From fb16a11fef84814feb1e365df769ade4ac9f15be Mon Sep 17 00:00:00 2001 From: root Date: Thu, 5 Aug 2021 19:02:59 +0200 Subject: [PATCH] add monasca - monasca-api - monasca-thresh(storm based) - monasca-notification - monasca-persister - monasca-agent(deployment&daemonset) - influxdb init Change-Id: I3ee56658a8ddcb95056f2893c4c5cce0ccc18804 --- monasca/.helmignore | 1 + monasca/Chart.yaml | 24 + monasca/requirements.yaml | 16 + monasca/templates/bin/_bootstrap.sh.tpl | 18 + monasca/templates/bin/_db-sync.sh.tpl | 21 + monasca/templates/bin/_influxdb-init.sh.tpl | 54 + .../templates/bin/_monasca-agent-init.sh.tpl | 25 + monasca/templates/bin/_monasca-api.sh.tpl | 61 + .../templates/bin/_monasca-collector.sh.tpl | 37 + .../templates/bin/_monasca-forwarder.sh.tpl | 21 + .../bin/_monasca-notification.sh.tpl | 20 + .../templates/bin/_monasca-persister.sh.tpl | 20 + monasca/templates/bin/_monasca-statsd.sh.tpl | 20 + monasca/templates/bin/_monasca-thresh.sh.tpl | 195 +++ monasca/templates/configmap-bin.yaml | 64 + monasca/templates/configmap-etc.yaml | 151 +++ .../templates/configmap-plugins-check.yaml | 31 + .../configmap-plugins-detection.yaml | 31 + monasca/templates/configmap-plugins-etc.yaml | 54 + monasca/templates/daemonset-agent.yaml | 222 ++++ monasca/templates/deployment-agent.yaml | 223 ++++ monasca/templates/deployment-api.yaml | 149 +++ .../templates/deployment-notification.yaml | 92 ++ monasca/templates/deployment-persister.yaml | 92 ++ monasca/templates/ingress-api.yaml | 23 + monasca/templates/job-bootstrap.yaml | 23 + monasca/templates/job-db-drop.yaml | 22 + monasca/templates/job-db-init.yaml | 29 + monasca/templates/job-db-sync.yaml | 26 + monasca/templates/job-image-repo-sync.yaml | 22 + monasca/templates/job-influxdb-init.yaml | 103 ++ monasca/templates/job-ks-api-endpoints.yaml | 23 + monasca/templates/job-ks-api-service.yaml | 23 + monasca/templates/job-ks-user.yaml | 27 + monasca/templates/job-rabbit-init.yaml | 23 + monasca/templates/job-thresh-upload.yaml | 93 ++ monasca/templates/network_policy.yaml | 16 + monasca/templates/secret-db.yaml | 33 + monasca/templates/secret-influxdb-secret.yaml | 31 + monasca/templates/secret-ingress-tls.yaml | 17 + monasca/templates/secret-keystone.yaml | 28 + monasca/templates/service-ingress.yaml | 18 + monasca/templates/service.yaml | 44 + monasca/values.yaml | 1141 +++++++++++++++++ monasca/values_overrides/libvirt.yaml | 31 + monasca/values_overrides/nvidia.yaml | 316 +++++ releasenotes/notes/monasca.yaml | 4 + 47 files changed, 3758 insertions(+) create mode 100644 monasca/.helmignore create mode 100644 monasca/Chart.yaml create mode 100644 monasca/requirements.yaml create mode 100644 monasca/templates/bin/_bootstrap.sh.tpl create mode 100644 monasca/templates/bin/_db-sync.sh.tpl create mode 100644 monasca/templates/bin/_influxdb-init.sh.tpl create mode 100644 monasca/templates/bin/_monasca-agent-init.sh.tpl create mode 100644 monasca/templates/bin/_monasca-api.sh.tpl create mode 100644 monasca/templates/bin/_monasca-collector.sh.tpl create mode 100644 monasca/templates/bin/_monasca-forwarder.sh.tpl create mode 100644 monasca/templates/bin/_monasca-notification.sh.tpl create mode 100644 monasca/templates/bin/_monasca-persister.sh.tpl create mode 100644 monasca/templates/bin/_monasca-statsd.sh.tpl create mode 100644 monasca/templates/bin/_monasca-thresh.sh.tpl create mode 100644 monasca/templates/configmap-bin.yaml create mode 100644 monasca/templates/configmap-etc.yaml create mode 100644 monasca/templates/configmap-plugins-check.yaml create mode 100644 monasca/templates/configmap-plugins-detection.yaml create mode 100644 monasca/templates/configmap-plugins-etc.yaml create mode 100644 monasca/templates/daemonset-agent.yaml create mode 100644 monasca/templates/deployment-agent.yaml create mode 100644 monasca/templates/deployment-api.yaml create mode 100644 monasca/templates/deployment-notification.yaml create mode 100644 monasca/templates/deployment-persister.yaml create mode 100644 monasca/templates/ingress-api.yaml create mode 100644 monasca/templates/job-bootstrap.yaml create mode 100644 monasca/templates/job-db-drop.yaml create mode 100644 monasca/templates/job-db-init.yaml create mode 100644 monasca/templates/job-db-sync.yaml create mode 100644 monasca/templates/job-image-repo-sync.yaml create mode 100644 monasca/templates/job-influxdb-init.yaml create mode 100644 monasca/templates/job-ks-api-endpoints.yaml create mode 100644 monasca/templates/job-ks-api-service.yaml create mode 100644 monasca/templates/job-ks-user.yaml create mode 100644 monasca/templates/job-rabbit-init.yaml create mode 100644 monasca/templates/job-thresh-upload.yaml create mode 100644 monasca/templates/network_policy.yaml create mode 100644 monasca/templates/secret-db.yaml create mode 100644 monasca/templates/secret-influxdb-secret.yaml create mode 100644 monasca/templates/secret-ingress-tls.yaml create mode 100644 monasca/templates/secret-keystone.yaml create mode 100644 monasca/templates/service-ingress.yaml create mode 100644 monasca/templates/service.yaml create mode 100644 monasca/values.yaml create mode 100644 monasca/values_overrides/libvirt.yaml create mode 100644 monasca/values_overrides/nvidia.yaml create mode 100644 releasenotes/notes/monasca.yaml diff --git a/monasca/.helmignore b/monasca/.helmignore new file mode 100644 index 0000000000..b54c347b85 --- /dev/null +++ b/monasca/.helmignore @@ -0,0 +1 @@ +values_overrides diff --git a/monasca/Chart.yaml b/monasca/Chart.yaml new file mode 100644 index 0000000000..6a7ea01dfc --- /dev/null +++ b/monasca/Chart.yaml @@ -0,0 +1,24 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: v1.0.0 +description: OpenStack-Helm Monasca API +name: monasca +version: 0.1.0 +home: https://docs.openstack.org/monasca/latest/ +icon: https://www.openstack.org/themes/openstack/images/project-mascots/Monasca/OpenStack_Project_Monasca_vertical.png +sources: + - https://opendev.org/openstack/monasca + - https://opendev.org/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/monasca/requirements.yaml b/monasca/requirements.yaml new file mode 100644 index 0000000000..0206efb380 --- /dev/null +++ b/monasca/requirements.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: "file://../../openstack-helm-infra/helm-toolkit" + version: ">= 0.1.0" diff --git a/monasca/templates/bin/_bootstrap.sh.tpl b/monasca/templates/bin/_bootstrap.sh.tpl new file mode 100644 index 0000000000..6452d0a073 --- /dev/null +++ b/monasca/templates/bin/_bootstrap.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }} diff --git a/monasca/templates/bin/_db-sync.sh.tpl b/monasca/templates/bin/_db-sync.sh.tpl new file mode 100644 index 0000000000..510713f4da --- /dev/null +++ b/monasca/templates/bin/_db-sync.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +monasca_db upgrade + +echo 'Finished DB migrations' diff --git a/monasca/templates/bin/_influxdb-init.sh.tpl b/monasca/templates/bin/_influxdb-init.sh.tpl new file mode 100644 index 0000000000..2e81b2e8bf --- /dev/null +++ b/monasca/templates/bin/_influxdb-init.sh.tpl @@ -0,0 +1,54 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +OPTIONS="-w "%{http_code}" --output /dev/stderr --silent -X POST -u ${INFLUXDB_USER}:${INFLUXDB_PASSWORD}" + +status_code=$(curl ${OPTIONS} ${INFLUXDB_URL}query --data-urlencode "q=CREATE DATABASE monasca") +if [ $status_code -lt 200 ] || ([ $status_code -gt 299 ] && [ $status_code -ne 409 ]) +then + exit 1 +fi + +status_code=$(curl ${OPTIONS} ${INFLUXDB_URL}query --data-urlencode "q=CREATE RETENTION POLICY persister_all ON monasca DURATION 90d REPLICATION 1 DEFAULT") +if [ $status_code -lt 200 ] || ([ $status_code -gt 299 ] && [ $status_code -ne 409 ]) +then + exit 1 +fi + +status_code=$(curl ${OPTIONS} ${INFLUXDB_URL}query --data-urlencode "q=CREATE USER \"${INFLUXDB_API_USER}\" WITH PASSWORD '${INFLUXDB_API_PASSWORD}'") +if [ $status_code -lt 200 ] || ([ $status_code -gt 299 ] && [ $status_code -ne 409 ]) +then + exit 1 +fi + +status_code=$(curl ${OPTIONS} ${INFLUXDB_URL}query --data-urlencode "q=GRANT ALL TO \"${INFLUXDB_API_USER}\"") +if [ $status_code -lt 200 ] || ([ $status_code -gt 299 ] && [ $status_code -ne 409 ]) +then + exit 1 +fi + +status_code=$(curl ${OPTIONS} ${INFLUXDB_URL}query --data-urlencode "q=CREATE USER \"${INFLUXDB_PERSISTER_USER}\" WITH PASSWORD '${INFLUXDB_PERSISTER_PASSWORD}'") +if [ $status_code -lt 200 ] || ([ $status_code -gt 299 ] && [ $status_code -ne 409 ]) +then + exit 1 +fi + +status_code=$(curl ${OPTIONS} ${INFLUXDB_URL}query --data-urlencode "q=GRANT ALL ON monasca TO \"${INFLUXDB_PERSISTER_USER}\"") +if [ $status_code -lt 200 ] || ([ $status_code -gt 299 ] && [ $status_code -ne 409 ]) +then + exit 1 +fi \ No newline at end of file diff --git a/monasca/templates/bin/_monasca-agent-init.sh.tpl b/monasca/templates/bin/_monasca-agent-init.sh.tpl new file mode 100644 index 0000000000..f8815dcd1b --- /dev/null +++ b/monasca/templates/bin/_monasca-agent-init.sh.tpl @@ -0,0 +1,25 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +# Start our service. +echo "Start script: starting container" +mkdir -p /etc/monasca/agent +cp /tmp/agent.yaml /etc/monasca/agent/agent.yaml +sudo chmod 600 /etc/monasca/agent/agent.yaml +ls -al /etc/monasca/agent/agent.yaml +sed -i "s/%FORWARDER_IP%/$MY_POD_IP/g" /etc/monasca/agent/agent.yaml +sed -i "s/%AGENT_HOSTNAME%/$(hostname --fqdn)/g" /etc/monasca/agent/agent.yaml diff --git a/monasca/templates/bin/_monasca-api.sh.tpl b/monasca/templates/bin/_monasca-api.sh.tpl new file mode 100644 index 0000000000..3bba6a283f --- /dev/null +++ b/monasca/templates/bin/_monasca-api.sh.tpl @@ -0,0 +1,61 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +COMMAND="${@:-start}" + +function start () { + + for MONASCA_WSGI_SCRIPT in monasca-api-wsgi; do + cp -a $(type -p ${MONASCA_WSGI_SCRIPT}) /var/www/cgi-bin/monasca/ + done + + {{- if .Values.conf.software.apache2.a2enmod }} + {{- range .Values.conf.software.apache2.a2enmod }} + a2enmod {{ . }} + {{- end }} + {{- end }} + + {{- if .Values.conf.software.apache2.a2dismod }} + {{- range .Values.conf.software.apache2.a2dismod }} + a2dismod {{ . }} + {{- end }} + {{- end }} + + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars + fi + + if [ -f /var/run/apache2/apache2.pid ]; then + # Remove the stale pid for debian/ubuntu images + rm -f /var/run/apache2/apache2.pid + fi + + # Start Apache2 + exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }} +} + +function stop () { + if [ -f /etc/apache2/envvars ]; then + # Loading Apache2 ENV variables + source /etc/apache2/envvars + fi + {{ .Values.conf.software.apache2.binary }} -k graceful-stop +} + +$COMMAND diff --git a/monasca/templates/bin/_monasca-collector.sh.tpl b/monasca/templates/bin/_monasca-collector.sh.tpl new file mode 100644 index 0000000000..4c7ae5c5d5 --- /dev/null +++ b/monasca/templates/bin/_monasca-collector.sh.tpl @@ -0,0 +1,37 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +# Start our service. +{{- $envAll := . }} + +echo "Copying manual configurations for plugins..." +mkdir -p /etc/monasca/agent/conf.d/ +cp /tmp/conf.d/*.yaml /etc/monasca/agent/conf.d/ + +echo "Configuring automatically for plugins without explicit configuration using monasca-setup..." + +{{- range $k, $v := .Values.conf.agent_plugins }} +{{- if $v.auto_detect }} +{{- $local := dict "first" true }} +username=$(id -un "{{ $envAll.Values.pod.security_context.agent.container.monasca_collector.runAsUser }}") +monasca-setup --install_plugins_only -d {{ $k }} --user $username \ +-a "{{- range $kk, $vv := $v.config -}}{{- if not $local.first -}}{{- " " -}}{{- end -}}{{ printf "%s=%s" $kk $vv }}{{- $_ := set $local "first" false -}}{{- end -}}" || echo "Auto-detection failed for {{ $k }}" +{{- end }} +{{- end }} + +echo "Starting monasca-collector..." +exec monasca-collector foreground diff --git a/monasca/templates/bin/_monasca-forwarder.sh.tpl b/monasca/templates/bin/_monasca-forwarder.sh.tpl new file mode 100644 index 0000000000..058839c062 --- /dev/null +++ b/monasca/templates/bin/_monasca-forwarder.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +# Start our service. +echo "Start script: starting container" + +exec monasca-forwarder diff --git a/monasca/templates/bin/_monasca-notification.sh.tpl b/monasca/templates/bin/_monasca-notification.sh.tpl new file mode 100644 index 0000000000..dd934f99b4 --- /dev/null +++ b/monasca/templates/bin/_monasca-notification.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec monasca-notification \ + --config-file /etc/monasca/notification-config.conf diff --git a/monasca/templates/bin/_monasca-persister.sh.tpl b/monasca/templates/bin/_monasca-persister.sh.tpl new file mode 100644 index 0000000000..1f965e27a8 --- /dev/null +++ b/monasca/templates/bin/_monasca-persister.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec monasca-persister \ + --config-file /etc/monasca/monasca-persister.conf diff --git a/monasca/templates/bin/_monasca-statsd.sh.tpl b/monasca/templates/bin/_monasca-statsd.sh.tpl new file mode 100644 index 0000000000..cb667864a4 --- /dev/null +++ b/monasca/templates/bin/_monasca-statsd.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +# Start our service. +echo "Start script: starting container" +exec monasca-statsd diff --git a/monasca/templates/bin/_monasca-thresh.sh.tpl b/monasca/templates/bin/_monasca-thresh.sh.tpl new file mode 100644 index 0000000000..100e2698b1 --- /dev/null +++ b/monasca/templates/bin/_monasca-thresh.sh.tpl @@ -0,0 +1,195 @@ +#!/bin/bash +# shellcheck shell=dash + +if [ -n "$DEBUG" ]; then + set -x +fi + +function parse_db_url { + # extract the protocol + DATABASE_URL=$1 + proto="`echo $DATABASE_URL | grep '://' | sed -e's,^\(.*://\).*,\1,g'`" + url=`echo $DATABASE_URL | sed -e s,$proto,,g` + userpass="`echo $url | grep @ | cut -d@ -f1`" + pass=`echo $userpass | grep : | cut -d: -f2` + if [ -n "$pass" ]; then + user=`echo $userpass | grep : | cut -d: -f1` + else + user=$userpass + fi + hostport=`echo $url | sed -e s,$userpass@,,g | cut -d/ -f1` + port=`echo $hostport | grep : | cut -d: -f2` + if [ -n "$port" ]; then + host=`echo $hostport | grep : | cut -d: -f1` + else + host=$hostport + fi + path="`echo $url | grep / | cut -d/ -f2-`" + + echo $host $port $user $pass $path +} + +CONFIG_TEMPLATES="/templates" +CONFIG_DEST="/etc/monasca" +LOG_TEMPLATES="/logging" +LOG_DEST="/storm/log4j2" +APACHE_STORM_DIR="/apache-storm-1.2.3" + +ZOOKEEPER_WAIT=${ZOOKEEPER_WAIT:-"true"} +ZOOKEEPER_WAIT_TIMEOUT=${ZOOKEEPER_WAIT_TIMEOUT:-"3"} +ZOOKEEPER_WAIT_DELAY=${ZOOKEEPER_WAIT_DELAY:-"10"} +ZOOKEEPER_WAIT_RETRIES=${ZOOKEEPER_WAIT_RETRIES:-"20"} + +SUPERVISOR_STACK_SIZE=${SUPERVISOR_STACK_SIZE:-"1024k"} +WORKER_STACK_SIZE=${WORKER_STACK_SIZE:-"1024k"} +NIMBUS_STACK_SIZE=${NIMBUS_STACK_SIZE:-"1024k"} +UI_STACK_SIZE=${UI_STACK_SIZE:-"1024k"} + +TOPOLOGY_NAME="thresh-cluster" + +MYSQL_WAIT_RETRIES=${MYSQL_WAIT_RETRIES:-"24"} +MYSQL_WAIT_DELAY=${MYSQL_WAIT_DELAY:-"5"} + +KAFKA_WAIT_RETRIES=${KAFKA_WAIT_RETRIES:-"24"} +KAFKA_WAIT_DELAY=${KAFKA_WAIT_DELAY:-"5"} + +THRESH_STACK_SIZE=${THRESH_STACK_SIZE:-"1024k"} + +first_zk={{ first (index .Values.conf.storm "storm.zookeeper.servers") }} +STORM_ZOOKEEPER_PORT={{ index .Values.conf.storm "storm.zookeeper.port" }} + +# render the config +db_connection={{ tuple "oslo_db" "internal" "monasca" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} + +read MYSQL_HOST MYSQL_PORT MYSQL_USER MYSQL_PASSWORD MYSQL_DB < <(parse_db_url $db_connection) +export MYSQL_HOST +export MYSQL_PORT +export MYSQL_USER +export MYSQL_PASSWORD +export MYSQL_DB + +cp /tmp/thresh-config.yml /etc/monasca/thresh-config.yml +sed -i "s/%THRESH_DB_USER%/$MYSQL_USER/g" /etc/monasca/thresh-config.yml +sed -i "s/%THRESH_DB_PASSWORD%/$MYSQL_PASSWORD/g" /etc/monasca/thresh-config.yml +sed -i "s/%THRESH_DB_URL%/$MYSQL_HOST:$MYSQL_PORT\/$MYSQL_DB/g" /etc/monasca/thresh-config.yml + +# wait for zookeeper to become available +if [ "$ZOOKEEPER_WAIT" = "true" ]; then + success="false" + for i in $(seq "$ZOOKEEPER_WAIT_RETRIES"); do + if ok=$(echo ruok | nc "$first_zk" "$STORM_ZOOKEEPER_PORT" -w "$ZOOKEEPER_WAIT_TIMEOUT") && [ "$ok" = "imok" ]; then + success="true" + break + else + echo "Connect attempt $i of $ZOOKEEPER_WAIT_RETRIES failed, retrying..." + sleep "$ZOOKEEPER_WAIT_DELAY" + fi + done + + if [ "$success" != "true" ]; then + echo "Could not connect to $first_zk after $i attempts, exiting..." + sleep 1 + exit 1 + fi +fi + +if [ -z "$STORM_LOCAL_HOSTNAME" ]; then + # see also: http://stackoverflow.com/a/21336679 + ip=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}') + echo "Using autodetected IP as advertised hostname: $ip" + export STORM_LOCAL_HOSTNAME=$ip +fi + +if [ -z "$SUPERVISOR_CHILDOPTS" ]; then + SUPERVISOR_CHILDOPTS="-XX:MaxRAM=$(python /memory.py "$SUPERVISOR_MAX_MB") -XX:+UseSerialGC -Xss$SUPERVISOR_STACK_SIZE" + export SUPERVISOR_CHILDOPTS +fi + +if [ -z "$WORKER_CHILDOPTS" ]; then + WORKER_CHILDOPTS="-XX:MaxRAM=$(python /memory.py "$WORKER_MAX_MB") -Xss$WORKER_STACK_SIZE" + WORKER_CHILDOPTS="$WORKER_CHILDOPTS -XX:+UseConcMarkSweepGC" + if [ "$WORKER_REMOTE_JMX" = "true" ]; then + WORKER_CHILDOPTS="$WORKER_CHILDOPTS -Dcom.sun.management.jmxremote" + fi + + export WORKER_CHILDOPTS +fi + +if [ -z "$NIMBUS_CHILDOPTS" ]; then + NIMBUS_CHILDOPTS="-XX:MaxRAM=$(python /memory.py "$NIMBUS_MAX_MB") -XX:+UseSerialGC -Xss$NIMBUS_STACK_SIZE" + export NIMBUS_CHILDOPTS +fi + +if [ -z "$UI_CHILDOPTS" ]; then + UI_CHILDOPTS="-XX:MaxRAM=$(python /memory.py "$UI_MAX_MB") -XX:+UseSerialGC -Xss$UI_STACK_SIZE" + export UI_CHILDOPTS +fi + +if [ "$WORKER_LOGS_TO_STDOUT" = "true" ]; then + for PORT in $(echo "$SUPERVISOR_SLOTS_PORTS" | sed -e "s/,/ /"); do + LOGDIR="/storm/logs/workers-artifacts/thresh/$PORT" + mkdir -p "$LOGDIR" + WORKER_LOG="$LOGDIR/worker.log" + RECREATE="true" + if [ -e "$WORKER_LOG" ]; then + if [ -L "$WORKER_LOG" ]; then + RECREATE="false" + else + rm -f "$WORKER_LOG" + fi + fi + if [ $RECREATE = "true" ]; then + ln -s /proc/1/fd/1 "$WORKER_LOG" + fi + done +fi + +export KAFKA_URI={{ .Values.conf.thresh_config.kafkaProducerConfig.metadataBrokerList }} + +# Test services we need before starting our service. +echo "Start script: waiting for needed services" +python3 /kafka_wait_for_topics.py +python3 /mysql_check.py + + +echo "Waiting for storm to become available..." +success="false" +for i in $(seq "$STORM_WAIT_RETRIES"); do + if timeout "$STORM_WAIT_TIMEOUT" storm list; then + echo "Storm is available, continuing..." + success="true" + break + else + echo "Connection attempt $i of $STORM_WAIT_RETRIES failed" + sleep "$STORM_WAIT_DELAY" + fi +done + +if [ "$success" != "true" ]; then + echo "Unable to connect to Storm! Exiting..." + sleep 1 + exit 1 +fi + +topologies=$(storm list | awk '/-----/,0{if (!/-----/)print $1}') +found="false" +for topology in $topologies; do + if [ "$topology" = "$TOPOLOGY_NAME" ]; then + found="true" + echo "Found existing storm topology with name: $topology" + break + fi +done + +if [ "$found" = "true" ]; then + echo "Storm topology already exists, will not submit again" + # TODO handle upgrades +else + echo "Using Thresh Config file /etc/monasca/thresh-config.yml. Contents:" + grep -vi password /etc/monasca/thresh-config.yml + echo "Submitting storm topology..." + storm jar /monasca-thresh.jar \ + monasca.thresh.ThresholdingEngine \ + /etc/monasca/thresh-config.yml \ + "$TOPOLOGY_NAME" +fi diff --git a/monasca/templates/configmap-bin.yaml b/monasca/templates/configmap-bin.yaml new file mode 100644 index 0000000000..7733edfbac --- /dev/null +++ b/monasca/templates/configmap-bin.yaml @@ -0,0 +1,64 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +{{- $rallyTests := .Values.conf.rally_tests }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: monasca-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} +{{- if .Values.bootstrap.enabled }} + bootstrap.sh: | +{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + rally-test.sh: | +{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }} + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-sync.sh: | +{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} + ks-service.sh: | +{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }} + ks-endpoints.sh: | +{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }} + ks-user.sh: | +{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} + monasca-api.sh: | +{{ tuple "bin/_monasca-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-notification.sh: | +{{ tuple "bin/_monasca-notification.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-persister.sh: | +{{ tuple "bin/_monasca-persister.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-thresh.sh: | +{{ tuple "bin/_monasca-thresh.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-collector.sh: | +{{ tuple "bin/_monasca-collector.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-forwarder.sh: | +{{ tuple "bin/_monasca-forwarder.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-statsd.sh: | +{{ tuple "bin/_monasca-statsd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + monasca-agent-init.sh: | +{{ tuple "bin/_monasca-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + influxdb-init.sh: | +{{ tuple "bin/_influxdb-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/monasca/templates/configmap-etc.yaml b/monasca/templates/configmap-etc.yaml new file mode 100644 index 0000000000..8de8af616d --- /dev/null +++ b/monasca/templates/configmap-etc.yaml @@ -0,0 +1,151 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty .Values.conf.monasca_api.keystone_authtoken.auth_uri -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.monasca_api.keystone_authtoken "auth_uri" -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.monasca_api.keystone_authtoken "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.region_name -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "region_name" .Values.endpoints.identity.auth.monasca.region_name -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.project_name -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "project_name" .Values.endpoints.identity.auth.monasca.project_name -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.project_domain_name -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.monasca.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.user_domain_name -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.monasca.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.username -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "username" .Values.endpoints.identity.auth.monasca.username -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.password -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "password" .Values.endpoints.identity.auth.monasca.password -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.memcached_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.monasca_api.keystone_authtoken "memcached_servers" -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.keystone_authtoken.memcache_secret_key -}} +{{- $_ := set .Values.conf.monasca_api.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} +{{- end -}} + +{{- if empty .Values.conf.monasca_api.database.connection -}} +{{- $_ := tuple "oslo_db" "internal" "monasca" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.monasca_api.database "connection" -}} +{{- end -}} + +{{- if empty .Values.conf.notification_config.keystone.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.notification_config.keystone "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.notification_config.mysql.host -}} +{{- $_ := tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" | set .Values.conf.notification_config.mysql "host" -}} +{{- end -}} +{{- if empty .Values.conf.notification_config.mysql.user -}} +{{- $_ := set .Values.conf.notification_config.mysql "user" .Values.endpoints.oslo_db.auth.monasca.username -}} +{{- end -}} +{{- if empty .Values.conf.notification_config.mysql.passwd -}} +{{- $_ := set .Values.conf.notification_config.mysql "passwd" .Values.endpoints.oslo_db.auth.monasca.password -}} +{{- end -}} +{{- if empty .Values.conf.notification_config.mysql.db -}} +{{- $_ := set .Values.conf.notification_config.mysql "db" (trimPrefix "/" .Values.endpoints.oslo_db.path) -}} +{{- end -}} + +{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} +{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} +{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }} +{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}} +{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}} +{{- end -}} +{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}} +{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} +{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} +{{- end -}} + +{{- if empty .Values.conf.agent.Api.keystone_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.agent.Api "keystone_url" -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.region_name -}} +{{- $_ := set .Values.conf.agent.Api "region_name" .Values.endpoints.identity.auth.monasca_agent.region_name -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.project_name -}} +{{- $_ := set .Values.conf.agent.Api "project_name" .Values.endpoints.identity.auth.monasca_agent.project_name -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.project_domain_name -}} +{{- $_ := set .Values.conf.agent.Api "project_domain_name" .Values.endpoints.identity.auth.monasca_agent.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.user_domain_name -}} +{{- $_ := set .Values.conf.agent.Api "user_domain_name" .Values.endpoints.identity.auth.monasca_agent.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.username -}} +{{- $_ := set .Values.conf.agent.Api "username" .Values.endpoints.identity.auth.monasca_agent.username -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.password -}} +{{- $_ := set .Values.conf.agent.Api "password" .Values.endpoints.identity.auth.monasca_agent.password -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.service_type -}} +{{- $_ := set .Values.conf.agent.Api "service_type" .Values.endpoints.identity.auth.monasca_agent.interface -}} +{{- end -}} +{{- if empty .Values.conf.agent.Api.url -}} +{{- $_ := tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.agent.Api "url" -}} +{{- end -}} + +{{- if empty .Values.conf.persister_config.influxdb.ip_address -}} +{{- $_ := tuple "metrics_db" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | set .Values.conf.persister_config.influxdb "ip_address" -}} +{{- end -}} +{{- if empty .Values.conf.persister_config.influxdb.port -}} +{{- $_ := tuple "metrics_db" "internal" "influxdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.persister_config.influxdb "port" -}} +{{- end -}} +{{- if empty .Values.conf.persister_config.influxdb.user -}} +{{- $_ := set .Values.conf.persister_config.influxdb "user" .Values.endpoints.metrics_db.auth.monasca_persister.username -}} +{{- end -}} +{{- if empty .Values.conf.persister_config.influxdb.password -}} +{{- $_ := set .Values.conf.persister_config.influxdb "password" .Values.endpoints.metrics_db.auth.monasca_persister.password -}} +{{- end -}} + +{{- if empty .Values.conf.monasca_api.influxdb.ip_address -}} +{{- $_ := tuple "metrics_db" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | set .Values.conf.monasca_api.influxdb "ip_address" -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.influxdb.port -}} +{{- $_ := tuple "metrics_db" "internal" "influxdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.monasca_api.influxdb "port" -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.influxdb.user -}} +{{- $_ := set .Values.conf.monasca_api.influxdb "user" .Values.endpoints.metrics_db.auth.monasca_api.username -}} +{{- end -}} +{{- if empty .Values.conf.monasca_api.influxdb.password -}} +{{- $_ := set .Values.conf.monasca_api.influxdb "password" .Values.endpoints.metrics_db.auth.monasca_api.password -}} +{{- end -}} +--- + +apiVersion: v1 +kind: Secret +metadata: + name: monasca-etc +type: Opaque +data: + monasca-api.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.monasca_api | b64enc }} + api-config.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.monasca_api_paste | b64enc }} + api-logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} + notification-config.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.notification_config | b64enc }} + thresh-config.yml: {{ toYaml .Values.conf.thresh_config | b64enc }} + monasca-persister.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.persister_config | b64enc }} + storm.yaml: {{ toYaml .Values.conf.storm | b64enc }} + agent.yaml: {{ toYaml .Values.conf.agent | b64enc }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_monasca_api "key" "wsgi-monasca.conf" "format" "Secret" ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/monasca/templates/configmap-plugins-check.yaml b/monasca/templates/configmap-plugins-check.yaml new file mode 100644 index 0000000000..5fb6c87fc5 --- /dev/null +++ b/monasca/templates/configmap-plugins-check.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + + +{{- if or .Values.manifests.deployment_agent .Values.manifests.daemonset_agent }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: monasca-agent-check-scripts +data: +{{- range $k, $v := .Values.conf.check_scripts }} +{{- if $v }} + {{- $fileName := printf "%s.py" $k }} + {{ $fileName }}: | +{{ $v | indent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/monasca/templates/configmap-plugins-detection.yaml b/monasca/templates/configmap-plugins-detection.yaml new file mode 100644 index 0000000000..31401d2ab1 --- /dev/null +++ b/monasca/templates/configmap-plugins-detection.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + + +{{- if or .Values.manifests.deployment_agent .Values.manifests.daemonset_agent }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: monasca-agent-detection-scripts +data: +{{- range $k, $v := .Values.conf.detection_scripts }} +{{- if $v }} + {{- $fileName := printf "%s.py" $k }} + {{ $fileName }}: | +{{ $v | indent 4 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/monasca/templates/configmap-plugins-etc.yaml b/monasca/templates/configmap-plugins-etc.yaml new file mode 100644 index 0000000000..166742f170 --- /dev/null +++ b/monasca/templates/configmap-plugins-etc.yaml @@ -0,0 +1,54 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if or .Values.manifests.deployment_agent .Values.manifests.daemonset_agent }} +{{- $envAll := . }} + +{{- if hasKey .Values.conf.agent_plugins.libvirt.config "init_config" -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.auth_url -}} +{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.agent_plugins.libvirt.config.init_config "auth_url" -}} +{{- end -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.region_name -}} +{{- $_ := set .Values.conf.agent_plugins.libvirt.config.init_config "region_name" .Values.endpoints.identity.auth.monasca.region_name -}} +{{- end -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.project_name -}} +{{- $_ := set .Values.conf.agent_plugins.libvirt.config.init_config "project_name" .Values.endpoints.identity.auth.monasca.project_name -}} +{{- end -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.project_domain_name -}} +{{- $_ := set .Values.conf.agent_plugins.libvirt.config.init_config "project_domain_name" .Values.endpoints.identity.auth.monasca.project_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.user_domain_name -}} +{{- $_ := set .Values.conf.agent_plugins.libvirt.config.init_config "user_domain_name" .Values.endpoints.identity.auth.monasca.user_domain_name -}} +{{- end -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.username -}} +{{- $_ := set .Values.conf.agent_plugins.libvirt.config.init_config "username" .Values.endpoints.identity.auth.monasca.username -}} +{{- end -}} +{{- if empty .Values.conf.agent_plugins.libvirt.config.init_config.password -}} +{{- $_ := set .Values.conf.agent_plugins.libvirt.config.init_config "password" .Values.endpoints.identity.auth.monasca.password -}} +{{- end -}} +{{- end -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: monasca-agent-plugin-config +type: Opaque +data: +{{- range $k, $v := .Values.conf.agent_plugins }} +{{- if not $v.auto_detect }} + {{- $fileName := printf "%s.yaml" $k }} + {{ $fileName }}: {{ toYaml $v.config | b64enc }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/monasca/templates/daemonset-agent.yaml b/monasca/templates/daemonset-agent.yaml new file mode 100644 index 0000000000..4995824de3 --- /dev/null +++ b/monasca/templates/daemonset-agent.yaml @@ -0,0 +1,222 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "monasca StatsdLivenessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaStatsdReadinessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaForwarderLivenessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "forwarder" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaForwarderReadinessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "forwarder" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- if .Values.manifests.daemonset_agent }} +{{- $envAll := . }} + +{{- $mounts_monasca_agent_init := .Values.pod.mounts.monasca_agent.init_container }} +{{- $mounts_monasca_collector := .Values.pod.mounts.monasca_agent.monasca_collector }} +{{- $mounts_monasca_forwarder := .Values.pod.mounts.monasca_agent.monasca_forwarder }} +{{- $mounts_monasca_statsd := .Values.pod.mounts.monasca_agent.monasca_statsd }} + +{{- $serviceAccountName := "monasca-agent" }} +{{ tuple $envAll "agent" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: monasca-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll "agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "monasca-agent" "containerNames" (list "monasca-agent" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.agent.node_selector_key }}: {{ .Values.labels.agent.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + hostNetwork: true + dnsPolicy: {{ .Values.pod.dns_policy }} + initContainers: +{{ tuple $envAll "agent" $mounts_monasca_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: monasca-agent-init +{{ tuple $envAll "monasca_collector" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-agent-init.sh + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: monasca-bin + mountPath: /tmp/monasca-agent-init.sh + subPath: monasca-agent-init.sh + readOnly: true + - name: monasca-etc + mountPath: /tmp/agent.yaml + subPath: agent.yaml + readOnly: true + - name: etcmonasca + mountPath: /etc/monasca + containers: + - name: monasca-collector +{{ tuple $envAll "monasca_collector" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.collector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "monasca_collector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-collector.sh + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: plugin-config + mountPath: /tmp/conf.d + readOnly: true + - name: plugin-check-scripts + mountPath: /usr/lib/monasca/agent/custom_checks.d/ + readOnly: true + - name: plugin-detection-scripts + mountPath: /usr/lib/monasca/agent/custom_detect.d/ + readOnly: true + - name: monasca-bin + mountPath: /tmp/monasca-collector.sh + subPath: monasca-collector.sh + readOnly: true + - name: run + mountPath: /run + - name: dev + mountPath: /dev +{{ if $mounts_monasca_collector.volumeMounts }}{{ toYaml $mounts_monasca_collector.volumeMounts | indent 12 }}{{ end }} + - name: monasca-forwarder +{{ tuple $envAll "monasca_forwarder" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.forwarder | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "monasca_forwarder" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-forwarder.sh + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - name: m-forwarder + containerPort: {{ tuple "monitoring" "internal" "forwarder" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "forwarder" "container" "default" "type" "liveness" "probeTemplate" (include "monascaForwarderLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "forwarder" "container" "default" "type" "readiness" "probeTemplate" (include "monascaForwarderReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-forwarder.sh + subPath: monasca-forwarder.sh + readOnly: true +{{ if $mounts_monasca_forwarder.volumeMounts }}{{ toYaml $mounts_monasca_forwarder.volumeMounts | indent 12 }}{{ end }} + - name: monasca-statsd +{{ tuple $envAll "monasca_statsd" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.statsd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "monasca_statsd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-statsd.sh + ports: + - name: m-statsd + containerPort: {{ tuple "monitoring" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "statsd" "container" "default" "type" "liveness" "probeTemplate" (include "monascaStatsdLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "statsd" "container" "default" "type" "readiness" "probeTemplate" (include "monascaStatsdReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-statsd.sh + subPath: monasca-statsd.sh + readOnly: true +{{ if $mounts_monasca_statsd.volumeMounts }}{{ toYaml $mounts_monasca_statsd.volumeMounts | indent 12 }}{{ end }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.monitoring.statsd.internal "path" "/etc/monasca/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etcmonasca + emptyDir: {} + - name: dev + hostPath: + path: /dev + - name: run + hostPath: + path: /run + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 + - name: plugin-check-scripts + configMap: + name: monasca-agent-check-scripts + defaultMode: 0555 + - name: plugin-detection-scripts + configMap: + name: monasca-agent-detection-scripts + defaultMode: 0555 + - name: monasca-etc + secret: + secretName: monasca-etc + defaultMode: 0444 + - name: plugin-config + secret: + secretName: monasca-agent-plugin-config + defaultMode: 0444 +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.monitoring.statsd.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{ if $mounts_monasca_collector.volumes }}{{ toYaml $mounts_monasca_collector.volumes | indent 8 }}{{ end }} +{{ if $mounts_monasca_forwarder.volumes }}{{ toYaml $mounts_monasca_forwarder.volumes | indent 8 }}{{ end }} +{{ if $mounts_monasca_statsd.volumes }}{{ toYaml $mounts_monasca_statsd.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/monasca/templates/deployment-agent.yaml b/monasca/templates/deployment-agent.yaml new file mode 100644 index 0000000000..df65004c83 --- /dev/null +++ b/monasca/templates/deployment-agent.yaml @@ -0,0 +1,223 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "monascaStatsdLivenessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaStatsdReadinessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaForwarderLivenessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "forwarder" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaForwarderReadinessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "forwarder" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- if .Values.manifests.deployment_agent }} +{{- $envAll := . }} + +{{- $mounts_monasca_agent_init := .Values.pod.mounts.monasca_agent.init_container }} +{{- $mounts_monasca_collector := .Values.pod.mounts.monasca_agent.monasca_collector }} +{{- $mounts_monasca_forwarder := .Values.pod.mounts.monasca_agent.monasca_forwarder }} +{{- $mounts_monasca_statsd := .Values.pod.mounts.monasca_agent.monasca_statsd }} + +{{- $serviceAccountName := "monasca-agent" }} +{{ tuple $envAll "agent" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: monasca-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.agent }} + selector: + matchLabels: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "monasca-agent" "containerNames" (list "monasca-agent" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "monasca" "agent" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.agent.node_selector_key }}: {{ .Values.labels.agent.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + hostNetwork: true + dnsPolicy: {{ .Values.pod.dns_policy }} + initContainers: +{{ tuple $envAll "agent" $mounts_monasca_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: monasca-agent-init +{{ tuple $envAll "monasca_collector" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-agent-init.sh + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: monasca-bin + mountPath: /tmp/monasca-agent-init.sh + subPath: monasca-agent-init.sh + readOnly: true + - name: monasca-etc + mountPath: /tmp/agent.yaml + subPath: agent.yaml + readOnly: true + - name: etcmonasca + mountPath: /etc/monasca + containers: + - name: monasca-collector +{{ tuple $envAll "monasca_collector" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.collector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "monasca_collector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-collector.sh + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: plugin-config + mountPath: /tmp/conf.d + readOnly: true + - name: plugin-check-scripts + mountPath: /usr/lib/monasca/agent/custom_checks.d/ + readOnly: true + - name: plugin-detection-scripts + mountPath: /usr/lib/monasca/agent/custom_detect.d/ + readOnly: true + - name: monasca-bin + mountPath: /tmp/monasca-collector.sh + subPath: monasca-collector.sh + readOnly: true + - name: run + mountPath: /run + - name: dev + mountPath: /dev +{{ if $mounts_monasca_collector.volumeMounts }}{{ toYaml $mounts_monasca_collector.volumeMounts | indent 12 }}{{ end }} + - name: monasca-forwarder +{{ tuple $envAll "monasca_forwarder" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.forwarder | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "monasca_forwarder" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-forwarder.sh + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - name: m-forwarder + containerPort: {{ tuple "monitoring" "internal" "forwarder" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "forwarder" "container" "default" "type" "liveness" "probeTemplate" (include "monascaForwarderLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "forwarder" "container" "default" "type" "readiness" "probeTemplate" (include "monascaForwarderReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-forwarder.sh + subPath: monasca-forwarder.sh + readOnly: true +{{ if $mounts_monasca_forwarder.volumeMounts }}{{ toYaml $mounts_monasca_forwarder.volumeMounts | indent 12 }}{{ end }} + - name: monasca-statsd +{{ tuple $envAll "monasca_statsd" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.statsd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "agent" "container" "monasca_statsd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-statsd.sh + ports: + - name: m-statsd + containerPort: {{ tuple "monitoring" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "statsd" "container" "default" "type" "liveness" "probeTemplate" (include "monascaStatsdLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "statsd" "container" "default" "type" "readiness" "probeTemplate" (include "monascaStatsdReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-statsd.sh + subPath: monasca-statsd.sh + readOnly: true +{{ if $mounts_monasca_statsd.volumeMounts }}{{ toYaml $mounts_monasca_statsd.volumeMounts | indent 12 }}{{ end }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.monitoring.statsd.internal "path" "/etc/monasca/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etcmonasca + emptyDir: {} + - name: dev + hostPath: + path: /dev + - name: run + hostPath: + path: /run + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 + - name: plugin-check-scripts + configMap: + name: monasca-agent-check-scripts + defaultMode: 0555 + - name: plugin-detection-scripts + configMap: + name: monasca-agent-detection-scripts + defaultMode: 0555 + - name: monasca-etc + secret: + secretName: monasca-etc + defaultMode: 0444 + - name: plugin-config + secret: + secretName: monasca-agent-plugin-config + defaultMode: 0444 +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.monitoring.statsd.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{ if $mounts_monasca_collector.volumes }}{{ toYaml $mounts_monasca_collector.volumes | indent 8 }}{{ end }} +{{ if $mounts_monasca_forwarder.volumes }}{{ toYaml $mounts_monasca_forwarder.volumes | indent 8 }}{{ end }} +{{ if $mounts_monasca_statsd.volumes }}{{ toYaml $mounts_monasca_statsd.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/monasca/templates/deployment-api.yaml b/monasca/templates/deployment-api.yaml new file mode 100644 index 0000000000..350f441bc7 --- /dev/null +++ b/monasca/templates/deployment-api.yaml @@ -0,0 +1,149 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "monascaApiLivenessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- define "monascaApiReadinessProbeTemplate" }} +tcpSocket: + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{- end }} + +{{- if .Values.manifests.deployment_api }} +{{- $envAll := . }} + +{{- $mounts_monasca_api := .Values.pod.mounts.monasca_api.monasca_api }} +{{- $mounts_monasca_api_init := .Values.pod.mounts.monasca_api.init_container }} + +{{- $serviceAccountName := "monasca-api" }} +{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: monasca-api + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "monasca" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.api }} + selector: + matchLabels: +{{ tuple $envAll "monasca" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "monasca" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "monasca-api" "containerNames" (list "monasca-api" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "monasca" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + initContainers: +{{ tuple $envAll "api" $mounts_monasca_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: monasca-api +{{ tuple $envAll "monasca_api" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "api" "container" "monasca-api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-api.sh + - start + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + lifecycle: + preStop: + exec: + command: + - /tmp/monasca-api.sh + - stop + ports: + - name: m-api + containerPort: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} +{{ dict "envAll" $envAll "component" "api" "container" "default" "type" "liveness" "probeTemplate" (include "monascaApiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "api" "container" "default" "type" "readiness" "probeTemplate" (include "monascaApiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-api.sh + subPath: monasca-api.sh + readOnly: true + - name: logs-apache + mountPath: /var/log/apache2 + - name: run-apache + mountPath: /var/run/apache2 + - name: wsgi-monasca + mountPath: /var/www/cgi-bin/monasca + - name: monasca-etc + mountPath: /etc/monasca/monasca-api.conf + subPath: monasca-api.conf + readOnly: true + - name: monasca-etc + mountPath: /etc/monasca/api-config.ini + subPath: api-config.ini + readOnly: true + - name: monasca-etc + mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-monasca.conf + subPath: wsgi-monasca.conf + readOnly: true + {{- if .Values.conf.monasca_api.DEFAULT.log_config_append }} + - name: monasca-etc + mountPath: {{ .Values.conf.monasca_api.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.monasca_api.DEFAULT.log_config_append }} + readOnly: true + {{- end }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.monitoring.api.internal "path" "/etc/monasca/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{ if $mounts_monasca_api.volumeMounts }}{{ toYaml $mounts_monasca_api.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etcmonasca + emptyDir: {} + - name: wsgi-monasca + emptyDir: {} + - name: logs-apache + emptyDir: {} + - name: run-apache + emptyDir: {} + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 + - name: monasca-etc + secret: + secretName: monasca-etc + defaultMode: 0444 +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.monitoring.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{ if $mounts_monasca_api.volumes }}{{ toYaml $mounts_monasca_api.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/monasca/templates/deployment-notification.yaml b/monasca/templates/deployment-notification.yaml new file mode 100644 index 0000000000..30c7029c2d --- /dev/null +++ b/monasca/templates/deployment-notification.yaml @@ -0,0 +1,92 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_notification }} +{{- $envAll := . }} + +{{- $mounts_monasca_notification := .Values.pod.mounts.monasca_notification.monasca_notification }} +{{- $mounts_monasca_notification_init := .Values.pod.mounts.monasca_notification.init_container }} + +{{- $serviceAccountName := "monasca-notification" }} +{{ tuple $envAll "notification" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: monasca-notification + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "monasca" "notification" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.notification }} + selector: + matchLabels: +{{ tuple $envAll "monasca" "notification" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "monasca" "notification" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "monasca-notification" "containerNames" (list "monasca-notification" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "notification" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "monasca" "notification" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.notification.node_selector_key }}: {{ .Values.labels.notification.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + initContainers: +{{ tuple $envAll "notification" $mounts_monasca_notification_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: monasca-notification +{{ tuple $envAll "monasca_notification" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.notification | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "monasca" "container" "notification" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-notification.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-notification.sh + subPath: monasca-notification.sh + readOnly: true + - name: monasca-etc + mountPath: /etc/monasca/notification-config.conf + subPath: notification-config.conf + readOnly: true +{{ if $mounts_monasca_notification.volumeMounts }}{{ toYaml $mounts_monasca_notification.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etcmonasca + emptyDir: {} + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 + - name: monasca-etc + secret: + secretName: monasca-etc + defaultMode: 0444 +{{ if $mounts_monasca_notification.volumes }}{{ toYaml $mounts_monasca_notification.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/monasca/templates/deployment-persister.yaml b/monasca/templates/deployment-persister.yaml new file mode 100644 index 0000000000..aeefa7c3ec --- /dev/null +++ b/monasca/templates/deployment-persister.yaml @@ -0,0 +1,92 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.deployment_persister }} +{{- $envAll := . }} + +{{- $mounts_monasca_persister := .Values.pod.mounts.monasca_persister.monasca_persister }} +{{- $mounts_monasca_persister_init := .Values.pod.mounts.monasca_persister.init_container }} + +{{- $serviceAccountName := "monasca-persister" }} +{{ tuple $envAll "persister" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: monasca-persister + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "monasca" "persister" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ .Values.pod.replicas.persister }} + selector: + matchLabels: +{{ tuple $envAll "monasca" "persister" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "monasca" "persister" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "monasca-persister" "containerNames" (list "monasca-persister" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "persister" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: +{{ tuple $envAll "monasca" "persister" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.persister.node_selector_key }}: {{ .Values.labels.persister.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + initContainers: +{{ tuple $envAll "persister" $mounts_monasca_persister_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: monasca-persister +{{ tuple $envAll "monasca_persister" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.persister | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "monasca" "container" "persister" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/monasca-persister.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-persister.sh + subPath: monasca-persister.sh + readOnly: true + - name: monasca-etc + mountPath: /etc/monasca/monasca-persister.conf + subPath: monasca-persister.conf + readOnly: true +{{ if $mounts_monasca_persister.volumeMounts }}{{ toYaml $mounts_monasca_persister.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etcmonasca + emptyDir: {} + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 + - name: monasca-etc + secret: + secretName: monasca-etc + defaultMode: 0444 +{{ if $mounts_monasca_persister.volumes }}{{ toYaml $mounts_monasca_persister.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/monasca/templates/ingress-api.yaml b/monasca/templates/ingress-api.yaml new file mode 100644 index 0000000000..e6c484c331 --- /dev/null +++ b/monasca/templates/ingress-api.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $envAll := . }} +{{- $ingressOpts := dict "envAll" $envAll "backendService" "api" "backendServiceType" "monitoring" "backendPort" "api" -}} +{{- $secretName := $envAll.Values.secrets.tls.monitoring.api.internal -}} +{{- if and .Values.manifests.certificates $secretName -}} +{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.monitoring.host_fqdn_override.default.tls.issuerRef.name -}} +{{- end -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/monasca/templates/job-bootstrap.yaml b/monasca/templates/job-bootstrap.yaml new file mode 100644 index 0000000000..fdec1ac64e --- /dev/null +++ b/monasca/templates/job-bootstrap.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.bootstrap" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "5" +{{- end }} + +{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} +{{- $bootstrapJob := dict "envAll" . "serviceName" "monasca" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.monasca_api.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}} +{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} +{{- end }} diff --git a/monasca/templates/job-db-drop.yaml b/monasca/templates/job-db-drop.yaml new file mode 100644 index 0000000000..4cc7f006bf --- /dev/null +++ b/monasca/templates/job-db-drop.yaml @@ -0,0 +1,22 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $dbToDrop := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.monasca -}} +{{- $dbDropJob := dict "envAll" . "serviceName" "monasca" "dbToDrop" $dbToDrop -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} +{{- end }} diff --git a/monasca/templates/job-db-init.yaml b/monasca/templates/job-db-init.yaml new file mode 100644 index 0000000000..2bcc2dcf9e --- /dev/null +++ b/monasca/templates/job-db-init.yaml @@ -0,0 +1,29 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_init" }} +{{- if .Values.helm3_hook -}} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-5" +{{- end -}} +{{- end -}} + +{{- if .Values.manifests.job_db_init }} +{{- $dbToInit := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.monasca -}} +{{- $dbInitJob := dict "envAll" . "serviceName" "monasca" "dbToInit" $dbToInit "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} +{{- end -}} +{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} +{{- end }} diff --git a/monasca/templates/job-db-sync.yaml b/monasca/templates/job-db-sync.yaml new file mode 100644 index 0000000000..cd1bc9057a --- /dev/null +++ b/monasca/templates/job-db-sync.yaml @@ -0,0 +1,26 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.db_sync" }} +{{- if .Values.helm3_hook -}} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end -}} +{{- end }} + +{{- if .Values.manifests.job_db_sync }} +{{- $dbToSync := dict "configFile" "/etc/monasca/monasca-api.conf" "logConfigFile" "/etc/monasca/api-logging.conf" "image" ( index .Values.images.tags "monasca_db_sync" ) }} +{{- $dbSyncJob := dict "envAll" . "dbToSync" $dbToSync "serviceName" "monasca" "podVolMounts" .Values.pod.mounts.monasca_db_sync.monasca_db_sync.volumeMounts "podVols" .Values.pod.mounts.monasca_db_sync.monasca_db_sync.volumes "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} +{{- end }} \ No newline at end of file diff --git a/monasca/templates/job-image-repo-sync.yaml b/monasca/templates/job-image-repo-sync.yaml new file mode 100644 index 0000000000..5b16b2833d --- /dev/null +++ b/monasca/templates/job-image-repo-sync.yaml @@ -0,0 +1,22 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.repo_sync" }} +helm.sh/hook: post-install,post-upgrade +{{- end }} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "monasca" "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/monasca/templates/job-influxdb-init.yaml b/monasca/templates/job-influxdb-init.yaml new file mode 100644 index 0000000000..c68e9595f4 --- /dev/null +++ b/monasca/templates/job-influxdb-init.yaml @@ -0,0 +1,103 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_influxdb_init }} +{{- $envAll := . }} + +{{- $serviceAccountName := "monasca-influxdb-init" }} +{{ tuple $envAll "influxdb_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $secretName := index $envAll.Values.secrets "metrics_db" }} +{{- $influxdbUrl := tuple "metrics_db" "internal" "influxdb" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook-delete-policy": hook-succeeded + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-weight: "-5" + name: monasca-influxdb-init +spec: + backoffLimit: 1000 + template: + metadata: + labels: +{{ tuple $envAll "monasca" "influxdb-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} +{{ dict "envAll" $envAll "application" "monasca" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + restartPolicy: OnFailure + initContainers: +{{ tuple $envAll "influxdb_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: influxdb-init +{{ tuple $envAll "influxdb_init" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.influxdb_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "monasca" "container" "influxdb_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + env: + - name: INFLUXDB_URL + value: {{ $influxdbUrl }} + - name: INFLUXDB_USER + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: influxdb-admin-user + - name: INFLUXDB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: influxdb-admin-password + - name: INFLUXDB_API_USER + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: influxdb-api-user + - name: INFLUXDB_API_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: influxdb-api-password + - name: INFLUXDB_PERSISTER_USER + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: influxdb-persister-user + - name: INFLUXDB_PERSISTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: influxdb-persister-password + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: monasca-bin + mountPath: /tmp/influxdb-init.sh + subPath: influxdb-init.sh + readOnly: true + command: + - /bin/sh + - /tmp/influxdb-init.sh + volumes: + - name: pod-tmp + emptyDir: {} + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 +{{- end }} \ No newline at end of file diff --git a/monasca/templates/job-ks-api-endpoints.yaml b/monasca/templates/job-ks-api-endpoints.yaml new file mode 100644 index 0000000000..886dbfcfdc --- /dev/null +++ b/monasca/templates/job-ks-api-endpoints.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_endpoints" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-2" +{{- end }} + +{{- if .Values.manifests.job_ks_endpoints }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "monasca" "serviceTypes" ( tuple "monitoring" "logs" "logs-search" ) "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} +{{- end }} diff --git a/monasca/templates/job-ks-api-service.yaml b/monasca/templates/job-ks-api-service.yaml new file mode 100644 index 0000000000..b942a2e634 --- /dev/null +++ b/monasca/templates/job-ks-api-service.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_service" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-3" +{{- end }} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "monasca" "serviceTypes" ( tuple "monitoring" "logs" "logs-search" ) "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} +{{- end }} diff --git a/monasca/templates/job-ks-user.yaml b/monasca/templates/job-ks-user.yaml new file mode 100644 index 0000000000..3415d3151d --- /dev/null +++ b/monasca/templates/job-ks-user.yaml @@ -0,0 +1,27 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.ks_user" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-1" +{{- end }} + +{{- if .Values.manifests.job_ks_user }} +{{- $ksUserJob := dict "envAll" . "serviceName" "monasca" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- $ksUserJob := dict "envAll" . "serviceName" "monasca_agent" "configMapBin" "monasca-bin" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- $ksUserJob := dict "envAll" . "serviceName" "monasca_read_only_user" "configMapBin" "monasca-bin" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/monasca/templates/job-rabbit-init.yaml b/monasca/templates/job-rabbit-init.yaml new file mode 100644 index 0000000000..c839ca842f --- /dev/null +++ b/monasca/templates/job-rabbit-init.yaml @@ -0,0 +1,23 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "metadata.annotations.job.rabbit_init" }} +helm.sh/hook: post-install,post-upgrade +helm.sh/hook-weight: "-4" +{{- end }} + +{{- if .Values.manifests.job_rabbit_init }} +{{- $rmqUserJob := dict "envAll" . "serviceName" "monasca" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}} +{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} +{{- end }} diff --git a/monasca/templates/job-thresh-upload.yaml b/monasca/templates/job-thresh-upload.yaml new file mode 100644 index 0000000000..de39c074b0 --- /dev/null +++ b/monasca/templates/job-thresh-upload.yaml @@ -0,0 +1,93 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_thresh }} +{{- $envAll := . }} + +{{- $mounts_monasca_thresh := .Values.pod.mounts.monasca_thresh.monasca_thresh }} +{{- $mounts_monasca_thresh_init := .Values.pod.mounts.monasca_thresh.init_container }} + +{{- $serviceAccountName := "monasca-thresh" }} +{{ tuple $envAll "thresh" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: monasca-thresh-upload + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-weight: "1" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: +{{ tuple $envAll "monasca" "thresh" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "monasca-thresh" "containerNames" (list "monasca-thresh" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: Never +{{ dict "envAll" $envAll "application" "thresh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + nodeSelector: + {{ .Values.labels.thresh.node_selector_key }}: {{ .Values.labels.thresh.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.monasca.timeout | default "30" }} + initContainers: +{{ tuple $envAll "thresh" $mounts_monasca_thresh_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: monasca-thresh +{{ tuple $envAll "monasca_thresh" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.thresh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "thresh" "container" "monasca-thresh" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + env: + - name: DEBUG + value: "true" + command: + - /tmp/monasca-thresh.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: etcmonasca + mountPath: /etc/monasca + - name: monasca-bin + mountPath: /tmp/monasca-thresh.sh + subPath: monasca-thresh.sh + readOnly: true + - name: monasca-etc + mountPath: /tmp/thresh-config.yml + subPath: thresh-config.yml + readOnly: true + - name: monasca-etc + mountPath: /conf/storm.yaml + subPath: storm.yaml + readOnly: true +{{ if $mounts_monasca_thresh.volumeMounts }}{{ toYaml $mounts_monasca_thresh.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: etcmonasca + emptyDir: {} + - name: monasca-bin + configMap: + name: monasca-bin + defaultMode: 0555 + - name: monasca-etc + secret: + secretName: monasca-etc + defaultMode: 0444 +{{ if $mounts_monasca_thresh.volumes }}{{ toYaml $mounts_monasca_thresh.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/monasca/templates/network_policy.yaml b/monasca/templates/network_policy.yaml new file mode 100644 index 0000000000..7b083da1b8 --- /dev/null +++ b/monasca/templates/network_policy.yaml @@ -0,0 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.manifests.network_policy -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "monasca" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/monasca/templates/secret-db.yaml b/monasca/templates/secret-db.yaml new file mode 100644 index 0000000000..fd64b69575 --- /dev/null +++ b/monasca/templates/secret-db.yaml @@ -0,0 +1,33 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "monasca" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/monasca/templates/secret-influxdb-secret.yaml b/monasca/templates/secret-influxdb-secret.yaml new file mode 100644 index 0000000000..f106f6479c --- /dev/null +++ b/monasca/templates/secret-influxdb-secret.yaml @@ -0,0 +1,31 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_influxdb }} +{{- $envAll := . }} +{{- $secretName := index $envAll.Values.secrets "metrics_db" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + influxdb-admin-user: {{ .Values.endpoints.metrics_db.auth.admin.username | b64enc }} + influxdb-admin-password: {{ .Values.endpoints.metrics_db.auth.admin.password | b64enc }} + influxdb-api-user: {{ .Values.endpoints.metrics_db.auth.monasca_api.username | b64enc }} + influxdb-api-password: {{ .Values.endpoints.metrics_db.auth.monasca_api.password | b64enc }} + influxdb-persister-user: {{ .Values.endpoints.metrics_db.auth.monasca_persister.username | b64enc }} + influxdb-persister-password: {{ .Values.endpoints.metrics_db.auth.monasca_persister.password | b64enc }} +{{- end }} \ No newline at end of file diff --git a/monasca/templates/secret-ingress-tls.yaml b/monasca/templates/secret-ingress-tls.yaml new file mode 100644 index 0000000000..6b323abb83 --- /dev/null +++ b/monasca/templates/secret-ingress-tls.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ingress_tls }} +{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendService" "monitoring" "backendServiceType" "monitoring" ) }} +{{- end }} diff --git a/monasca/templates/secret-keystone.yaml b/monasca/templates/secret-keystone.yaml new file mode 100644 index 0000000000..ccd6d257c5 --- /dev/null +++ b/monasca/templates/secret-keystone.yaml @@ -0,0 +1,28 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_keystone }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "monasca" "monasca_agent" "monasca_read_only_user" }} +{{- $secretName := index $envAll.Values.secrets.identity $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: +{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/monasca/templates/service-ingress.yaml b/monasca/templates/service-ingress.yaml new file mode 100644 index 0000000000..4bc5a40e10 --- /dev/null +++ b/monasca/templates/service-ingress.yaml @@ -0,0 +1,18 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "monitoring" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/monasca/templates/service.yaml b/monasca/templates/service.yaml new file mode 100644 index 0000000000..89a95749b6 --- /dev/null +++ b/monasca/templates/service.yaml @@ -0,0 +1,44 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "monitoring" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + {{ if .Values.network.node_port.enabled }} + - name: web + protocol: TCP + nodePort: {{ .Values.network.node_port.port }} + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ else }} + - name: web + protocol: TCP + port: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + targetPort: {{ tuple "monitoring" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + {{ end }} + selector: +{{ tuple $envAll "monasca" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + {{ if .Values.network.node_port.enabled }} + type: NodePort + {{ if .Values.network.external_policy_local }} + externalTrafficPolicy: Local + {{ end }} + {{ end }} +{{- end }} diff --git a/monasca/values.yaml b/monasca/values.yaml new file mode 100644 index 0000000000..15c57e2cdf --- /dev/null +++ b/monasca/values.yaml @@ -0,0 +1,1141 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for monasca-api. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +--- +images: + tags: + ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic + ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic + ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic + influxdb_init: radial/busyboxplus:curl + db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic + monasca_db_sync: docker.io/openstackhelm/monasca:stein-ubuntu_bionic + db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic + monasca_api: docker.io/openstackhelm/monasca_api:stein-ubuntu_bionic + monasca_collector: docker.io/openstackhelm/monasca_agent:stein-ubuntu_bionic + monasca_forwarder: docker.io/openstackhelm/monasca_forwarder:stein-ubuntu_bionic + monasca_statsd: docker.io/openstackhelm/monasca_statsd:stein-ubuntu_bionic + monasca_notification: docker.io/openstackhelm/monasca_notification:stein-ubuntu_bionic + monasca_persister: docker.io/openstackhelm/monasca_persister:stein-ubuntu_bionic + monasca_thresh: docker.io/openstackhelm/monasca_thresh:stein-ubuntu_bionic + test: docker.io/openstackhelm/osh-selenium:latest-ubuntu_bionic + dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +release_group: null + +labels: + agent: + node_selector_key: openstack-compute-node + node_selector_value: enabled + api: + node_selector_key: openstack-control-plane + node_selector_value: enabled + notification: + node_selector_key: openstack-control-plane + node_selector_value: enabled + persister: + node_selector_key: openstack-control-plane + node_selector_value: enabled + thresh: + node_selector_key: openstack-control-plane + node_selector_value: enabled + job: + node_selector_key: openstack-control-plane + node_selector_value: enabled +network: + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + external_policy_local: false + node_port: + enabled: false + port: 31000 + +conf: + agent: + Api: + amplifier: 0 + backlog_send_rate: 1000 + ca_file: null + insecure: false + max_batch_size: 0 + max_buffer_size: 1000 + max_measurement_buffer_size: -1 + service_type: monitoring + Logging: + disable_file_logging: false + collector_log_file: /var/log/monasca/agent/collector.log + forwarder_log_file: /var/log/monasca/agent/forwarder.log + statsd_log_file: /var/log/monasca/agent/statsd.log + enable_logrotate: true + log_level: WARN + log_to_event_viewer: false + log_to_syslog: false + syslog_host: None + syslog_port: None + Main: + check_freq: 15 + autorestart: false + collector_restart_interval: 24 + dimensions: + service: monitoring + # %AGENT_HOSTNAME% is replaced with the correct value in the init container. + hostname: "%AGENT_HOSTNAME%" + # %FORWARDER_IP% is replaced with the correct value in the init container. + forwarder_url: "http://%FORWARDER_IP%:17123" + num_collector_threads: 1 + pool_full_max_retries: 4 + sub_collection_warn: 6 + non_local_traffic: true + Statsd: + monasca_statsd_interval: 20 + monasca_statsd_port: 8125 + # monasca_statsd_forward_host: None + # monasca_statsd_forward_port: 8125 + agent_plugins: + # Plugin config has 2 fields; + # auto_detect: specify if it is auto configured by monasca-setup or not + # config: plugin specific configurations. + # when auto_detect is false, it is rendered as config yaml file + # when auto_detect is true, it is used as args in monasca-setup + libvirt: + auto_detect: false + config: + init_config: {} + # auto_detect: true + # config: + # nova_refresh: + # vm_probation: + # Custom check plugins. Refer values_overrides/nvidia.yaml. + check_scripts: {} + # Custom detection plugins. Refer values_overrides/nvidia.yaml. + detection_scripts: {} + monasca_api: + DEFAULT: + enable_logs_api: true + region: RegionOne + log_config_append: /etc/monasca/api-logging.conf + messaging: + driver: monasca_api.common.messaging.kafka_publisher:KafkaPublisher + kafka: + logs_topics: log + uri: 127.0.0.1:9092 + repositories: + metrics_driver: monasca_api.common.repositories.influxdb.metrics_repository:MetricsRepository + cassandra: + contact_points: 127.0.0.1 + influxdb: + db_per_tenant: false + database_name: monasca + database: + max_retries: -1 + keystone_authtoken: + auth_type: password + auth_version: v3 + memcache_security_strategy: ENCRYPT + security: + default_authorized_roles: monasca-user + agent_authorized_roles: monasca-agent + read_only_authorized_roles: monasca-read-only-user + delegate_authorized_roles: monasca-agent + monasca_api_paste: + DEFAULT: + name: monasca_api + pipeline:main: + pipeline: request_id auth api + app:api: + paste.app_factory: monasca_api.api.server:launch + filter:auth: + paste.filter_factory: monasca_api.healthcheck.keystone_protocol:filter_factory + filter:request_id: + paste.filter_factory: oslo_middleware.request_id:RequestId.factory + server:main: + use: egg:gunicorn#main + host: 0.0.0.0 + port: 8070 + workers: 8 + worker-connections: 2000 + worker-class: eventlet + timeout: 30 + backlog: 2048 + keepalive: 2 + proc_name: monasca-api + loglevel: DEBUG + logging: + loggers: + keys: + - root + - sqlalchemy + - kafka + - kafkalib + handlers: + keys: + - stdout + - stderr + - "null" + formatters: + keys: + - context + - default + logger_root: + level: INFO + handlers: 'stdout' + logger_sqlalchemy: + qualname: sqlalchemy.engine + level: DEBUG + handlers: 'stdout' + propagate: 0 + logger_kafka: + qualname: kafka + level: DEBUG + handlers: 'stdout' + propagate: 0 + logger_kafkalib: + qualname: monasca_common.kafka_lib + level: INFO + handlers: 'stdout' + propagate: 0 + handler_null: + class: logging.NullHandler + formatter: default + args: () + handler_stdout: + class: StreamHandler + args: (sys.stdout,) + formatter: context + handler_stderr: + class: StreamHandler + args: (sys.stderr,) + formatter: context + formatter_context: + class: oslo_log.formatters.ContextFormatter + datefmt: "%Y-%m-%d %H:%M:%S" + formatter_default: + format: "%(message)s" + datefmt: "%Y-%m-%d %H:%M:%S" + + wsgi_monasca_api: | + {{- $portInt := tuple "monitoring" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + + Listen 0.0.0.0:{{ $portInt }} + + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + + WSGIDaemonProcess monasca-api processes=1 threads=1 user=monasca-api group=monasca-api display-name=%{GROUP} + WSGIProcessGroup monasca-api + WSGIScriptAlias / /var/www/cgi-bin/monasca/monasca-api-wsgi + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /dev/stdout + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + CustomLog /dev/stdout combined env=!forwarded + CustomLog /dev/stdout proxy env=forwarded + + thresh_config: + metricSpoutThreads: 2 + metricSpoutTasks: 2 + + statsdConfig: + host: "127.0.0.1" + port: 8125 + prefix: monasca.storm. + dimensions: !!map + service: monitoring + component: storm + + metricSpoutConfig: + kafkaConsumerConfiguration: + # See http://kafka.apache.org/documentation.html#api for semantics and defaults. + topic: "metrics" + numThreads: 1 + groupId: "thresh-metric" + zookeeperConnect: "127.0.0.1:2181" + consumerId: 1 + socketTimeoutMs: 30000 + socketReceiveBufferBytes: 65536 + fetchMessageMaxBytes: 1048576 + autoCommitEnable: true + autoCommitIntervalMs: 60000 + queuedMaxMessageChunks: 10 + rebalanceMaxRetries: 4 + fetchMinBytes: 1 + fetchWaitMaxMs: 100 + rebalanceBackoffMs: 2000 + refreshLeaderBackoffMs: 200 + autoOffsetReset: largest + consumerTimeoutMs: -1 + clientId: 1 + zookeeperSessionTimeoutMs: 60000 + zookeeperConnectionTimeoutMs: 60000 + zookeeperSyncTimeMs: 2000 + + eventSpoutConfig: + kafkaConsumerConfiguration: + # See http://kafka.apache.org/documentation.html#api for semantics and defaults. + topic: "events" + numThreads: 1 + groupId: "thresh-event" + zookeeperConnect: "127.0.0.1:2181" + consumerId: 1 + socketTimeoutMs: 30000 + socketReceiveBufferBytes: 65536 + fetchMessageMaxBytes: 1048576 + autoCommitEnable: true + autoCommitIntervalMs: 60000 + queuedMaxMessageChunks: 10 + rebalanceMaxRetries: 4 + fetchMinBytes: 1 + fetchWaitMaxMs: 100 + rebalanceBackoffMs: 2000 + refreshLeaderBackoffMs: 200 + autoOffsetReset: largest + consumerTimeoutMs: -1 + clientId: 1 + zookeeperSessionTimeoutMs: 60000 + zookeeperConnectionTimeoutMs: 60000 + zookeeperSyncTimeMs: 2000 + + kafkaProducerConfig: + # See http://kafka.apache.org/documentation.html#api for semantics and defaults. + topic: "alarm-state-transitions" + metadataBrokerList: "kafka:9092" + serializerClass: kafka.serializer.StringEncoder + partitionerClass: "" + requestRequiredAcks: 1 + requestTimeoutMs: 10000 + producerType: sync + keySerializerClass: "" + compressionCodec: none + compressedTopics: "" + messageSendMaxRetries: 3 + retryBackoffMs: 100 + topicMetadataRefreshIntervalMs: 600000 + queueBufferingMaxMs: 5000 + queueBufferingMaxMessages: 10000 + queueEnqueueTimeoutMs: -1 + batchNumMessages: 200 + sendBufferBytes: 102400 + clientId: Threshold_Engine + + sporadicMetricNamespaces: + - foo + + database: + driverClass: org.mariadb.jdbc.Driver + url: "jdbc:mariadb://%THRESH_DB_URL%" + user: "%THRESH_DB_USER%" + password: "%THRESH_DB_PASSWORD%" + properties: + ssl: false + # the maximum amount of time to wait on an empty pool before throwing an exception + maxWaitForConnection: 1s + + # the SQL query to run when validating a connection's liveness + validationQuery: "/* mysql Health Check */ SELECT 1" + + # the minimum number of connections to keep open + minSize: 8 + + # the maximum number of connections to keep open + maxSize: 41 + + notification_config: + kafka: + url: kafka:9092 + database: + repo_driver: monasca_notification.common.repositories.mysql.mysql_repo:MysqlRepo + email_notifier: + grafana_url: grafana:3000 + # from_addr: string + # server: email_server + # port: email_port + # timeout: 5 # min value is 1 + # user: email_user + # password: email_password + jira_notifier: {} + # timeout: 5 # min value is 1 + # user: + # password: + # custom_formatter: + # proxy: + pagerduty_notifier: {} + # timeout: + # url: + slack_notifier: {} + # timeout: + # insecure: + # ca_certs: + # proxy: + # message_template: + webhook_notifier: {} + # timeout: 5 + keystone: {} + # auth_url: 199.204.45.231/identity/v3 + notification_types: + enabled: + - email + - pagerduty + - webhook + - jira + - slack + mysql: {} + zookeeper: + url: ["127.0.0.1:2181"] + persister_config: + DEFAULT: + debug: "True" + default_log_levels: "monasca_common.kafka_lib.client=INFO" + logging_exception_prefix: "ERROR %(name)s %(instance)s" + logging_default_format_string: "%(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s" + logging_context_format_string": "%(color)s%(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s" + logging_debug_format_suffix: "{{(pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d}}" + use_syslog: "False" + influxdb: + database_name: monasca + db_per_tenant: false + kafka: + num_processors: 1 + kafka_alarm_history: + batch_size: 1 + topic: alarm-state-transitions + group_id: 1_alarm-state-transitions + uri: kafka:9092 + kafka_events: {} + kafka_metrics: + batch_size: 30 + topic: metrics + group_id: 1_metrics + uri: kafka:9092 + repositories: + alarm_state_history_driver: monasca_persister.repositories.influxdb.alarm_state_history_repository:AlarmStateHistInfluxdbRepository + metrics_driver: monasca_persister.repositories.influxdb.metrics_repository:MetricInfluxdbRepository + zookeeper: + uri: zookeeper:2181 + storm: + java.library.path: "/usr/local/lib:/opt/local/lib:/usr/lib" + storm.local.dir: "/var/storm" + storm.zookeeper.servers: + - "127.0.0.1" + storm.zookeeper.port: 2181 + storm.zookeeper.retry.interval: 5000 + storm.zookeeper.retry.times: 60 + storm.zookeeper.root: /storm + storm.zookeeper.session.timeout: 3000 + supervisor.slots.ports: + - 6701 + - 6702 + supervisor.childopts: -Xmx256m + worker.childopts: -Xmx1280m -XX:+UseConcMarkSweepGC -Dcom.sun.management.jmxremote + nimbus.seeds: ["127.0.0.1"] + nimbus.thrift.port: 6627 + nimbus.childopts: -Xmx256m + ui.host: localhost + ui.port: 8089 + ui.childopts: -Xmx768m + logviewer.port: 8090 + logviewer.childopts: -Xmx128m + transactional.zookeeper.servers: + - "127.0.0.1" + transactional.zookeeper.port: 2181 + transactional.zookeeper.root: /storm-transactional + topology.acker.executors: 1 + topology.debug: False + + software: + apache2: + binary: apache2 + start_parameters: -DFOREGROUND + conf_dir: /etc/apache2/conf-enabled + site_dir: /etc/apache2/sites-enable + mods_dir: /etc/apache2/mods-available + a2enmod: null + a2dismod: null +pod: + probes: + rpc_timeout: 60 + rpc_retries: 2 + api: + default: + liveness: + enabled: true + params: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 + readiness: + enabled: true + params: + initialDelaySeconds: 80 + periodSeconds: 90 + timeoutSeconds: 70 + forwarder: + default: + liveness: + enabled: true + params: + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 + readiness: + enabled: true + params: + initialDelaySeconds: 80 + periodSeconds: 90 + timeoutSeconds: 70 + statsd: + default: {} + + security_context: + agent: + pod: + runAsUser: 42424 + container: + agent_init: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + monasca_collector: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + monasca_forwarder: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + monasca_statsd: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + api: + pod: + runAsUser: 42424 + container: + monasca-api: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + notification: + pod: + runAsUser: 42424 + container: + monasca-notification: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + persister: + pod: + runAsUser: 42424 + container: + monasca-persister: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + thresh: + pod: + runAsUser: 42424 + container: + monasca-thresh: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + db_sync: + pod: + runAsUser: 42424 + container: + monasca_db_sync: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + influxdb_init: + pod: + runAsUser: 42424 + container: + influxdb_init: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsUser: 0 + test: + pod: + runAsUser: 42424 + container: + monasca_test: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + weight: + default: 10 + dns_policy: "ClusterFirstWithHostNet" + mounts: + monasca_agent: + init_container: null + monasca_collector: + volumeMounts: + - name: varliblibvirt + mountPath: /var/lib/libvirt + readOnly: true + - mountPath: /lib/modules + name: libmodules + readOnly: true + - name: varlibnova + mountPath: /var/lib/nova + volumes: + - name: libmodules + hostPath: + path: /lib/modules + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: varlibnova + hostPath: + path: /var/lib/nova + monasca_forwarder: + volumeMounts: + volumes: + monasca_statsd: + volumeMounts: + volumes: + monasca_db_init: + init_container: null + monasca_db_init: + volumeMounts: + volumes: + monasca_db_sync: + init_container: null + monasca_db_sync: + volumeMounts: + volumes: + monasca_api: + init_container: null + monasca_api: + volumeMounts: + volumes: + monasca_notification: + init_container: null + monasca_notification: + volumeMounts: + volumes: + monasca_persister: + init_container: null + monasca_persister: + volumeMounts: + volumes: + monasca_thresh: + init_container: null + monasca_thresh: + volumeMounts: + volumes: + monasca_tests: + init_container: null + monasca_tests: + volumeMounts: + volumes: + replicas: + agent: 1 + api: 1 + notification: 1 + persister: 1 + thresh: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + daemonsets: + pod_replacement_strategy: RollingUpdate + agent: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 + disruption_budget: + monasca: + min_available: 0 + termination_grace_period: + monasca: + timeout: 30 + resources: + enabled: false + agent_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + api: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + collector: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + forwarder: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + statsd: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + notification: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + persister: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + thresh: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + jobs: + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + influxdb_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + tests: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" +bootstrap: + enabled: false + ks_user: monasca + script: null +# Names of secrets used by bootstrap and environmental checks +secrets: + identity: + admin: monasca-keystone-admin + monasca: monasca-keystone-user + monasca_agent: monasca-keystone-agent + monasca_read_only_user: monasca-keystone-ro + test: monasca-keystone-test + metrics_db: monasca-influxdb + oslo_db: + admin: monasca-db-admin + monasca: monasca-db-user + oslo_messaging: + admin: monasca-rabbitmq-admin + monasca: monasca-rabbitmq-user + tls: + monitoring: + api: + public: monasca-tls-public + internal: monasca-tls-api + statsd: + public: monasca-statsd-tls-public + internal: monasca-tls-statsd + events_api: + api: + public: monasca-events-tls-public + internal: monasca-events-tls-proxy + + +# typically overridden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + monitoring: + name: monasca + hosts: + default: monasca-api + public: monasca-api + host_fqdn_override: + default: null + path: + default: /v2.0 + scheme: + default: 'http' + port: + api: + default: 8070 + public: 80 + statsd: + default: 8125 + public: 8125 + forwarder: + default: 17123 + public: 17123 + logs_search: + name: monasca + hosts: + default: kibana + public: kibana + host_fqdn_override: + default: null + path: + default: / + scheme: + default: 'http' + port: + api: + default: 5601 + public: 80 + logs: + name: monasca + hosts: + default: monasca-api + public: monasca-api + host_fqdn_override: + default: null + path: + default: /v2.0 + scheme: + default: 'http' + port: + api: + default: 8070 + public: 80 + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + identity: + name: keystone + auth: + admin: + region_name: RegionOne + username: admin + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + monasca: + role: + - admin + - monasca-user + region_name: RegionOne + username: monasca + password: password + project_name: admin + user_domain_name: default + project_domain_name: default + monasca_agent: + role: monasca-agent + region_name: RegionOne + username: monasca-agent + password: password + project_name: service + user_domain_name: service + project_domain_name: service + interface: private + monasca_read_only_user: + role: monasca-read-only-user + region_name: RegionOne + username: monasca-read-only-user + password: password + project_name: service + user_domain_name: service + project_domain_name: service + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + path: + default: /v3 + scheme: + default: http + port: + api: + default: 80 + internal: 5000 + oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + oslo_db: + auth: + admin: + username: root + password: password + secret: + tls: + internal: mariadb-tls-direct + monasca: + username: monasca + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /monasca + scheme: mysql+pymysql + port: + mysql: + default: 3306 + metrics_db: + auth: + admin: + username: admin + password: password + monasca_api: + username: monasca-api + password: password + monasca_persister: + username: monasca-persister + password: password + hosts: + default: influxdb + host_fqdn_override: + default: null + path: / + scheme: http + port: + influxdb: + default: 8086 + # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress + # They are using to enable the Egress K8s network policy. + kube_dns: + namespace: kube-system + name: kubernetes-dns + hosts: + default: kube-dns + host_fqdn_override: + default: null + path: + default: null + scheme: http + port: + dns: + default: 53 + protocol: UDP + ingress: + namespace: null + name: ingress + hosts: + default: ingress + port: + ingress: + default: 80 + +network_policy: + monasca: + ingress: + - {} + egress: + - {} + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + agent: + services: + - endpoint: internal + service: monitoring + api: + jobs: + - monasca-db-sync + - monasca-ks-service + - monasca-ks-user + - monasca-ks-endpoints + services: + - endpoint: internal + service: oslo_db + - endpoint: internal + service: identity + notification: + jobs: + - monasca-db-sync + services: + - endpoint: internal + service: oslo_db + # - kafka + persister: + jobs: + - monasca-influxdb-init + services: + - endpoint: internal + service: metrics_db + thresh: + services: + - endpoint: internal + service: oslo_db + # - storm + ks_endpoints: + jobs: + - monasca-ks-service + services: + - endpoint: internal + service: identity + ks_service: + services: + - endpoint: internal + service: identity + ks_user: + services: + - endpoint: internal + service: identity + db_drop: + services: + - endpoint: internal + service: oslo_db + db_init: + services: + - endpoint: internal + service: oslo_db + db_sync: + jobs: + - monasca-db-init + services: + - endpoint: internal + service: oslo_db + influxdb_init: + services: + - endpoint: internal + service: metrics_db + +manifests: + certificates: false + configmap_bin: true + configmap_etc: true + daemonset_agent: true + deployment_agent: false + deployment_api: true + deployment_notification: true + deployment_persister: true + ingress_api: true + job_db_init: true + job_db_sync: true + job_db_drop: false + job_influxdb_init: true + job_thresh: true + job_image_repo_sync: true + job_rabbit_init: false + job_ks_endpoints: true + job_ks_service: true + job_ks_user: true + network_policy: false + secret_db: true + secret_ingress_tls: true + secret_influxdb: true + secret_keystone: true + service_ingress: true + service: true +... diff --git a/monasca/values_overrides/libvirt.yaml b/monasca/values_overrides/libvirt.yaml new file mode 100644 index 0000000000..15222aaa2b --- /dev/null +++ b/monasca/values_overrides/libvirt.yaml @@ -0,0 +1,31 @@ +--- +conf: + agent_plugins: + libvirt: + auto_detect: false + config: + init_config: + alive_only: false + cache_dir: /dev/shm + customer_metadata: + - scale_group + disk_collection_period: 0 + endpoint_type: internalURL + host_aggregate_re: None + libvirt_type: kvm + max_ping_concurrency: 8 + metadata: + - scale_group + network_use_bits: false + nova_refresh: 14400 + ping_check: sudo -n /sbin/ip exec NAMESPACE /usr/bin/fping -n -c1 -t250 -q + vm_cpu_check_enable: true + vm_disks_check_enable: true + vm_extended_disks_check_enable: false + vm_network_check_enable: true + vm_ping_check_enable: true + vm_probation: 300 + vnic_collection_period: 0 + instances: + - {} +... diff --git a/monasca/values_overrides/nvidia.yaml b/monasca/values_overrides/nvidia.yaml new file mode 100644 index 0000000000..def27286bb --- /dev/null +++ b/monasca/values_overrides/nvidia.yaml @@ -0,0 +1,316 @@ +--- +conf: + check_scripts: + nvidia_vgpu: | + # Copyright (c) 2018 StackHPC Ltd. + # + # Licensed under the Apache License, Version 2.0 (the "License"); you may + # not use this file except in compliance with the License. You may obtain + # a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + + import logging + + import monasca_agent.collector.checks as checks + from py3nvml import py3nvml as pynvml + + + log = logging.getLogger(__name__) + + _METRIC_NAME_PREFIX = "nvidia" + + + class Nvidia(checks.AgentCheck): + def __init__(self, name, init_config, agent_config): + super(Nvidia, self).__init__(name, init_config, agent_config) + + def handle_not_supported(f): + def wrapper(*args, **kw): + try: + return f(*args, **kw) + except pynvml.NVMLError as err: + if err == pynvml.NVMLError(pynvml.NVML_ERROR_NOT_SUPPORTED): + log.info('Not supported: {}'.format(f.__name__)) + return {} + else: + raise + return wrapper + + @staticmethod + @handle_not_supported + def _get_driver_version(): + return {'driver_version': pynvml.nvmlSystemGetDriverVersion()} + + @staticmethod + @handle_not_supported + def _get_fan_speed_percent(gpu): + return {'fan_speed_percent': pynvml.nvmlDeviceGetFanSpeed(gpu)} + + @staticmethod + @handle_not_supported + def _get_device_name(gpu): + return {'name': pynvml.nvmlDeviceGetName(gpu)} + + @staticmethod + @handle_not_supported + def _get_device_serial(gpu): + return {'serial': pynvml.nvmlDeviceGetSerial(gpu)} + + @staticmethod + @handle_not_supported + def _get_device_uuid(gpu): + return {'uuid': pynvml.nvmlDeviceGetUUID(gpu)} + + @staticmethod + @handle_not_supported + def _get_device_vbios_version(gpu): + return {'vbios_version': pynvml.nvmlDeviceGetVbiosVersion(gpu)} + + @staticmethod + @handle_not_supported + def _get_info_rom_image_version(gpu): + return {'info_rom_image_version': + pynvml.nvmlDeviceGetInforomImageVersion(gpu)} + + @staticmethod + @handle_not_supported + def _get_device_power_state(gpu): + power_state = "P{}".format(pynvml.nvmlDeviceGetPowerState(gpu)) + return {'power_state': power_state} + + @staticmethod + @handle_not_supported + def _get_framebuffer_memory_stats(gpu): + mem_info = pynvml.nvmlDeviceGetMemoryInfo(gpu) + return { + 'memory_fb_total_bytes': mem_info.total, + 'memory_fb_used_bytes': mem_info.used, + 'memory_fb_free_bytes': (mem_info.total - mem_info.used) + } + + @staticmethod + @handle_not_supported + def _get_bar1_memory_stats(gpu): + mem_info = pynvml.nvmlDeviceGetBAR1MemoryInfo(gpu) + return { + 'memory_bar1_total_bytes': mem_info.bar1Total, + 'memory_bar1_used_bytes': mem_info.bar1Used, + 'memory_bar1_free_bytes': (mem_info.bar1Total - mem_info.bar1Used) + } + + @staticmethod + @handle_not_supported + def _get_utilisation_stats(gpu): + util = pynvml.nvmlDeviceGetUtilizationRates(gpu) + return { + 'utilisation_gpu_percent': util.gpu, + 'utilisation_memory_percent': util.memory + } + + @staticmethod + @handle_not_supported + def _get_device_temperature(gpu): + return {'temperature_deg_c': + pynvml.nvmlDeviceGetTemperature( + gpu, pynvml.NVML_TEMPERATURE_GPU)} + + @staticmethod + @handle_not_supported + def _get_device_shutdown_temp(gpu): + return {'temperature_shutdown_deg_c': + pynvml.nvmlDeviceGetTemperatureThreshold( + gpu, pynvml.NVML_TEMPERATURE_THRESHOLD_SHUTDOWN)} + + @staticmethod + @handle_not_supported + def _get_device_slowdown_temp(gpu): + return {'temperature_slowdown_deg_c': + pynvml.nvmlDeviceGetTemperatureThreshold( + gpu, pynvml.NVML_TEMPERATURE_THRESHOLD_SLOWDOWN)} + + @staticmethod + @handle_not_supported + def _get_power_usage_watts(gpu): + return {'power_watts': (pynvml.nvmlDeviceGetPowerUsage(gpu) / 1000.0)} + + @staticmethod + @handle_not_supported + def _get_power_limit_watts(gpu): + return {'power_limit_watts': ( + pynvml.nvmlDeviceGetPowerManagementLimit(gpu) / 1000.0)} + + @staticmethod + @handle_not_supported + def _get_clock_info(gpu): + return { + 'clock_freq_gpu_mhz': + pynvml.nvmlDeviceGetClockInfo(gpu, pynvml.NVML_CLOCK_GRAPHICS), + 'clock_freq_sm_mhz': + pynvml.nvmlDeviceGetClockInfo(gpu, pynvml.NVML_CLOCK_SM), + 'clock_freq_memory_mhz': + pynvml.nvmlDeviceGetClockInfo(gpu, pynvml.NVML_CLOCK_MEM), + 'clock_freq_video_mhz': + pynvml.nvmlDeviceGetClockInfo(gpu, pynvml.NVML_CLOCK_VIDEO) + } + + @staticmethod + @handle_not_supported + def _get_clock_max_info(gpu): + return { + 'clock_max_freq_gpu_mhz': + pynvml.nvmlDeviceGetMaxClockInfo( + gpu, pynvml.NVML_CLOCK_GRAPHICS), + 'clock_max_freq_sm_mhz': + pynvml.nvmlDeviceGetMaxClockInfo(gpu, pynvml.NVML_CLOCK_SM), + 'clock_max_freq_memory_mhz': + pynvml.nvmlDeviceGetMaxClockInfo(gpu, pynvml.NVML_CLOCK_MEM), + 'clock_max_freq_video_mhz': + pynvml.nvmlDeviceGetMaxClockInfo(gpu, pynvml.NVML_CLOCK_VIDEO) + } + + @staticmethod + def _get_gpu_info(): + pynvml.nvmlInit() + deviceCount = pynvml.nvmlDeviceGetCount() + all_info = [] + for i in range(0, deviceCount): + gpu = pynvml.nvmlDeviceGetHandleByIndex(i) + + dimensions = {} + dimensions.update(Nvidia._get_driver_version()) + dimensions.update(Nvidia._get_device_uuid(gpu)) + dimensions.update(Nvidia._get_info_rom_image_version(gpu)) + dimensions.update(Nvidia._get_device_power_state(gpu)) + dimensions.update(Nvidia._get_device_vbios_version(gpu)) + + measurements = {} + measurements.update(Nvidia._get_fan_speed_percent(gpu)) + measurements.update(Nvidia._get_framebuffer_memory_stats(gpu)) + measurements.update(Nvidia._get_bar1_memory_stats(gpu)) + measurements.update(Nvidia._get_utilisation_stats(gpu)) + measurements.update(Nvidia._get_device_temperature(gpu)) + measurements.update(Nvidia._get_device_shutdown_temp(gpu)) + measurements.update(Nvidia._get_device_slowdown_temp(gpu)) + measurements.update(Nvidia._get_power_usage_watts(gpu)) + measurements.update(Nvidia._get_power_limit_watts(gpu)) + measurements.update(Nvidia._get_clock_info(gpu)) + measurements.update(Nvidia._get_clock_max_info(gpu)) + + gpu_name = "{}_{}".format( + Nvidia._get_device_name(gpu).get('name'), + Nvidia._get_device_serial(gpu).get('serial')) + gpu_info = { + 'name': gpu_name, + 'dimensions': dimensions, + 'measurements': measurements + } + all_info.append(gpu_info) + pynvml.nvmlShutdown() + return all_info + + def check(self, instance): + for gpu_metrics in Nvidia._get_gpu_info(): + for measurement, value in gpu_metrics['measurements'].items(): + metric_name = '{0}.{1}'.format( + _METRIC_NAME_PREFIX, measurement) + self.gauge(metric_name, + value, + device_name=gpu_metrics.get('name'), + dimensions=gpu_metrics.get('dimensions'), + value_meta=None) + log.debug('Collected info for GPU {}'.format( + gpu_metrics.get('name'))) + + detection_scripts: + nvidia_vgpu: | + # Copyright (`c) 2018 StackHPC Ltd. + # + # Licensed under the Apache License, Version 2.0 (the "License"); you may + # not use this file except in compliance with the License. You may obtain + # a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + + import logging + import subprocess + + import monasca_setup.agent_config + import monasca_setup.detection + + LOG = logging.getLogger(__name__) + + + class NvidiaDetect(monasca_setup.detection.Plugin): + """Detects and configures nVidia plugin.""" + + def _detect(self): + self.available = False + if b'nvidia' not in subprocess.check_output( + ["lshw", "-C", "display"]).lower(): + LOG.info('No nVidia hardware detected.') + return + self.available = True + + def build_config(self): + config = monasca_setup.agent_config.Plugins() + config['nvidia'] = { + 'init_config': None, + 'instances': [{'name': 'nvidia_stats'}]} + return config + + agent_plugins: + nvidia_vgpu: + auto_detect: true + config: + cache_dir: /dev/shm + nova_refresh: "14400" +pod: + security_context: + agent: + container: + monasca_collector: + runAsUser: 0 + privileged: true + allowPrivilegeEscalation: true + + mounts: + monasca_agent: + monasca_collector: + volumeMounts: + - name: varliblibvirt + mountPath: /var/lib/libvirt + readOnly: true + - mountPath: /lib/modules + name: libmodules + readOnly: true + - name: varlibnova + mountPath: /var/lib/nova + - name: hostproc + mountPath: /proc + volumes: + - name: libmodules + hostPath: + path: /lib/modules + - name: varliblibvirt + hostPath: + path: /var/lib/libvirt + - name: varlibnova + hostPath: + path: /var/lib/nova + - name: hostproc + hostPath: + path: /proc +... diff --git a/releasenotes/notes/monasca.yaml b/releasenotes/notes/monasca.yaml new file mode 100644 index 0000000000..18899771a1 --- /dev/null +++ b/releasenotes/notes/monasca.yaml @@ -0,0 +1,4 @@ +--- +monasca: + - 0.1.0 Initial Chart +...