Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
by default instead of 1.0.0 which is v1 formatted and
not supported any more by docker.
Change-Id: I6349a57494ed8b1e3c4b618f5bd82705bef42f7a
Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
This will ease mirroring capabilities for the docker official images.
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: I0f9177b0b83e4fad599ae0c3f3820202bf1d450d
This change adds an apache sidecar to the Alertmanager statefulset
in order to facillitate authentication to the service.
Change-Id: I6e3cfb582251ecd280644439bfbd432a1f86ede3
Alertmanager is configured similarly to Prometheus. This change
brings the utils.command_line_flags template from the osh-infra
prometheus chart to Alertmanager, allowing these flags to be
configured in Values.yaml
Change-Id: Ieca94c09881bc52b62500efa4c6f8730b9208d3b
- Update alertmanger and prometheus discovery port from 6783 to 9094
- Update to support fqdn for discovery hostname
- Add one test alert to Prometheus to test alert pipeline
- update container name from alertmanger to prometheus-alertmanager
Change-Id: Iec5e758e4b576dff01e84591a2440d030d5ff3c4
The current copyright refers to a non-existent group
"openstack helm authors" with often out-of-date references that
are confusing when adding a new file to the repo.
This change removes all references to this copyright by the
non-existent group and any blank lines underneath.
Change-Id: I1882738cf9757c5350a8533876fd37b5920b5235
It was observed in some charts' values.yaml that the values defining
lifecycle upgrade parameters were incorrectly placed.
This change aims to correct these instances by adding a deployment-
type subkey corresponding with the deployment types identified in
the chart's templates dir, and indenting the values appropriately.
Change-Id: Id5437b1eeaf6e71472520f1fee91028c9b6bfdd3
This updates the kubernetes-entrypoint image reference to consume
the publicly available kubernetes-entrypoint image that is built
and maintained under the airshipit namespace, as the stackanetes
image is no longer actively maintained
Change-Id: I5bfdc156ae228ab16da57569ac6b05a9a125cb6a
Signed-off-by: Steve Wilkerson <sw5822@att.com>
This ps exposes the anti-affinity weight value, including
default, that will be consumed by the updated htk function.
Change-Id: Id8eb303674764ef8b0664f62040723aaf77e0a54
This adds the security context snipper to the alertmanager pod.
This changes the default user from root to the nobody user instead
This also adds the container security context to explicitly set
allowPrivilegeEscalation to false
Change-Id: Ie4423c57e871a03ab4baea346ac777c9f2ca3e2e
This patch set implements the helm toolkit function to generate a
kubernetes network policy manifest based on overrideable values.
This also adds a chart that shuts down all the ingress and egress
traffics in the namespace. This can be used to ensure the
whitelisted network policy works as intended.
Additionally, implementation is done for some infrastructure charts.
Change-Id: I78e87ef3276e948ae4dd2eb462b4b8012251c8c8
Co-Authored-By: Mike Pham <tp6510@att.com>
Signed-off-by: Tin Lam <tin@irrational.io>
This PS fixes following things:
- fix wrong variable 'alertmanager_templats' to 'alert_templates'
- remove 'toYaml' function for alert_templates
- create alertmanager config in default location
Change-Id: I4862435441b8a36f9d0ce4ff32667e8412ea3c14
Adds support for TLS on overriden fqdns for public endpoints for
the services that have them in openstack-helm-infra. Currently this
implementation is limited, in that it does not provide support for
dynamically loading CAs into the containers, or specifying them manually
via configuration. As a result only well known or CA's added manually
to containers will be recognised.
Change-Id: I4ab4bbe24b6544b64cd365467e8efb2a421ac3f4
Move to v0.3.1 of kubernetes-entrypoint which has 2 breaking changes to
pod dependencies, and also adds support for depending on jobs via
labels.
Change-Id: I2bafc2153ddd46b3833b253a2e7950bccbccf8ed
This moves all relevant charts in osh-infra to use the htk manifest
template for ingresses, bringing them in line with the charts in
openstack-helm
Change-Id: Ic9c3cc6f0051fa66b6f88ec2b2725698b36ce824
This ps adds more granular node selectors for the charts in osh
infra to match what is currently done in osh
Change-Id: I8957a95053b9fb3ea329fd37ff049cd223a7695d
Adds support for a new feature of kubernetes-entrypoint, pod
dependencies, that was added in v0.3.0.
Change-Id: I78d9e0545ca3b837cd2386783386a253f7f5a2d6
This PS moves alertmanager to use the endpoints section and
lookups to set the ports it serves on.
Change-Id: I62108ca207f615d10d0b4385da204214b9aeae32
This PS moves existing dynamic common dependencies under a
'dynamic.common' key to simplify the yaml tree.
Change-Id: I4332bcfdf11197488e7bd5d8cf4c25565ea1c7b6
This PS moves static dependencies unser a 'static' key to allow
expansion to cover dynamic dependencies.
Change-Id: Ia0e853564955e0fbbe5a9e91a8b8924c703b1b02
This removes the pvc in Alertmanager and changes the default
storage_class to readwriteonce. Now that Alertmanager uses peer
meshing, it's not required for the replicas to share a common
volume claim
Change-Id: I24290264cb0e552a143a56faa753289f073c47b9
This PS udpates the Prometheus values to use yaml rather than text.
It also consolates all configuration into a single `etc` configmap,
inline with other OSH charts.
Change-Id: I162d4817a2b1b842499ef27d754707f8fce23bf3
Currently, services have two serviceaccounts: one specified in the
chart that cannot read anything, and one injected via helm-toolkit
that can read everything. This patch set refactors the logic to:
- cleanup the roles and their binding automatically when the helm
chart is deleted;
- remove the need to separately mount a serviceaccount with secret;
- better handling of namespaces resource restriction.
Co-Authored-By: portdirect <pete@port.direct>
Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc
This adds the ability to define custom alert template via the
values.yaml file for Alertmanager. This will provide the ability
for an operator to define actions to be taken upon an alert firing
such as sending Slack alerts, email alerts, or any other
organization-specific action
Change-Id: I78a40e43cfeb7391699908a1f73b57846fedbcbb
Adds additional flags to Alertmanager for the peer meshing. This
also adds a headless discovery service so each instance can
calculate the DNS names of its mesh peers on startup.
Change-Id: I2ba7f4aec88f73e6bc3ff31117973ebb4e85ceba
This adds the prometheus- prefix to the alertmanager,
kube-state-metrics and node exporter charts to reflect their
intended usage as part of a prometheus centric monitoring solution
This will imply a logical grouping of these components, similar to
their deployment in the osh-infra gates
Change-Id: I4f391a10b64389022f01a94ea3704c110f8f9bb5
