to 30 minutes to come up.  This script will wait up to 30 minutes
 # instead of going into an infinite loop to wait.  This timed out value should be reduced once
 # Kibana startup is enhanced.
 while [[ $(kubectl get pods -n {{ .Release.Namespace }} -l application=kibana,component=dashboard -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') =~ "False" ]]; do
  sleep 30
  if [[ $count -eq 60 ]]; then
    echo "Timed out waiting for all Kibana pods to become Ready, proceed to create index patterns."
    break
  fi
  ((count++))
 done
 {{- end }}
 {{- range $objectType, $indices := .Values.conf.create_kibana_indexes.indexes }}
 {{- range $indices }}
 curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
--- a/kibana/templates/bin/_kibana.sh.tpl
+++ b/kibana/templates/bin/_kibana.sh.tpl
@ -17,6 +17,10 @@ set -e
 COMMAND="${@:-start}"
 function start () {
  curl --cacert /etc/elasticsearch/certs/ca.crt -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
      -XDELETE "${ELASTICSEARCH_HOSTS}/.kibana*"
  exec /usr/share/kibana/bin/kibana \
    --elasticsearch.hosts="${ELASTICSEARCH_HOSTS}" \
    --elasticsearch.username="${ELASTICSEARCH_USERNAME}" \
--- a/kibana/templates/job-register-kibana-indexes.yaml
+++ b/kibana/templates/job-register-kibana-indexes.yaml
@ -22,6 +22,9 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: register-kibana-indexes
  annotations:
    "helm.sh/hook": post-install,post-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
 spec:
  template:
    metadata:
@ -81,4 +84,30 @@ spec:
          configMap:
            name: kibana-bin
            defaultMode: 0755
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ''
    resources:
      - pods
    verbs:
      - get
      - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 roleRef:
  kind: ClusterRole
  name: {{ $serviceAccountName }}
  apiGroup: rbac.authorization.k8s.io
 {{- end }}
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@ -26,7 +26,6 @@ images:
    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
    image_repo_sync: docker.io/library/docker:17.07.0
    register_kibana_indexes: docker.io/openstackhelm/heat:newton-ubuntu_xenial
    flush_kibana_metadata: docker.io/openstackhelm/heat:newton-ubuntu_xenial
  pull_policy: IfNotPresent
  local_registry:
    active: false
@ -54,13 +53,6 @@ pod:
        register_kibana_indexes:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
    flush_kibana_metadata:
      pod:
        runAsUser: 1000
      container:
        flush_kibana_metadata:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
  affinity:
    anti:
      type:
@ -110,13 +102,6 @@ pod:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      flush_kibana_metadata:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
  probes:
    kibana:
      kibana:
@ -160,26 +145,13 @@ dependencies:
        - endpoint: internal
          service: local_image_registry
    kibana:
      jobs:
        - flush-kibana-metadata
      services:
        - endpoint: internal
          service: elasticsearch
    register_kibana_indexes:
      jobs:
        - flush-kibana-metadata
      services:
        - endpoint: internal
          service: kibana
    flush_kibana_metadata:
      services:
        - endpoint: internal
          service: elasticsearch
 jobs:
  flush_kibana_metadata:
    backoffLimit: 6
    activeDeadlineSeconds: 600
 conf:
  httpd: |
@ -424,5 +396,5 @@ manifests:
  service: true
  service_ingress: true
  job_register_kibana_indexes: true
-  job_flush_kibana_metadata: true
+  wait_for_kibana_pods_readiness: false
 ...
--- a/releasenotes/notes/kibana.yaml
+++ b/releasenotes/notes/kibana.yaml
@ -6,4 +6,5 @@ kibana:
  - 0.1.3 Enable TLS with Elasticsearch
  - 0.1.4 Enable TLS for Kibana ingress path
  - 0.1.5 Use full image ref for docker official images
  - 0.1.6 Remove Kibana indices before pod start up
 ...