From b45e8ddcbd8895e276d0fabbccb6bc1ad1622e09 Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Tue, 19 Dec 2017 07:51:59 -0600 Subject: [PATCH] Move kibana to OSH infra This moves the Kibana chart to OSH infra, which finalizes moving the logging components to OSH infra Change-Id: Iacbfde8d5d7099fcb4dde8a437e030c2d4936de6 --- kibana/Chart.yaml | 24 +++ kibana/requirements.yaml | 18 ++ kibana/templates/bin/_kibana.sh.tpl | 29 ++++ kibana/templates/configmap-bin.yaml | 29 ++++ kibana/templates/configmap-etc.yaml | 27 +++ kibana/templates/deployment.yaml | 85 ++++++++++ kibana/templates/ingress-kibana.yaml | 60 +++++++ kibana/templates/job-image-repo-sync.yaml | 68 ++++++++ kibana/templates/service-ingress-kibana.yaml | 32 ++++ kibana/templates/service.yaml | 34 ++++ kibana/values.yaml | 170 +++++++++++++++++++ tools/gate/chart-deploys/default.yaml | 6 + 12 files changed, 582 insertions(+) create mode 100644 kibana/Chart.yaml create mode 100644 kibana/requirements.yaml create mode 100644 kibana/templates/bin/_kibana.sh.tpl create mode 100644 kibana/templates/configmap-bin.yaml create mode 100644 kibana/templates/configmap-etc.yaml create mode 100644 kibana/templates/deployment.yaml create mode 100644 kibana/templates/ingress-kibana.yaml create mode 100644 kibana/templates/job-image-repo-sync.yaml create mode 100644 kibana/templates/service-ingress-kibana.yaml create mode 100644 kibana/templates/service.yaml create mode 100644 kibana/values.yaml diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml new file mode 100644 index 000000000..672c82255 --- /dev/null +++ b/kibana/Chart.yaml @@ -0,0 +1,24 @@ + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +description: OpenStack-Helm Kibana +name: kibana +version: 0.1.0 +home: https://www.elastic.co/products/kibana +sources: + - https://github.com/elastic/kibana + - https://git.openstack.org/cgit/openstack/openstack-helm-infra +maintainers: + - name: OpenStack-Helm Authors diff --git a/kibana/requirements.yaml b/kibana/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/kibana/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/kibana/templates/bin/_kibana.sh.tpl b/kibana/templates/bin/_kibana.sh.tpl new file mode 100644 index 000000000..6e48ef158 --- /dev/null +++ b/kibana/templates/bin/_kibana.sh.tpl @@ -0,0 +1,29 @@ +#!/bin/bash +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec kibana --elasticsearch.url="${ELASTICSEARCH_URL}" +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/kibana/templates/configmap-bin.yaml b/kibana/templates/configmap-bin.yaml new file mode 100644 index 000000000..731cefa80 --- /dev/null +++ b/kibana/templates/configmap-bin.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: kibana-bin +data: + kibana.sh: | +{{ tuple "bin/_kibana.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + image-repo-sync.sh: |+ +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} diff --git a/kibana/templates/configmap-etc.yaml b/kibana/templates/configmap-etc.yaml new file mode 100644 index 000000000..2a1b3a4a7 --- /dev/null +++ b/kibana/templates/configmap-etc.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: kibana-etc +data: + kibana.yml: |+ +{{ toYaml .Values.conf | indent 4 }} +{{- end }} diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml new file mode 100644 index 000000000..89178abc1 --- /dev/null +++ b/kibana/templates/deployment.yaml @@ -0,0 +1,85 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.kibana .Values.conditional_dependencies.local_image_registry) -}} +{{- else -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.kibana -}} +{{- end -}} + +{{- $serviceAccountName := "kibana" }} +{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: kibana +spec: + replicas: {{ .Values.pod.replicas.kibana }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.kibana.node_selector_key }}: {{ .Values.labels.kibana.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: kibana +{{ tuple $envAll "kibana" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.kibana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/kibana.sh + - start + ports: + - name: http + containerPort: {{ .Values.network.kibana.port }} + env: + - name: ELASTICSEARCH_URL + value: {{ tuple "elasticsearch" "default" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + volumeMounts: + - name: kibana-bin + mountPath: /tmp/kibana.sh + subPath: kibana.sh + readOnly: true + - name: pod-etc-kibana + mountPath: /usr/share/kibana/config + - name: kibana-etc + mountPath: /usr/share/kibana/config/kibana.yml + subPath: kibana.yml + readOnly: true + volumes: + - name: pod-etc-kibana + emptyDir: {} + - name: kibana-bin + configMap: + name: kibana-bin + defaultMode: 0555 + - name: kibana-etc + configMap: + name: kibana-etc + defaultMode: 0444 +{{- end }} diff --git a/kibana/templates/ingress-kibana.yaml b/kibana/templates/ingress-kibana.yaml new file mode 100644 index 000000000..0454f73bf --- /dev/null +++ b/kibana/templates/ingress-kibana.yaml @@ -0,0 +1,60 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.ingress_kibana }} +{{- $envAll := . }} +{{- if .Values.network.kibana.ingress.public }} +{{- $backendServiceType := "kibana" }} +{{- $backendPort := "http" }} +{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $ingressName }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / + ingress.kubernetes.io/proxy-body-size: {{ .Values.network.kibana.ingress.proxy_body_size }} +spec: + rules: +{{ if ne $hostNameNamespaced $hostNameFull }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- else }} +{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced }} + - host: {{ $vHost }} + http: + paths: + - path: / + backend: + serviceName: {{ $backendName }} + servicePort: {{ $backendPort }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/kibana/templates/job-image-repo-sync.yaml b/kibana/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..40b222438 --- /dev/null +++ b/kibana/templates/job-image-repo-sync.yaml @@ -0,0 +1,68 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_image_repo_sync }} +{{- $envAll := . }} +{{- if .Values.images.local_registry.active -}} +{{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}} + +{{- $serviceAccountName := "kibana-image-repo-sync" }} +{{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kibana-image-repo-sync +spec: + template: + metadata: + labels: +{{ tuple $envAll "kibana" "image-repo-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: image-repo-sync +{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.image_repo_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: LOCAL_REPO + value: "{{ tuple "local_image_registry" "node" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}:{{ tuple "local_image_registry" "node" "registry" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" + - name: IMAGE_SYNC_LIST + value: "{{ include "helm-toolkit.utils.image_sync_list" . }}" + command: + - /tmp/image-repo-sync.sh + volumeMounts: + - name: kibana-bin + mountPath: /tmp/image-repo-sync.sh + subPath: image-repo-sync.sh + readOnly: true + - name: docker-socket + mountPath: /var/run/docker.sock + volumes: + - name: kibana-bin + configMap: + name: kibana-bin + defaultMode: 0555 + - name: docker-socket + hostPath: + path: /var/run/docker.sock +{{- end }} +{{- end }} diff --git a/kibana/templates/service-ingress-kibana.yaml b/kibana/templates/service-ingress-kibana.yaml new file mode 100644 index 000000000..6c2fb838b --- /dev/null +++ b/kibana/templates/service-ingress-kibana.yaml @@ -0,0 +1,32 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_ingress_kibana }} +{{- if .Values.network.kibana.ingress.public }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "kibana" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} +{{- end }} diff --git a/kibana/templates/service.yaml b/kibana/templates/service.yaml new file mode 100644 index 000000000..cbca4c286 --- /dev/null +++ b/kibana/templates/service.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "kibana" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: {{ .Values.network.kibana.port }} + {{ if .Values.network.kibana.node_port.enabled }} + nodePort: {{ .Values.network.kibana.node_port.port }} + {{ end }} + selector: +{{ tuple $envAll "kibana" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.kibana.node_port.enabled }} + type: NodePort + {{ end }} diff --git a/kibana/values.yaml b/kibana/values.yaml new file mode 100644 index 000000000..fa5fc3924 --- /dev/null +++ b/kibana/values.yaml @@ -0,0 +1,170 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +labels: + kibana: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + kibana: docker.io/kibana:5.4.2 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: IfNotPresent + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + lifecycle: + upgrades: + deployments: + pod_replacement_strategy: RollingUpdate + revision_history: 3 + rolling_update: + max_surge: 3 + max_unavailable: 1 + replicas: + kibana: 1 + resources: + kibana: + enabled: false + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +dependencies: + kibana: + services: + - service: elasticsearch + endpoint: internal + image_repo_sync: + services: + - service: local_image_registry + endpoint: internal + +conditional_dependencies: + local_image_registry: + jobs: + - kibana-image-repo-sync + services: + - service: local_image_registry + endpoint: node + +conf: + elasticsearch: + pingTimeout: 1500 + preserveHost: true + requestTimeout: 30000 + shardTimeout: 0 + startupTimeout: 5000 + il8n: + defaultLocale: en + kibana: + defaultAppId: discover + index: .kibana + logging: + quiet: false + silent: false + verbose: false + ops: + interval: 5000 + server: + host: 0.0.0.0 + maxPayloadBytes: 1048576 + port: 5601 + ssl: + enabled: false + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + elasticsearch: + name: elasticsearch + namespace: null + hosts: + default: elasticsearch-logging + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + client: + default: 9200 + kibana: + name: kibana + namespace: null + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + path: + default: null + scheme: + default: http + port: + kibana: + default: 5601 + +network: + kibana: + ingress: + public: true + proxy_body_size: 1024M + node_port: + enabled: false + port: 30905 + port: 5601 + +manifests: + configmap_bin: true + configmap_etc: true + deployment: true + job_image_repo_sync: true + service: true diff --git a/tools/gate/chart-deploys/default.yaml b/tools/gate/chart-deploys/default.yaml index e7ab30f87..a4afac007 100644 --- a/tools/gate/chart-deploys/default.yaml +++ b/tools/gate/chart-deploys/default.yaml @@ -33,6 +33,7 @@ chart_groups: charts: - openstack_elasticsearch - fluent_logging + - kibana charts: docker_registry_nfs_provisioner: @@ -151,3 +152,8 @@ charts: enabled: true timeout: 300 output: false + + kibana: + chart_name: kibana + release: kibana + namespace: openstack