Prometheus Openstack Exporter: tidy chart and add ks user

This PS adds keystone user management to the prometheus-openstack-exporter chart, and also performs some spring cleaning. Change-Id: I69e40c523867f751ecd8c63169aefdfdf4eb5cd2
2018-01-11 20:59:19 -05:00 · 2018-01-11 20:59:19 -05:00 · 9b40b8656d
commit 9b40b8656d
parent 217385a0dd
9 changed files with 175 additions and 76 deletions
--- a/prometheus-openstack-exporter/templates/bin/_prometheus-openstack-exporter.sh.tpl
+++ b/prometheus-openstack-exporter/templates/bin/_prometheus-openstack-exporter.sh.tpl
--- a/prometheus-openstack-exporter/templates/configmap-bin.yaml
+++ b/prometheus-openstack-exporter/templates/configmap-bin.yaml
@ -20,10 +20,12 @@ limitations under the License.
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: openstack-exporter-bin
+  name: prometheus-openstack-exporter-bin
 data:
  image-repo-sync.sh: |+
 {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
-  openstack-exporter.sh: |
+  ks-user.sh: |+
-{{ tuple "bin/_openstack-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
  prometheus-openstack-exporter.sh: |
 {{ tuple "bin/_prometheus-openstack-exporter.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
--- a/prometheus-openstack-exporter/templates/deployment.yaml
+++ b/prometheus-openstack-exporter/templates/deployment.yaml
@ -18,9 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $ksUserSecret := .Values.secrets.identity.user }}
 {{- if .Values.images.local_registry.active -}}
-{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.openstack_metrics_exporter .Values.conditional_dependencies.local_image_registry) -}}
+{{- $_ := set .Values "pod_dependency" (merge .Values.dependencies.prometheus_openstack_exporter .Values.conditional_dependencies.local_image_registry) -}}
 {{- else -}}
-{{- $_ := set .Values "pod_dependency" .Values.dependencies.openstack_metrics_exporter -}}
+{{- $_ := set .Values "pod_dependency" .Values.dependencies.prometheus_openstack_exporter -}}
 {{- end -}}
 {{- $serviceAccountName := "prometheus-openstack-exporter" }}
@ -29,51 +29,52 @@ limitations under the License.
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: openstack-exporter
+  name: prometheus-openstack-exporter
 spec:
-  replicas: {{ .Values.pod.replicas.openstack_metrics_exporter }}
+  replicas: {{ .Values.pod.replicas.prometheus_openstack_exporter }}
 {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
  template:
    metadata:
      labels:
-{{ tuple $envAll "openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
-      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.openstack_metrics_exporter.timeout | default "30" }}
+      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.prometheus_openstack_exporter.timeout | default "30" }}
      initContainers:
 {{ tuple $envAll .Values.pod_dependency list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: openstack-metrics-exporter
-{{ tuple $envAll "openstack_metrics_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll "prometheus_openstack_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.openstack_metrics_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.prometheus_openstack_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          command:
-            - /tmp/openstack-exporter.sh
+            - /tmp/prometheus-openstack-exporter.sh
            - start
          lifecycle:
            preStop:
              exec:
                command:
                  - /tmp/prometheus-openstack-exporter.sh
                  - stop
          ports:
            - name: metrics
-              containerPort: {{ .Values.network.openstack_metrics_exporter.port }}
+              containerPort: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
          env:
            - name: TIMEOUT_SECONDS
              value: "{{ .Values.conf.openstack_metrics_exporter.timeout_seconds }}"
            - name: OS_POLLING_INTERVAL
              value: "{{ .Values.conf.openstack_metrics_exporter.polling_interval_seconds }}"
            - name: OS_RETRIES
              value: "{{ .Values.conf.openstack_metrics_exporter.retries }}"
            - name: LISTEN_PORT
-              value: "{{ .Values.network.openstack_metrics_exporter.port }}"
+              value: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.prometheus_openstack_exporter | indent 12 }}
 {{- with $env := dict "ksUserSecret" $ksUserSecret }}
 {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
 {{- end }}
          volumeMounts:
-            - name: openstack-exporter-bin
+            - name: prometheus-openstack-exporter-bin
-              mountPath: /tmp/openstack-exporter.sh
+              mountPath: /tmp/prometheus-openstack-exporter.sh
-              subPath: openstack-exporter.sh
+              subPath: prometheus-openstack-exporter.sh
              readOnly: true
      volumes:
-        - name: openstack-exporter-bin
+        - name: prometheus-openstack-exporter-bin
          configMap:
-            name: openstack-exporter-bin
+            name: prometheus-openstack-exporter-bin
            defaultMode: 0555
 {{- end }}
--- a/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml
+++ b/prometheus-openstack-exporter/templates/job-image-repo-sync.yaml
@ -19,14 +19,14 @@ limitations under the License.
 {{- if .Values.images.local_registry.active -}}
 {{- $_ := set .Values "pod_dependency" .Values.dependencies.image_repo_sync -}}
-{{- $serviceAccountName := "openstack-exporter-image-repo-sync"}}
+{{- $serviceAccountName := "prometheus-openstack-exporter-image-repo-sync"}}
 {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: openstack-metrics-exporter-image-repo-sync
+  name: prometheus-openstack-exporter-image-repo-sync
 spec:
  template:
    metadata:
@ -51,16 +51,16 @@ spec:
          command:
            - /tmp/image-repo-sync.sh
          volumeMounts:
-            - name:  openstack-exporter-bin
+            - name:  prometheus-openstack-exporter-bin
              mountPath: /tmp/image-repo-sync.sh
              subPath: image-repo-sync.sh
              readOnly: true
            - name: docker-socket
              mountPath: /var/run/docker.sock
      volumes:
-        - name:  openstack-exporter-bin
+        - name:  prometheus-openstack-exporter-bin
          configMap:
-            name:  openstack-exporter-bin
+            name:  prometheus-openstack-exporter-bin
            defaultMode: 0555
        - name: docker-socket
          hostPath:
--- a/prometheus-openstack-exporter/templates/job-ks-user.yaml
+++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml
@ -0,0 +1,67 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "prometheus-openstack-exporter-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: prometheus-openstack-exporter-ks-user
 spec:
  template:
    metadata:
      labels:
 {{ tuple $envAll "prometheus-openstack-exporter" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: prometheus-openstack-exporter-ks-user
 {{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          command:
            - /tmp/ks-user.sh
          volumeMounts:
            - name: ks-user-sh
              mountPath: /tmp/ks-user.sh
              subPath: ks-user.sh
              readOnly: true
          env:
 {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
 {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
 {{- end }}
            - name: SERVICE_OS_SERVICE_NAME
              value: "prometheus-openstack-exporter"
 {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
 {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
 {{- end }}
            - name: SERVICE_OS_ROLE
              value: {{ .Values.endpoints.identity.auth.user.role | quote }}
      volumes:
        - name: ks-user-sh
          configMap:
            name: prometheus-openstack-exporter-bin
            defaultMode: 0555
 {{- end }}
--- a/prometheus-openstack-exporter/templates/secret-openstack-metrics-user.yaml
+++ b/prometheus-openstack-exporter/templates/secret-openstack-metrics-user.yaml
@ -14,16 +14,17 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
-{{- if .Values.manifests.openstack_metrics_user }}
+{{- if .Values.manifests.secret_keystone }}
 {{- $envAll := . }}
-{{- $secretName := index $envAll.Values.secrets.identity.user }}
+{{- range $key1, $userClass := tuple "admin" "user" }}
 {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ $secretName }}
  namespace: {{ $envAll.Values.endpoints.openstack_metrics_exporter.namespace }}
 type: Opaque
 data:
-{{- tuple "user" "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
 {{- end }}
 {{- end }}
--- a/prometheus-openstack-exporter/templates/service.yaml
+++ b/prometheus-openstack-exporter/templates/service.yaml
@ -14,23 +14,23 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
-{{- if .Values.manifests.service_openstack_metrics_exporter }}
+{{- if .Values.manifests.service }}
 {{- $envAll := . }}
-{{- $endpoint := $envAll.Values.endpoints.openstack_metrics_exporter }}
+{{- $endpoint := $envAll.Values.endpoints.prometheus_openstack_exporter }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ tuple "openstack_metrics_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+  name: {{ tuple "prometheus_openstack_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
  labels:
-{{ tuple $envAll "openstack-exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+{{ tuple $envAll "prometheus-openstack-exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
 {{ tuple $endpoint | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }}
 spec:
  ports:
  - name: http
-    port: {{ .Values.network.openstack_metrics_exporter.port }}
+    port: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-    targetPort: {{ .Values.network.openstack_metrics_exporter.port }}
+    targetPort: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
  selector:
-{{ tuple $envAll "openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+{{ tuple $envAll "prometheus-openstack-exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
 {{- end }}
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@ -12,17 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# Default values for kube-state-metrics.
+# Default values for prometheus-openstack-exporter.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 images:
  tags:
-    openstack_metrics_exporter: docker.io/rakeshpatnaik/prometheus-openstack-exporter:v0.1
+    prometheus_openstack_exporter: docker.io/rakeshpatnaik/prometheus-openstack-exporter:v0.1
    helm_tests: docker.io/kolla/ubuntu-source-kolla-toolbox:3.0.3
    pull_policy: IfNotPresent
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
    image_repo_sync: docker.io/docker:17.07.0
    ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
  pull_policy: IfNotPresent
  local_registry:
    active: false
@ -42,11 +42,11 @@ pod:
      topologyKey:
        default: kubernetes.io/hostname
  mounts:
-    openstack_metrics_exporter:
+    prometheus_openstack_exporter:
-      openstack_metrics_exporter:
+      prometheus_openstack_exporter:
      init_container: null
  replicas:
-    openstack_metrics_exporter: 1
+    prometheus_openstack_exporter: 1
  lifecycle:
    upgrades:
      revision_history: 3
@ -55,7 +55,7 @@ pod:
        max_unavailable: 1
        max_surge: 3
    termination_grace_period:
-      openstack_metrics_exporter:
+      prometheus_openstack_exporter:
        timeout: 30
  resources:
    enabled: false
@ -74,12 +74,25 @@ pod:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
-
+      ks_user:
-secrets:
+        requests:
-  identity:
+          memory: "128Mi"
-    user: openstack-metrics-user
+          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
 dependencies:
  ks_user:
    services:
      - service: identity
        endpoint: internal
  prometheus_openstack_exporter:
    jobs:
      - prometheus-openstack-exporter-ks-user
    services:
      - service: identity
        endpoint: internal
  image_repo_sync:
    services:
      - service: local_image_registry
@ -88,18 +101,21 @@ dependencies:
 conditional_dependencies:
  local_image_registry:
    jobs:
-      - openstack-metrics-exporter-image-repo-sync
+      - prometheus-openstack-exporter-image-repo-sync
    services:
      - service: local_image_registry
        endpoint: node
 conf:
-  openstack_metrics_exporter:
+  prometheus_openstack_exporter:
-    polling_interval_seconds: 30
+    OS_POLLING_INTERVAL: 30
-    timeout_seconds: 20
+    TIMEOUT_SECONDS: 20
-    retries: 1
+    OS_RETRIES: 1
-    os_cpu_oc_ratio: 1.5
+
-    os_ram_oc_ratio: 1.0
+secrets:
  identity:
    admin: prometheus-openstack-exporter-keystone-admin
    user: prometheus-openstack-exporter-keystone-user
 endpoints:
  cluster_domain_suffix: cluster.local
@ -115,7 +131,7 @@ endpoints:
    port:
      registry:
        node: 5000
-  openstack_metrics_exporter:
+  prometheus_openstack_exporter:
    namespace: null
    hosts:
      default: openstack-metrics
@ -125,14 +141,24 @@ endpoints:
      default: null
    scheme:
      default: 'http'
    port:
      exporter:
        default: 9103
    scrape: true
  identity:
    name: keystone
    auth:
      admin:
        region_name: RegionOne
        username: admin
        password: password
        project_name: admin
        user_domain_name: default
        project_domain_name: default
      user:
        role: admin
        region_name: RegionOne
-        username: nova
+        username: prometheus-openstack-exporter
        password: password
        project_name: service
        user_domain_name: default
@ -152,17 +178,10 @@ endpoints:
      api:
        default: 80
 network:
  openstack_metrics_exporter:
    port: 9103
 manifests:
  configmap_bin: true
  clusterrole: true
  clusterrolebinding: true
  deployment: true
  job_image_repo_sync: true
-  rbac_entrypoint: true
+  job_ks_user: true
-  service_openstack_metrics_exporter: true
+  secret_keystone: true
-  serviceaccount: true
+  service: true
  openstack_metrics_user: true
--- a/tools/gate/chart-deploys/default.yaml
+++ b/tools/gate/chart-deploys/default.yaml
@ -145,6 +145,15 @@ charts:
      enabled: false
      timeout: 300
      output: false
    values:
      # NOTE(portdirect): Keystone Management is disabled here, as keystone is
      # not deployed in the OSH infra gates.
      manifests:
        job_ks_user: false
      dependencies:
        prometheus_openstack_exporter:
          jobs: null
          services: null
  grafana:
    chart_name: grafana