From 4130488cc1912953762f2715830126438370dfec Mon Sep 17 00:00:00 2001 From: Grace Do Date: Wed, 19 Feb 2020 09:13:55 -0800 Subject: [PATCH 01/15] prometheus-operator: Upgrade chart (#133) --- addons/prometheus/0.35.x/prometheus-1.yaml | 340 +++++++++++++++++++++ 1 file changed, 340 insertions(+) create mode 100644 addons/prometheus/0.35.x/prometheus-1.yaml diff --git a/addons/prometheus/0.35.x/prometheus-1.yaml b/addons/prometheus/0.35.x/prometheus-1.yaml new file mode 100644 index 00000000..91c6a4fa --- /dev/null +++ b/addons/prometheus/0.35.x/prometheus-1.yaml @@ -0,0 +1,340 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: Addon +metadata: + name: prometheus + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: prometheus + # TODO: we're temporarily supporting dependency on an existing default storage class + # on the cluster, this hack will trigger re-queue on Addons until one exists. + kubeaddons.mesosphere.io/hack-requires-defaultstorageclass: "true" + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "0.35.0-1" + appversion.kubeaddons.mesosphere.io/prometheus-operator: "0.35.0" + appversion.kubeaddons.mesosphere.io/prometheus: "2.15.2" + appversion.kubeaddons.mesosphere.io/alertmanager: "0.20.0" + appversion.kubeaddons.mesosphere.io/grafana: "6.4.2" + endpoint.kubeaddons.mesosphere.io/prometheus: "/ops/portal/prometheus" + endpoint.kubeaddons.mesosphere.io/alertmanager: "/ops/portal/alertmanager" + endpoint.kubeaddons.mesosphere.io/grafana: "/ops/portal/grafana" + docs.kubeaddons.mesosphere.io/prometheus: "https://prometheus.io/docs/introduction/overview/" + docs.kubeaddons.mesosphere.io/grafana: "https://grafana.com/docs/" + docs.kubeaddons.mesosphere.io/alertmanager: "https://prometheus.io/docs/alerting/alertmanager/" + values.chart.helm.kubeaddons.mesosphere.io/prometheus: "https://raw.githubusercontent.com/mesosphere/charts/a370c215c08ca7e50055902177141554de5444e6/staging/prometheus-operator/values.yaml" + # The prometheus-operator chart from prior Konvoy releases can't be upgraded to this chart version. + # See https://jira.d2iq.com/browse/DCOS-62924. + helmv2.kubeaddons.mesosphere.io/upgrade-strategy: '[{"upgradeFrom": "<=5.19.7", "strategy": "delete"}]' +spec: + kubernetes: + minSupportedVersion: v1.15.6 + cloudProvider: + - name: aws + enabled: true + - name: azure + enabled: true + - name: gcp + enabled: true + - name: docker + enabled: false + - name: none + enabled: true + chartReference: + chart: prometheus-operator + repo: https://mesosphere.github.io/charts/staging + version: 8.7.1 + values: | + --- + defaultRules: + rules: + etcd: false + mesosphereResources: + create: true + rules: + etcd: true + # addon alert rules are defaulted to false to prevent potential misfires if addons + # are disabled. + velero: false + prometheus: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + traefik.frontend.rule.type: PathPrefixStrip + traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Authorization,Impersonate-User,Impersonate-Group + traefik.ingress.kubernetes.io/auth-type: forward + traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ + traefik.ingress.kubernetes.io/priority: "2" + paths: + - /ops/portal/prometheus + service: + additionalPorts: + # Service port for Thanos gRPC. + - name: grpc + port: 10901 + targetPort: grpc + additionalServiceMonitors: + - name: kubeaddons-service-monitor-metrics + selector: + matchLabels: + servicemonitor.kubeaddons.mesosphere.io/path: "metrics" + namespaceSelector: + matchNames: + - kubeaddons + - kommander + - velero + endpoints: + - port: metrics + interval: 30s + - port: monitoring + interval: 30s + # Service port for Thanos Querier, running in Kommander. + # If we ever add a Kommander-specific Prometheus, this + # endpoint should be removed and added to that Prometheus's + # configuration. + - targetPort: 10902 + interval: 30s + - name: kubeaddons-service-monitor-api-v1-metrics-prometheus + selector: + matchLabels: + servicemonitor.kubeaddons.mesosphere.io/path: "api__v1__metrics__prometheus" + namespaceSelector: + matchNames: + - kubeaddons + endpoints: + - path: /api/v1/metrics/prometheus + port: metrics + interval: 30s + - name: kubeaddons-service-monitor-prometheus-metrics + selector: + matchLabels: + servicemonitor.kubeaddons.mesosphere.io/path: "prometheus__metrics" + namespaceSelector: + matchNames: + - kubeaddons + endpoints: + - path: /_prometheus/metrics + targetPort: 5601 + interval: 30s + prometheusSpec: + thanos: + version: v0.8.1 + externalLabels: + cluster: $(CLUSTER_ID) + containers: + - name: prometheus-config-reloader + envFrom: + - configMapRef: + name: cluster-info-configmap + additionalScrapeConfigs: + - job_name: 'kubernetes-nodes-containerd' + metrics_path: /v1/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - source_labels: [__address__] + regex: '(.*):10250' + replacement: '${1}:1338' + target_label: __address__ + - job_name: 'gpu_metrics' + metrics_path: /gpu/metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - source_labels: [__address__] + regex: '(.*):10250' + replacement: '${1}:9400' + target_label: __address__ + - source_labels: [__meta_kubernetes_node_label_konvoy_mesosphere_com_gpu_provider] + regex: NVIDIA + action: keep + - job_name: 'kubernetes-calico-node' + metrics_path: /metrics + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: pod + namespaces: + names: + - kube-system + relabel_configs: + - source_labels: [__meta_kubernetes_pod_label_k8s_app] + regex: calico-node + action: keep + - source_labels: [__meta_kubernetes_pod_container_port_name] + regex: .*metrics + action: keep + - source_labels: [__meta_kubernetes_pod_label_k8s_app] + target_label: name + action: replace + - source_labels: [__meta_kubernetes_pod_container_port_name] + target_label: endpoint + action: replace + - source_labels: [__meta_kubernetes_pod_node_name] + target_label: node + action: replace + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + action: replace + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + action: replace + - job_name: 'kubernetes-keepalived' + metrics_path: /snmp + params: + target: ["127.0.0.1:6161"] + module: ["keepalived"] + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: pod + namespaces: + names: + - kube-system + relabel_configs: + - source_labels: [__meta_kubernetes_pod_container_port_protocol] + regex: TCP + action: keep + - source_labels: [__meta_kubernetes_pod_container_port_number] + regex: "6161" + action: keep + - source_labels: [__meta_kubernetes_pod_container_port_name] + target_label: endpoint + action: replace + - source_labels: [__meta_kubernetes_pod_node_name] + target_label: node + action: replace + - source_labels: [__meta_kubernetes_pod_name] + target_label: pod + action: replace + - source_labels: [__meta_kubernetes_namespace] + target_label: namespace + action: replace + enableAdminAPI: true + secrets: + - etcd-certs + externalUrl: "/ops/portal/prometheus" + storageSpec: + volumeClaimTemplate: + metadata: + name: db + spec: + accessModes: ["ReadWriteOnce"] + # 50Gi is the default size for the chart + resources: + requests: + storage: 50Gi + resources: + limits: + cpu: 1000m + memory: 2500Mi + requests: + cpu: 300m + memory: 1500Mi + alertmanager: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + traefik.frontend.rule.type: PathPrefixStrip + traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Authorization,Impersonate-User,Impersonate-Group + traefik.ingress.kubernetes.io/auth-type: forward + traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ + traefik.ingress.kubernetes.io/priority: "2" + paths: + - /ops/portal/alertmanager + alertmanagerSpec: + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + grafana: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + ingress.kubernetes.io/auth-response-headers: X-Forwarded-User + traefik.frontend.rule.type: PathPrefixStrip + traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Authorization,Impersonate-User,Impersonate-Group + traefik.ingress.kubernetes.io/auth-type: forward + traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ + traefik.ingress.kubernetes.io/priority: "2" + hosts: [""] + path: /ops/portal/grafana + grafana.ini: + server: + protocol: http + enable_gzip: true + root_url: "%(protocol)s://%(domain)s:%(http_port)s/ops/portal/grafana" + auth.proxy: + enabled: true + header_name: X-Forwarded-User + auto-sign-up: true + auth.basic: + enabled: false + users: + auto_assign_org_role: Admin + service: + type: ClusterIP + port: 3000 + resources: + # keep request = limit to keep this container in guaranteed class + limits: + cpu: 300m + memory: 100Mi + requests: + cpu: 200m + memory: 100Mi + readinessProbe: + httpGet: + path: /api/health + port: 3000 + scheme: HTTP + livenessProbe: + httpGet: + path: /api/health + port: 3000 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + rbac: + pspUseAppArmor: false + # to avoid needing to download any plugins at runtime, use a container and a shared volume + # do not enable the plugins here, instead rebuild the mesosphere/grafana-plugins image with the new plugins + plugins: [] + # - grafana-piechart-panel + extraEmptyDirMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins/ + extraInitContainers: + - name: grafana-plugins-install + image: mesosphere/grafana-plugins:v0.0.1 + command: ["/bin/sh", "-c", "cp -a /var/lib/grafana/plugins/. /var/lib/grafana/shared-plugins/"] + volumeMounts: + - name: plugins + mountPath: /var/lib/grafana/shared-plugins/ + kubeEtcd: + enabled: true + serviceMonitor: + scheme: "https" + caFile: "/etc/prometheus/secrets/etcd-certs/ca.crt" + certFile: "/etc/prometheus/secrets/etcd-certs/server.crt" + keyFile: "/etc/prometheus/secrets/etcd-certs/server.key" + kube-state-metrics: + image: + # override the default k8s.gcr.io/kube-state-metrics repositry + # containerd mirror functionality does not support pulling these images + # TODO remove once https://github.com/containerd/containerd/issues/3756 is resolved + repository: quay.io/coreos/kube-state-metrics From fdbf1f83498700776e4f1ebe5a0561a665ce857f Mon Sep 17 00:00:00 2001 From: Julian Gieseke Date: Wed, 19 Feb 2020 20:20:01 +0100 Subject: [PATCH 02/15] chore: cleanup opsportal addon and bump chart (#146) --- addons/opsportal/1.0.x/opsportal-1.yaml | 38 ----------------- addons/opsportal/1.0.x/opsportal-2.yaml | 41 ------------------- addons/opsportal/1.0.x/opsportal-3.yaml | 41 ------------------- addons/opsportal/1.0.x/opsportal-4.yaml | 41 ------------------- addons/opsportal/1.0.x/opsportal-5.yaml | 41 ------------------- addons/opsportal/1.0.x/opsportal-6.yaml | 41 ------------------- addons/opsportal/1.0.x/opsportal-7.yaml | 38 ----------------- .../{opsportal-8.yaml => opsportal-9.yaml} | 6 +-- 8 files changed, 3 insertions(+), 284 deletions(-) delete mode 100644 addons/opsportal/1.0.x/opsportal-1.yaml delete mode 100644 addons/opsportal/1.0.x/opsportal-2.yaml delete mode 100644 addons/opsportal/1.0.x/opsportal-3.yaml delete mode 100644 addons/opsportal/1.0.x/opsportal-4.yaml delete mode 100644 addons/opsportal/1.0.x/opsportal-5.yaml delete mode 100644 addons/opsportal/1.0.x/opsportal-6.yaml delete mode 100644 addons/opsportal/1.0.x/opsportal-7.yaml rename addons/opsportal/1.0.x/{opsportal-8.yaml => opsportal-9.yaml} (95%) diff --git a/addons/opsportal/1.0.x/opsportal-1.yaml b/addons/opsportal/1.0.x/opsportal-1.yaml deleted file mode 100644 index d606305f..00000000 --- a/addons/opsportal/1.0.x/opsportal-1.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-1" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.1.28 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi diff --git a/addons/opsportal/1.0.x/opsportal-2.yaml b/addons/opsportal/1.0.x/opsportal-2.yaml deleted file mode 100644 index ce37472a..00000000 --- a/addons/opsportal/1.0.x/opsportal-2.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-2" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.1.30 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi - opsportal: - ingress: - paths: [] diff --git a/addons/opsportal/1.0.x/opsportal-3.yaml b/addons/opsportal/1.0.x/opsportal-3.yaml deleted file mode 100644 index fe2e4c25..00000000 --- a/addons/opsportal/1.0.x/opsportal-3.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-3" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.1.32 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi - opsportal: - ingress: - paths: [] diff --git a/addons/opsportal/1.0.x/opsportal-4.yaml b/addons/opsportal/1.0.x/opsportal-4.yaml deleted file mode 100644 index 603f042a..00000000 --- a/addons/opsportal/1.0.x/opsportal-4.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-4" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.1.33 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi - opsportal: - ingress: - paths: [] diff --git a/addons/opsportal/1.0.x/opsportal-5.yaml b/addons/opsportal/1.0.x/opsportal-5.yaml deleted file mode 100644 index b988015d..00000000 --- a/addons/opsportal/1.0.x/opsportal-5.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-5" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.1.34 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi - opsportal: - ingress: - paths: [] diff --git a/addons/opsportal/1.0.x/opsportal-6.yaml b/addons/opsportal/1.0.x/opsportal-6.yaml deleted file mode 100644 index cef213fd..00000000 --- a/addons/opsportal/1.0.x/opsportal-6.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-6" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.1.34 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi - opsportal: - ingress: - paths: [] diff --git a/addons/opsportal/1.0.x/opsportal-7.yaml b/addons/opsportal/1.0.x/opsportal-7.yaml deleted file mode 100644 index 94eab258..00000000 --- a/addons/opsportal/1.0.x/opsportal-7.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: opsportal - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: opsportal - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-7" - appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" - endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ - values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: true - - name: none - enabled: true - chartReference: - chart: opsportal - repo: https://mesosphere.github.io/charts/stable - version: 0.2.3 - values: | - --- - landing: - resources: - requests: - cpu: 100m - memory: 128Mi diff --git a/addons/opsportal/1.0.x/opsportal-8.yaml b/addons/opsportal/1.0.x/opsportal-9.yaml similarity index 95% rename from addons/opsportal/1.0.x/opsportal-8.yaml rename to addons/opsportal/1.0.x/opsportal-9.yaml index ba9f1ea1..21c9da5c 100644 --- a/addons/opsportal/1.0.x/opsportal-8.yaml +++ b/addons/opsportal/1.0.x/opsportal-9.yaml @@ -7,7 +7,7 @@ metadata: labels: kubeaddons.mesosphere.io/name: opsportal annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-8" + catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-9" appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" @@ -28,7 +28,7 @@ spec: chartReference: chart: opsportal repo: https://mesosphere.github.io/charts/stable - version: 0.2.3 + version: 0.2.6 values: | --- landing: @@ -47,4 +47,4 @@ spec: ## to the opsportal-admin role. This mimics the existing security policy where any authenticated and whitelisted user ## has full access to the opsportal. This option will be removed in the 0.3 release of this chart. allowAllAuthenticated: false - \ No newline at end of file + From f05d5dd83fcc0c709bc40a95432353ab3baf9278 Mon Sep 17 00:00:00 2001 From: Julian Gieseke Date: Thu, 20 Feb 2020 10:12:58 +0100 Subject: [PATCH 03/15] fix: bump ui --- .../opsportal/1.0.x/{opsportal-9.yaml => opsportal-10.yaml} | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) rename addons/opsportal/1.0.x/{opsportal-9.yaml => opsportal-10.yaml} (95%) diff --git a/addons/opsportal/1.0.x/opsportal-9.yaml b/addons/opsportal/1.0.x/opsportal-10.yaml similarity index 95% rename from addons/opsportal/1.0.x/opsportal-9.yaml rename to addons/opsportal/1.0.x/opsportal-10.yaml index 21c9da5c..a1ca8e58 100644 --- a/addons/opsportal/1.0.x/opsportal-9.yaml +++ b/addons/opsportal/1.0.x/opsportal-10.yaml @@ -7,7 +7,7 @@ metadata: labels: kubeaddons.mesosphere.io/name: opsportal annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-9" + catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-10" appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" @@ -28,7 +28,7 @@ spec: chartReference: chart: opsportal repo: https://mesosphere.github.io/charts/stable - version: 0.2.6 + version: 0.2.8 values: | --- landing: @@ -47,4 +47,3 @@ spec: ## to the opsportal-admin role. This mimics the existing security policy where any authenticated and whitelisted user ## has full access to the opsportal. This option will be removed in the 0.3 release of this chart. allowAllAuthenticated: false - From 908fd8c955b981372c71f95009dde5c59ec4debc Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Thu, 20 Feb 2020 11:39:30 -0800 Subject: [PATCH 04/15] Introduce Dispatch to Kubeaddons. (#136) --- Dispatchfile | 29 +++++++++++++++++++++++++++++ Makefile | 23 +++++++++++++++++++++++ README.md | 10 ++++++++++ scripts/ci/setup_ssh.sh | 30 ++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+) create mode 100644 Dispatchfile create mode 100644 Makefile create mode 100755 scripts/ci/setup_ssh.sh diff --git a/Dispatchfile b/Dispatchfile new file mode 100644 index 00000000..a6170017 --- /dev/null +++ b/Dispatchfile @@ -0,0 +1,29 @@ +#!starlark + +gitResource("src-git", url = "$(context.git.url)", revision = "$(context.git.commit)") + +def secretVar(name, key): + return k8s.corev1.EnvVarSource(secretKeyRef = k8s.corev1.SecretKeySelector( + localObjectReference = k8s.corev1.LocalObjectReference(name=name), + key = key)) + +dindTask("dispatch-integration-test", + inputs = ["src-git"], + steps = [ + v1.Container( + name="fetch-master", + image = "mesosphere/dispatch-dind:v0.5.2", + workingDir="/workspace/src-git", + args=["git", "fetch", "origin", "master"]), + v1.Container( + name = "dispatch-integration-test", + image = "mesosphere/kubeaddons-ci:dispatch", + command = ["make","test"], + workingDir = "/workspace/src-git", + env = [k8s.corev1.EnvVar(name = "DISPATCH_CI", value = "true"), + k8s.corev1.EnvVar(name = "SSH_KEY_BASE64", + valueFrom = secretVar("d2iq-dispatch-git-ssh-base64", + "ssh-privatekey-base64"))])]) + +action(tasks = ["dispatch-integration-test"], on = pullRequest()) +action(tasks = ["dispatch-integration-test"], on = pullRequest(chatops = ["test"])) diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..b29dcc4d --- /dev/null +++ b/Makefile @@ -0,0 +1,23 @@ +SHELL := /bin/bash -euo pipefail + +export GO111MODULE := on +export ADDON_TESTS_PER_ADDON_WAIT_DURATION := 10m +export GIT_TERMINAL_PROMPT := 1 +export ADDON_TESTS_SETUP_WAIT_DURATION := 30m +export GOPRIVATE := github.com/mesosphere/kubeaddons + + +.DEFAULT_GOAL := test + +.PHONY: set-git-ssh +set-git-ssh: +ifdef DISPATCH_CI + ./scripts/ci/setup_ssh.sh +endif + +.PHONY: test +test: set-git-ssh + cd test && git fetch; \ + for g in $(shell cd test && go run scripts/test-wrapper.go); do \ + go test -timeout 30m -race -v -run $$g; \ + done diff --git a/README.md b/README.md index 96ae421a..d5fc653c 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,16 @@ Some supported releases are supported via the terms of support for some other KS For all other non-official releases, make sure your tag and description are distinctly different from the official release pattern, explain the purpose of your release, and mark is as a `pre-release`. +### Testing + +The test suite can be exercised locally by running + + make test + + +Pull Requests against this repo is tested by Teamcity and Dispatch. +Dispatchfile defines the config and exercises the test in the Makefile. + ## Contributing See our [Contributing Documentation](CONTRIBUTING.md). diff --git a/scripts/ci/setup_ssh.sh b/scripts/ci/setup_ssh.sh new file mode 100755 index 00000000..5ac32730 --- /dev/null +++ b/scripts/ci/setup_ssh.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# NOTE: this script was originally created to be used by dispatch CI runs +set -euxo pipefail + +if test -z "git config user.email"; then + git config user.email "ci@mesosphere.com"; +fi + +if test -z "git config user.name"; then + git config user.name "CI"; +fi + +# Setup git +# Replace https://github.com/ with "git@github.com:" in ~/.gitconfig + +git config --global url.git@github.com:.insteadOf https://github.com/ + +# Steps to make sure go mod will download from private git repositories. + +# add SSH_KEY to the ssh-agent +# SSH_KEY_BASE64 is provided by Dispatch. + +eval "$(ssh-agent -s)"; +mkdir /root/.ssh; +echo $SSH_KEY_BASE64 | tr -d "[:space:]" | base64 -d | install -b -m 600 /dev/stdin /root/.ssh/id_rsa + +ssh-add /root/.ssh/id_rsa; + +# trust github.com +ssh-keyscan github.com >> /root/.ssh/known_hosts; From b8a0223cc5fa1fe4eb3697a0323790958d6ec760 Mon Sep 17 00:00:00 2001 From: Hector Fernandez Date: Tue, 25 Feb 2020 10:56:20 +0100 Subject: [PATCH 05/15] chore: bump dex-k8s-auth (#153) --- .../1.1.x/dex-k8s-authenticator-3.yaml | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 addons/dex-k8s-authenticator/1.1.x/dex-k8s-authenticator-3.yaml diff --git a/addons/dex-k8s-authenticator/1.1.x/dex-k8s-authenticator-3.yaml b/addons/dex-k8s-authenticator/1.1.x/dex-k8s-authenticator-3.yaml new file mode 100644 index 00000000..1fa5a062 --- /dev/null +++ b/addons/dex-k8s-authenticator/1.1.x/dex-k8s-authenticator-3.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: Addon +metadata: + name: dex-k8s-authenticator + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: dex-k8s-authenticator + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "1.1.1-3" + appversion.kubeaddons.mesosphere.io/dex-k8s-authenticator: "v1.1.1" + values.chart.helm.kubeaddons.mesosphere.io/dex-k8s-authenticator: "https://raw.githubusercontent.com/mesosphere/charts/6c43b8ab10108fb1adba5c6dd10e800e5f1abdd0/staging/dex-k8s-authenticator/values.yaml" +spec: + kubernetes: + minSupportedVersion: v1.15.6 + cloudProvider: + - name: aws + enabled: true + - name: azure + enabled: true + - name: gcp + enabled: true + - name: docker + enabled: true + - name: none + enabled: true + requires: + - matchLabels: + kubeaddons.mesosphere.io/name: dex + - matchLabels: + kubeaddons.mesosphere.io/provides: ingresscontroller + chartReference: + chart: dex-k8s-authenticator + repo: https://mesosphere.github.io/charts/staging + version: 1.1.14 + values: | + --- + image: + repository: mesosphere/dex-k8s-authenticator + tag: v1.1.0-43-gb097-d2iq + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + path: /token + hosts: + - "" + dexK8sAuthenticator: + #logoUrl: http:// + #tlsCert: /path/to/dex-client.crt + #tlsKey: /path/to/dex-client.key + clusters: + - name: kubernetes-cluster + short_description: "Kubernetes cluster" + description: "Kubernetes cluster authenticator" + # client_secret: value is generated automatically via initContainers + client_id: kube-apiserver + issuer: https://dex-kubeaddons.kubeaddons.svc.cluster.local:8080/dex + # This URI is just a placeholder and it will be replaced during initContainers + # with a URL pointing to the traefik ingress public load balancer. + redirect_uri: https://dex-k8s-authenticator-kubeaddons.kubeaddons.svc.cluster.local:5555/token/callback/kubernetes-cluster + resources: + requests: + cpu: 100m + memory: 128Mi + deploymentAnnotations: + # The certificate can change because it was rotated or different cluster + # DNS name has been set. + secret.reloader.stakater.com/reload: "traefik-kubeaddons-certificate" + configmap.reloader.stakater.com/reload: "dex-k8s-authenticator-kubeaddons" + initContainers: + - name: initialize-dka-config + image: mesosphere/kubeaddons-addon-initializer:v0.2.1 + args: ["dexK8sAuthenticator"] + env: + - name: "DKA_CONFIGMAP_NAME" + value: "dex-k8s-authenticator-kubeaddons" + - name: "DKA_NAMESPACE" + value: "kubeaddons" + - name: "DKA_INGRESS_NAMESPACE" + value: "kubeaddons" + - name: "DKA_INGRESS_SERVICE_NAME" + value: "traefik-kubeaddons" + - name: "DKA_WEB_PREFIX_PATH" + value: "/token" From 6ad1f985e73377ec00f45f5a4720cebd28043413 Mon Sep 17 00:00:00 2001 From: Shane Utt Date: Tue, 25 Feb 2020 11:13:38 -0500 Subject: [PATCH 06/15] [chore] cleanup general test group (#152) --- addons/velero/1.0.x/velero-1.yaml | 1 + test/addons_test.go | 12 ++++++++++++ test/groups.yaml | 29 ++++++++++++++++++++++------- 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/addons/velero/1.0.x/velero-1.yaml b/addons/velero/1.0.x/velero-1.yaml index 56691c11..1181105f 100644 --- a/addons/velero/1.0.x/velero-1.yaml +++ b/addons/velero/1.0.x/velero-1.yaml @@ -18,6 +18,7 @@ # provided to point it at a backend other than the default, we will create and manage a distributed Minio (https://min.io/) # cluster which uses the default storage class for the cluster to maintain the backups. # +# # WARNING: using the default (fallback) backend is for testing purposes only and should not be used in production. # ------------------------------------------------------------------------------ apiVersion: kubeaddons.mesosphere.io/v1beta1 diff --git a/test/addons_test.go b/test/addons_test.go index db266d1c..a4c0dcea 100644 --- a/test/addons_test.go +++ b/test/addons_test.go @@ -62,6 +62,18 @@ func TestGeneralGroup(t *testing.T) { } } +func TestBackupsGroup(t *testing.T) { + if err := testgroup(t, "backups"); err != nil { + t.Fatal(err) + } +} + +func TestSsoGroup(t *testing.T) { + if err := testgroup(t, "sso"); err != nil { + t.Fatal(err) + } +} + func TestElasticsearchGroup(t *testing.T) { if err := testgroup(t, "elasticsearch"); err != nil { t.Fatal(err) diff --git a/test/groups.yaml b/test/groups.yaml index 51094945..fb9079cc 100644 --- a/test/groups.yaml +++ b/test/groups.yaml @@ -16,20 +16,35 @@ # require any dependencies or significant work to deploy. # ------------------------------------------------------------------------------ general: - - "metallb" - - "opsportal" - "dashboard" + +# ------------------------------------------------------------------------------ +# Backups +# +# Addons related to backup and restore tools are tested as part of this group. +# ------------------------------------------------------------------------------ +backups: + - "metallb" + - "velero" + +# ------------------------------------------------------------------------------ +# SSO +# +# Addons related to our single sign-on stack are tested as part of this group +# ------------------------------------------------------------------------------ +sso: + - "konvoyconfig" - "external-dns" - - "cert-manager" + - "metallb" - "traefik" + - "opsportal" + - "cert-manager" - "dex" - - "konvoyconfig" + - "dex-k8s-authenticator" + - "kube-oidc-proxy" - "reloader" - "gatekeeper" - "traefik-forward-auth" - - "dex-k8s-authenticator" - - "kube-oidc-proxy" - - "velero" # ------------------------------------------------------------------------------ # ElasticSearch From 44421d60ca4fd96e538ca2032acf2f93a6fc39e9 Mon Sep 17 00:00:00 2001 From: Max Jonas Werner Date: Tue, 25 Feb 2020 18:21:41 +0100 Subject: [PATCH 07/15] fix: run all tests when on Addon has been modified (#156) closes https://jira.d2iq.com/browse/D2IQ-64683 --- test/scripts/test-wrapper.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/test/scripts/test-wrapper.go b/test/scripts/test-wrapper.go index 5cdf8d44..0ad9c3cb 100644 --- a/test/scripts/test-wrapper.go +++ b/test/scripts/test-wrapper.go @@ -14,7 +14,6 @@ import ( type groupName string type addonName string -type groups map[groupName][]addonName var re = regexp.MustCompile(`^addons/([a-z]+)/?`) @@ -65,12 +64,20 @@ func getGroupsToTest(modifiedAddons []addonName) ([]groupName, error) { return nil, err } - g := make(groups) + g := make(map[groupName][]addonName) if err := yaml.Unmarshal(b, &g); err != nil { return nil, err } testGroups := make([]groupName, 0) + // if no Addon has been modified, return all existing groups + if len(modifiedAddons) == 0 { + for group, _ := range g { + testGroups = append(testGroups, group) + } + return testGroups, nil + } + for _, modifiedAddonName := range modifiedAddons { for group, addons := range g { for _, name := range addons { From fadb00982d10bd0abd34ec80f5ceeda0f964ea94 Mon Sep 17 00:00:00 2001 From: Gilbert Song <12464168+Gilbert88@users.noreply.github.com> Date: Tue, 25 Feb 2020 10:23:21 -0800 Subject: [PATCH 08/15] Added helm upgrade strategy 'delete' to nvidia addon (#147) * Added helm upgrade strategy 'delete' to nvidia addon * nvidia: modified the kubeaddons catalog version to 0.2.0-2 * use updated chart that works with default amis * fix addon-revision metadata and directory structure Co-authored-by: Joe Julian --- .../nvidia-1.yaml => 0.2.x/nvidia-2.yaml} | 5 +- addons/nvidia/0.2.x/nvidia-3.yaml | 67 +++++++++++++++++++ 2 files changed, 70 insertions(+), 2 deletions(-) rename addons/nvidia/{0.3.x/nvidia-1.yaml => 0.2.x/nvidia-2.yaml} (90%) create mode 100644 addons/nvidia/0.2.x/nvidia-3.yaml diff --git a/addons/nvidia/0.3.x/nvidia-1.yaml b/addons/nvidia/0.2.x/nvidia-2.yaml similarity index 90% rename from addons/nvidia/0.3.x/nvidia-1.yaml rename to addons/nvidia/0.2.x/nvidia-2.yaml index bb70dd65..fb0b0b45 100644 --- a/addons/nvidia/0.3.x/nvidia-1.yaml +++ b/addons/nvidia/0.2.x/nvidia-2.yaml @@ -8,9 +8,10 @@ metadata: kubeaddons.mesosphere.io/name: nvidia kubeaddons.mesosphere.io/provides: nvidia annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "0.3.0-1" + catalog.kubeaddons.mesosphere.io/addon-revision: "0.2.0-2" appversion.kubeaddons.mesosphere.io/nvidia: "0.2.0" values.chart.helm.kubeaddons.mesosphere.io/nvidia: "https://raw.githubusercontent.com/mesosphere/charts/master/staging/nvidia/values.yaml" + helmv2.kubeaddons.mesosphere.io/upgrade-strategy: '[{"upgradeFrom": "<=0.4.0", "strategy": "delete"}]' spec: kubernetes: minSupportedVersion: v1.15.6 @@ -26,7 +27,7 @@ spec: chartReference: chart: nvidia repo: https://mesosphere.github.io/charts/staging - version: 0.3.1 + version: 0.3.2 values: | --- grafana: diff --git a/addons/nvidia/0.2.x/nvidia-3.yaml b/addons/nvidia/0.2.x/nvidia-3.yaml new file mode 100644 index 00000000..33ee4748 --- /dev/null +++ b/addons/nvidia/0.2.x/nvidia-3.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: ClusterAddon +metadata: + name: nvidia + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: nvidia + kubeaddons.mesosphere.io/provides: nvidia + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "0.2.0-3" + appversion.kubeaddons.mesosphere.io/nvidia: "0.2.0" + values.chart.helm.kubeaddons.mesosphere.io/nvidia: "https://raw.githubusercontent.com/mesosphere/charts/master/staging/nvidia/values.yaml" + helmv2.kubeaddons.mesosphere.io/upgrade-strategy: '[{"upgradeFrom": "<=0.4.0", "strategy": "delete"}]' +spec: + kubernetes: + minSupportedVersion: v1.15.6 + cloudProvider: + - name: aws + enabled: false + - name: azure + enabled: false + - name: docker + enabled: false + - name: none + enabled: false + chartReference: + chart: nvidia + repo: https://mesosphere.github.io/charts/staging + version: 0.3.2 + values: | + --- + grafana: + enabled: true + nvidia-dcgm-exporter: + enabled: true + nodeSelector: + konvoy.mesosphere.com/gpu-provider: NVIDIA + initContainers: + - name: init-wait + image: busybox + command: ['sh', '-c', 'sleep 200'] + nvidia-device-plugin: + enabled: true + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + nodeSelector: + konvoy.mesosphere.com/gpu-provider: NVIDIA + initContainers: + - name: init-wait + image: busybox + command: ['sh', '-c', 'sleep 180'] + nvidia-driver: + enabled: true + image: + tag: "418.87.01-centos7" + resources: + requests: + cpu: 500m + memory: 512Mi + nodeSelector: + konvoy.mesosphere.com/gpu-provider: NVIDIA From 5d7eccd7d6838a6103b2057558750084cecf79a7 Mon Sep 17 00:00:00 2001 From: Deepak Goel Date: Tue, 25 Feb 2020 12:05:32 -0800 Subject: [PATCH 09/15] chore: disable audit log collection in fluent-bit (#154) * creates a copy for the update * disables audit log in fluentbit Signed-off-by: Deepak Goel --- addons/fluentbit/1.3.x/fluentbit-2.yaml | 82 +++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 addons/fluentbit/1.3.x/fluentbit-2.yaml diff --git a/addons/fluentbit/1.3.x/fluentbit-2.yaml b/addons/fluentbit/1.3.x/fluentbit-2.yaml new file mode 100644 index 00000000..fa270567 --- /dev/null +++ b/addons/fluentbit/1.3.x/fluentbit-2.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: Addon +metadata: + name: fluentbit + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: fluentbit + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "1.3.2-2" + appversion.kubeaddons.mesosphere.io/fluentbit: "1.3.2" + values.chart.helm.kubeaddons.mesosphere.io/fluentbit: "https://raw.githubusercontent.com/helm/charts/f9efc8de7dcd6f93ebacc4b321d01a5aa819cdaa/stable/fluent-bit/values.yaml" +spec: + kubernetes: + minSupportedVersion: v1.15.6 + cloudProvider: + - name: aws + enabled: true + - name: azure + enabled: true + - name: gcp + enabled: true + - name: docker + enabled: false + - name: none + enabled: true + chartReference: + chart: stable/fluent-bit + version: 2.8.4 + values: | + --- + audit: + enable: false + input: + memBufLimit: 35MB + parser: kubernetes-audit + path: /var/log/kubernetes/audit/*.log + bufferChunkSize: 5MB + bufferMaxSize: 20MB + skipLongLines: off + key: kubernetes-audit + backend: + es: + host: elasticsearch-kubeaddons-client + time_key: '@ts' + type: es + filter: + mergeJSONLog: false + input: + tail: + parser: cri + systemd: + enabled: true + filters: + systemdUnit: [] + metrics: + enabled: true + service: + labels: + servicemonitor.kubeaddons.mesosphere.io/path: "api__v1__metrics__prometheus" + tolerations: + - effect: NoSchedule + operator: Exists + extraEntries: + input: |- + Strip_Underscores true + resources: + limits: + memory: 750Mi + requests: + # values extracted from a 1 output/1 input setup here: + # https://github.com/fluent/fluent-bit-kubernetes-logging/blob/master/fluent-bit-daemonset-kafka-rest.yml + # we double it for 1 output (es)/2 input (tail, systemd) as an approximation + cpu: 200m + memory: 200Mi + parsers: + enabled: true + json: + - name: kubernetes-audit + timeKey: requestReceivedTimestamp + timeKeep: On + timeFormat: "%Y-%m-%dT%H:%M:%S.%L" From e81c740e89c2ee4c88ad3a64af098e317084de02 Mon Sep 17 00:00:00 2001 From: Gilbert Song <12464168+Gilbert88@users.noreply.github.com> Date: Wed, 26 Feb 2020 16:22:31 -0800 Subject: [PATCH 10/15] nvidia: Bumped the nvidia chart to 0.3.3 (#160) Bumped the nvidia chart to 0.3.3 which includes the redundant vault repo fix --- addons/nvidia/0.2.x/nvidia-4.yaml | 67 +++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 addons/nvidia/0.2.x/nvidia-4.yaml diff --git a/addons/nvidia/0.2.x/nvidia-4.yaml b/addons/nvidia/0.2.x/nvidia-4.yaml new file mode 100644 index 00000000..cc3f9617 --- /dev/null +++ b/addons/nvidia/0.2.x/nvidia-4.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: ClusterAddon +metadata: + name: nvidia + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: nvidia + kubeaddons.mesosphere.io/provides: nvidia + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "0.2.0-4" + appversion.kubeaddons.mesosphere.io/nvidia: "0.2.0" + values.chart.helm.kubeaddons.mesosphere.io/nvidia: "https://raw.githubusercontent.com/mesosphere/charts/master/staging/nvidia/values.yaml" + helmv2.kubeaddons.mesosphere.io/upgrade-strategy: '[{"upgradeFrom": "<=0.4.0", "strategy": "delete"}]' +spec: + kubernetes: + minSupportedVersion: v1.15.6 + cloudProvider: + - name: aws + enabled: false + - name: azure + enabled: false + - name: docker + enabled: false + - name: none + enabled: false + chartReference: + chart: nvidia + repo: https://mesosphere.github.io/charts/staging + version: 0.3.3 + values: | + --- + grafana: + enabled: true + nvidia-dcgm-exporter: + enabled: true + nodeSelector: + konvoy.mesosphere.com/gpu-provider: NVIDIA + initContainers: + - name: init-wait + image: busybox + command: ['sh', '-c', 'sleep 200'] + nvidia-device-plugin: + enabled: true + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + nodeSelector: + konvoy.mesosphere.com/gpu-provider: NVIDIA + initContainers: + - name: init-wait + image: busybox + command: ['sh', '-c', 'sleep 180'] + nvidia-driver: + enabled: true + image: + tag: "418.87.01-centos7" + resources: + requests: + cpu: 500m + memory: 512Mi + nodeSelector: + konvoy.mesosphere.com/gpu-provider: NVIDIA From 48837bb0d640765e9a3bf7e7887a1beab58209af Mon Sep 17 00:00:00 2001 From: Julian Gieseke Date: Fri, 28 Feb 2020 14:51:49 +0100 Subject: [PATCH 11/15] chore: bump ui (#166) --- .../opsportal/1.0.x/{opsportal-10.yaml => opsportal-11.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename addons/opsportal/1.0.x/{opsportal-10.yaml => opsportal-11.yaml} (95%) diff --git a/addons/opsportal/1.0.x/opsportal-10.yaml b/addons/opsportal/1.0.x/opsportal-11.yaml similarity index 95% rename from addons/opsportal/1.0.x/opsportal-10.yaml rename to addons/opsportal/1.0.x/opsportal-11.yaml index a1ca8e58..315458e9 100644 --- a/addons/opsportal/1.0.x/opsportal-10.yaml +++ b/addons/opsportal/1.0.x/opsportal-11.yaml @@ -7,7 +7,7 @@ metadata: labels: kubeaddons.mesosphere.io/name: opsportal annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-10" + catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-11" appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" @@ -28,7 +28,7 @@ spec: chartReference: chart: opsportal repo: https://mesosphere.github.io/charts/stable - version: 0.2.8 + version: 0.2.10 values: | --- landing: From 2505e33df1fb73f6e69972760884d86f3b914077 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Thu, 5 Mar 2020 19:17:34 -0800 Subject: [PATCH 12/15] Revert "prometheus-operator: Upgrade chart (#133)" This reverts commit 4130488cc1912953762f2715830126438370dfec. A CRD change, upstream, has broken the storage volume naming. This is not ready for release. https://github.com/helm/charts/issues/21290 https://jira.d2iq.com/browse/D2IQ-65097 --- addons/prometheus/0.35.x/prometheus-1.yaml | 340 --------------------- 1 file changed, 340 deletions(-) delete mode 100644 addons/prometheus/0.35.x/prometheus-1.yaml diff --git a/addons/prometheus/0.35.x/prometheus-1.yaml b/addons/prometheus/0.35.x/prometheus-1.yaml deleted file mode 100644 index 91c6a4fa..00000000 --- a/addons/prometheus/0.35.x/prometheus-1.yaml +++ /dev/null @@ -1,340 +0,0 @@ ---- -apiVersion: kubeaddons.mesosphere.io/v1beta1 -kind: Addon -metadata: - name: prometheus - namespace: kubeaddons - labels: - kubeaddons.mesosphere.io/name: prometheus - # TODO: we're temporarily supporting dependency on an existing default storage class - # on the cluster, this hack will trigger re-queue on Addons until one exists. - kubeaddons.mesosphere.io/hack-requires-defaultstorageclass: "true" - annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "0.35.0-1" - appversion.kubeaddons.mesosphere.io/prometheus-operator: "0.35.0" - appversion.kubeaddons.mesosphere.io/prometheus: "2.15.2" - appversion.kubeaddons.mesosphere.io/alertmanager: "0.20.0" - appversion.kubeaddons.mesosphere.io/grafana: "6.4.2" - endpoint.kubeaddons.mesosphere.io/prometheus: "/ops/portal/prometheus" - endpoint.kubeaddons.mesosphere.io/alertmanager: "/ops/portal/alertmanager" - endpoint.kubeaddons.mesosphere.io/grafana: "/ops/portal/grafana" - docs.kubeaddons.mesosphere.io/prometheus: "https://prometheus.io/docs/introduction/overview/" - docs.kubeaddons.mesosphere.io/grafana: "https://grafana.com/docs/" - docs.kubeaddons.mesosphere.io/alertmanager: "https://prometheus.io/docs/alerting/alertmanager/" - values.chart.helm.kubeaddons.mesosphere.io/prometheus: "https://raw.githubusercontent.com/mesosphere/charts/a370c215c08ca7e50055902177141554de5444e6/staging/prometheus-operator/values.yaml" - # The prometheus-operator chart from prior Konvoy releases can't be upgraded to this chart version. - # See https://jira.d2iq.com/browse/DCOS-62924. - helmv2.kubeaddons.mesosphere.io/upgrade-strategy: '[{"upgradeFrom": "<=5.19.7", "strategy": "delete"}]' -spec: - kubernetes: - minSupportedVersion: v1.15.6 - cloudProvider: - - name: aws - enabled: true - - name: azure - enabled: true - - name: gcp - enabled: true - - name: docker - enabled: false - - name: none - enabled: true - chartReference: - chart: prometheus-operator - repo: https://mesosphere.github.io/charts/staging - version: 8.7.1 - values: | - --- - defaultRules: - rules: - etcd: false - mesosphereResources: - create: true - rules: - etcd: true - # addon alert rules are defaulted to false to prevent potential misfires if addons - # are disabled. - velero: false - prometheus: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - traefik.frontend.rule.type: PathPrefixStrip - traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Authorization,Impersonate-User,Impersonate-Group - traefik.ingress.kubernetes.io/auth-type: forward - traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ - traefik.ingress.kubernetes.io/priority: "2" - paths: - - /ops/portal/prometheus - service: - additionalPorts: - # Service port for Thanos gRPC. - - name: grpc - port: 10901 - targetPort: grpc - additionalServiceMonitors: - - name: kubeaddons-service-monitor-metrics - selector: - matchLabels: - servicemonitor.kubeaddons.mesosphere.io/path: "metrics" - namespaceSelector: - matchNames: - - kubeaddons - - kommander - - velero - endpoints: - - port: metrics - interval: 30s - - port: monitoring - interval: 30s - # Service port for Thanos Querier, running in Kommander. - # If we ever add a Kommander-specific Prometheus, this - # endpoint should be removed and added to that Prometheus's - # configuration. - - targetPort: 10902 - interval: 30s - - name: kubeaddons-service-monitor-api-v1-metrics-prometheus - selector: - matchLabels: - servicemonitor.kubeaddons.mesosphere.io/path: "api__v1__metrics__prometheus" - namespaceSelector: - matchNames: - - kubeaddons - endpoints: - - path: /api/v1/metrics/prometheus - port: metrics - interval: 30s - - name: kubeaddons-service-monitor-prometheus-metrics - selector: - matchLabels: - servicemonitor.kubeaddons.mesosphere.io/path: "prometheus__metrics" - namespaceSelector: - matchNames: - - kubeaddons - endpoints: - - path: /_prometheus/metrics - targetPort: 5601 - interval: 30s - prometheusSpec: - thanos: - version: v0.8.1 - externalLabels: - cluster: $(CLUSTER_ID) - containers: - - name: prometheus-config-reloader - envFrom: - - configMapRef: - name: cluster-info-configmap - additionalScrapeConfigs: - - job_name: 'kubernetes-nodes-containerd' - metrics_path: /v1/metrics - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - source_labels: [__address__] - regex: '(.*):10250' - replacement: '${1}:1338' - target_label: __address__ - - job_name: 'gpu_metrics' - metrics_path: /gpu/metrics - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - source_labels: [__address__] - regex: '(.*):10250' - replacement: '${1}:9400' - target_label: __address__ - - source_labels: [__meta_kubernetes_node_label_konvoy_mesosphere_com_gpu_provider] - regex: NVIDIA - action: keep - - job_name: 'kubernetes-calico-node' - metrics_path: /metrics - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: pod - namespaces: - names: - - kube-system - relabel_configs: - - source_labels: [__meta_kubernetes_pod_label_k8s_app] - regex: calico-node - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_name] - regex: .*metrics - action: keep - - source_labels: [__meta_kubernetes_pod_label_k8s_app] - target_label: name - action: replace - - source_labels: [__meta_kubernetes_pod_container_port_name] - target_label: endpoint - action: replace - - source_labels: [__meta_kubernetes_pod_node_name] - target_label: node - action: replace - - source_labels: [__meta_kubernetes_pod_name] - target_label: pod - action: replace - - source_labels: [__meta_kubernetes_namespace] - target_label: namespace - action: replace - - job_name: 'kubernetes-keepalived' - metrics_path: /snmp - params: - target: ["127.0.0.1:6161"] - module: ["keepalived"] - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: pod - namespaces: - names: - - kube-system - relabel_configs: - - source_labels: [__meta_kubernetes_pod_container_port_protocol] - regex: TCP - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_number] - regex: "6161" - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_name] - target_label: endpoint - action: replace - - source_labels: [__meta_kubernetes_pod_node_name] - target_label: node - action: replace - - source_labels: [__meta_kubernetes_pod_name] - target_label: pod - action: replace - - source_labels: [__meta_kubernetes_namespace] - target_label: namespace - action: replace - enableAdminAPI: true - secrets: - - etcd-certs - externalUrl: "/ops/portal/prometheus" - storageSpec: - volumeClaimTemplate: - metadata: - name: db - spec: - accessModes: ["ReadWriteOnce"] - # 50Gi is the default size for the chart - resources: - requests: - storage: 50Gi - resources: - limits: - cpu: 1000m - memory: 2500Mi - requests: - cpu: 300m - memory: 1500Mi - alertmanager: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - traefik.frontend.rule.type: PathPrefixStrip - traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Authorization,Impersonate-User,Impersonate-Group - traefik.ingress.kubernetes.io/auth-type: forward - traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ - traefik.ingress.kubernetes.io/priority: "2" - paths: - - /ops/portal/alertmanager - alertmanagerSpec: - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 50Mi - grafana: - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User - traefik.frontend.rule.type: PathPrefixStrip - traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Authorization,Impersonate-User,Impersonate-Group - traefik.ingress.kubernetes.io/auth-type: forward - traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/ - traefik.ingress.kubernetes.io/priority: "2" - hosts: [""] - path: /ops/portal/grafana - grafana.ini: - server: - protocol: http - enable_gzip: true - root_url: "%(protocol)s://%(domain)s:%(http_port)s/ops/portal/grafana" - auth.proxy: - enabled: true - header_name: X-Forwarded-User - auto-sign-up: true - auth.basic: - enabled: false - users: - auto_assign_org_role: Admin - service: - type: ClusterIP - port: 3000 - resources: - # keep request = limit to keep this container in guaranteed class - limits: - cpu: 300m - memory: 100Mi - requests: - cpu: 200m - memory: 100Mi - readinessProbe: - httpGet: - path: /api/health - port: 3000 - scheme: HTTP - livenessProbe: - httpGet: - path: /api/health - port: 3000 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - rbac: - pspUseAppArmor: false - # to avoid needing to download any plugins at runtime, use a container and a shared volume - # do not enable the plugins here, instead rebuild the mesosphere/grafana-plugins image with the new plugins - plugins: [] - # - grafana-piechart-panel - extraEmptyDirMounts: - - name: plugins - mountPath: /var/lib/grafana/plugins/ - extraInitContainers: - - name: grafana-plugins-install - image: mesosphere/grafana-plugins:v0.0.1 - command: ["/bin/sh", "-c", "cp -a /var/lib/grafana/plugins/. /var/lib/grafana/shared-plugins/"] - volumeMounts: - - name: plugins - mountPath: /var/lib/grafana/shared-plugins/ - kubeEtcd: - enabled: true - serviceMonitor: - scheme: "https" - caFile: "/etc/prometheus/secrets/etcd-certs/ca.crt" - certFile: "/etc/prometheus/secrets/etcd-certs/server.crt" - keyFile: "/etc/prometheus/secrets/etcd-certs/server.key" - kube-state-metrics: - image: - # override the default k8s.gcr.io/kube-state-metrics repositry - # containerd mirror functionality does not support pulling these images - # TODO remove once https://github.com/containerd/containerd/issues/3756 is resolved - repository: quay.io/coreos/kube-state-metrics From 0cd0827ac72f40f902c2cc70c5162d1dbd35e961 Mon Sep 17 00:00:00 2001 From: Alejandro Escobar Date: Wed, 4 Mar 2020 20:24:14 -0800 Subject: [PATCH 13/15] [ElasticSearch, fluentbit] Create index template (#163) * [elasticsearch] create poststart task to create index template we allow the creation of an index template since drain is set to false * create new revision of fluentbit * updated with agreed fields * updated with agreed fields, fixed * fixed removed items --- .../elasticsearch/6.8.x/elasticsearch-2.yaml | 81 +++++++++++++++++ addons/fluentbit/1.3.x/fluentbit-3.yaml | 87 +++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 addons/elasticsearch/6.8.x/elasticsearch-2.yaml create mode 100644 addons/fluentbit/1.3.x/fluentbit-3.yaml diff --git a/addons/elasticsearch/6.8.x/elasticsearch-2.yaml b/addons/elasticsearch/6.8.x/elasticsearch-2.yaml new file mode 100644 index 00000000..d28fdecb --- /dev/null +++ b/addons/elasticsearch/6.8.x/elasticsearch-2.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: Addon +metadata: + name: elasticsearch + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: elasticsearch + # TODO: we're temporarily supporting dependency on an existing default storage class + # on the cluster, this hack will trigger re-queue on Addons until one exists. + kubeaddons.mesosphere.io/hack-requires-defaultstorageclass: "true" + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "6.8.2-2" + appversion.kubeaddons.mesosphere.io/elasticsearch: "6.8.2" + values.chart.helm.kubeaddons.mesosphere.io/elasticsearch: "https://raw.githubusercontent.com/helm/charts/6bfbc8018cd4440637b07c7559d5812e4d9db34d/stable/elasticsearch/values.yaml" +spec: + kubernetes: + minSupportedVersion: v1.15.0 + cloudProvider: + - name: aws + enabled: true + - name: azure + enabled: true + - name: gcp + enabled: true + - name: docker + enabled: false + - name: none + enabled: true + chartReference: + chart: stable/elasticsearch + version: 1.32.0 + values: | + --- + client: + heapSize: 1024m + resources: + limits: + cpu: 500m + memory: 2048Mi + requests: + cpu: 100m + memory: 1536Mi + master: + updateStrategy: + type: RollingUpdate + heapSize: 1024m + resources: + # need more cpu upon initialization, therefore burstable class + limits: + cpu: 1000m + memory: 2048Mi + requests: + cpu: 500m + memory: 1536Mi + data: + updateStrategy: + type: RollingUpdate + hooks: + drain: + enabled: false + # Because the drain is set to false, we can take advantage here and create resources we need + postStart: |- + #!/bin/bash + # Creating the index template: 'kubernetes_cluster' + # Reduces the number of fields produced due to the indexing of the audit logs + # if template doesnt return 200, try to create it + if ! curl -I -XGET '{{ template "elasticsearch.client.fullname" . }}:9200/_template/kubernetes_cluster' | grep "200" > /dev/null + then + echo "Creating the index template: 'kubernetes_cluster'" + curl -H 'Content-Type: application/json' -XPUT '{{ template "elasticsearch.client.fullname" . }}:9200/_template/kubernetes_cluster' -d '{"index_patterns":["kubernetes_cluster*"],"mappings":{"flb_type":{"properties":{"@ts":{"type":"date"},"requestObject":{"dynamic":false,"properties":{"apiVersion":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"kind":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"metadata":{"properties":{"creationTimestamp":{"type":"date"},"labels":{"properties":{"app":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/instance":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/managed-by":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/version":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"helm_sh/chart":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"namespace":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"ownerReferences":{"properties":{"apiVersion":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"kind":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"uid":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"uid":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"status":{"properties":{"allowed":{"type":"boolean"},"conditions":{"properties":{"lastHeartbeatTime":{"type":"date"},"lastTransitionTime":{"type":"date"},"lastUpdateTime":{"type":"date"},"message":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"reason":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"status":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"type":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"containerStatuses":{"properties":{"containerID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"image":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"imageID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"lastState":{"properties":{"terminated":{"properties":{"containerID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"exitCode":{"type":"long"},"finishedAt":{"type":"date"},"reason":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"startedAt":{"type":"date"}}}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"ready":{"type":"boolean"},"restartCount":{"type":"long"},"started":{"type":"boolean"},"state":{"properties":{"running":{"properties":{"startedAt":{"type":"date"}}},"waiting":{"properties":{"reason":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}},"hostIP":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"loadBalancer":{"properties":{"ingress":{"properties":{"hostname":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}},"podIP":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"spec":{"properties":{"user":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"template":{"properties":{"spec":{"properties":{"containers":{"properties":{"args":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"command":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"env":{"properties":{"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"value":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"valueFrom":{"properties":{"fieldRef":{"properties":{"apiVersion":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"fieldPath":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}},"image":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"imagePullPolicy":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"livenessProbe":{"properties":{"failureThreshold":{"type":"long"},"httpGet":{"properties":{"path":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"port":{"type":"long"},"scheme":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"initialDelaySeconds":{"type":"long"},"periodSeconds":{"type":"long"},"successThreshold":{"type":"long"},"timeoutSeconds":{"type":"long"}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"ports":{"properties":{"containerPort":{"type":"long"},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"protocol":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"readinessProbe":{"properties":{"failureThreshold":{"type":"long"},"httpGet":{"properties":{"path":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"port":{"type":"long"},"scheme":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"initialDelaySeconds":{"type":"long"},"periodSeconds":{"type":"long"},"successThreshold":{"type":"long"},"timeoutSeconds":{"type":"long"}}},"resources":{"properties":{"limits":{"properties":{"cpu":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"memory":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"requests":{"properties":{"cpu":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"memory":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}},"terminationMessagePath":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"terminationMessagePolicy":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"volumeMounts":{"properties":{"mountPath":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"readOnly":{"type":"boolean"}}}}},"serviceAccount":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"serviceAccountName":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}},"webhooks":{"properties":{"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"namespaceSelector":{"properties":{"matchExpressions":{"properties":{"key":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"operator":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"values":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}},"objectSelector":{"properties":{"matchExpressions":{"properties":{"key":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"operator":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"values":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}}}},"responseObject":{"dynamic":false,"properties":{"apiVersion":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"kind":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"metadata":{"properties":{"creationTimestamp":{"type":"date"},"labels":{"properties":{"app":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/instance":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/managed-by":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"app_kubernetes_io/version":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"chart":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"helm_sh/chart":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"namespace":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"ownerReferences":{"properties":{"apiVersion":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"kind":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"uid":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"uid":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"status":{"properties":{"allowed":{"type":"boolean"},"conditions":{"properties":{"lastTransitionTime":{"type":"date"},"lastUpdateTime":{"type":"date"},"message":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"reason":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"status":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"type":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"reason":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"spec":{"properties":{"template":{"properties":{"spec":{"properties":{"containers":{"properties":{"command":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"image":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"imagePullPolicy":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"ports":{"properties":{"containerPort":{"type":"long"},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"protocol":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"volumeMounts":{"properties":{"mountPath":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"readOnly":{"type":"boolean"}}}}},"serviceAccount":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"serviceAccountName":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}},"user":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"webhooks":{"properties":{"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"namespaceSelector":{"properties":{"matchExpressions":{"properties":{"key":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"operator":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"values":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}}}},"responseStatus":{"dynamic":false,"properties":{"code":{"type":"long"},"message":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"metadata":{"type":"object"},"reason":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"status":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}}' + fi + heapSize: 3072m + resources: + # need more cpu upon initialization, therefore burstable class + limits: + cpu: 2000m + memory: 8192Mi + requests: + cpu: 1000m + memory: 4608Mi diff --git a/addons/fluentbit/1.3.x/fluentbit-3.yaml b/addons/fluentbit/1.3.x/fluentbit-3.yaml new file mode 100644 index 00000000..36ed3b03 --- /dev/null +++ b/addons/fluentbit/1.3.x/fluentbit-3.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: kubeaddons.mesosphere.io/v1beta1 +kind: Addon +metadata: + name: fluentbit + namespace: kubeaddons + labels: + kubeaddons.mesosphere.io/name: fluentbit + annotations: + catalog.kubeaddons.mesosphere.io/addon-revision: "1.3.2-3" + appversion.kubeaddons.mesosphere.io/fluentbit: "1.3.2" + values.chart.helm.kubeaddons.mesosphere.io/fluentbit: "https://raw.githubusercontent.com/helm/charts/f9efc8de7dcd6f93ebacc4b321d01a5aa819cdaa/stable/fluent-bit/values.yaml" +spec: + kubernetes: + minSupportedVersion: v1.15.6 + requires: + # This allows us to have fluentbit wait until ES is deployed and has the right configurations up, in particular + # setting up index templates + - matchLabels: + kubeaddons.mesosphere.io/name: elasticsearch + cloudProvider: + - name: aws + enabled: true + - name: azure + enabled: true + - name: gcp + enabled: true + - name: docker + enabled: false + - name: none + enabled: true + chartReference: + chart: stable/fluent-bit + version: 2.8.4 + values: | + --- + audit: + enable: true + input: + memBufLimit: 35MB + parser: kubernetes-audit + path: /var/log/kubernetes/audit/*.log + bufferChunkSize: 5MB + bufferMaxSize: 20MB + skipLongLines: off + key: kubernetes-audit + backend: + es: + host: elasticsearch-kubeaddons-client + time_key: '@ts' + type: es + filter: + mergeJSONLog: false + input: + tail: + parser: cri + systemd: + enabled: true + filters: + systemdUnit: [] + metrics: + enabled: true + service: + labels: + servicemonitor.kubeaddons.mesosphere.io/path: "api__v1__metrics__prometheus" + tolerations: + - effect: NoSchedule + operator: Exists + extraEntries: + input: |- + Strip_Underscores true + resources: + limits: + memory: 750Mi + requests: + # values extracted from a 1 output/1 input setup here: + # https://github.com/fluent/fluent-bit-kubernetes-logging/blob/master/fluent-bit-daemonset-kafka-rest.yml + # we double it for 1 output (es)/2 input (tail, systemd) as an approximation + cpu: 200m + memory: 200Mi + parsers: + enabled: true + json: + - name: kubernetes-audit + timeKey: requestReceivedTimestamp + timeKeep: On + timeFormat: "%Y-%m-%dT%H:%M:%S.%L" From a1451bad272e2e3401f158c1483a3c7c0008cc22 Mon Sep 17 00:00:00 2001 From: Shane Utt Date: Thu, 5 Mar 2020 13:35:58 -0500 Subject: [PATCH 14/15] chore: bump ui (#170) --- .../opsportal/1.0.x/{opsportal-11.yaml => opsportal-12.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename addons/opsportal/1.0.x/{opsportal-11.yaml => opsportal-12.yaml} (95%) diff --git a/addons/opsportal/1.0.x/opsportal-11.yaml b/addons/opsportal/1.0.x/opsportal-12.yaml similarity index 95% rename from addons/opsportal/1.0.x/opsportal-11.yaml rename to addons/opsportal/1.0.x/opsportal-12.yaml index 315458e9..145326ad 100644 --- a/addons/opsportal/1.0.x/opsportal-11.yaml +++ b/addons/opsportal/1.0.x/opsportal-12.yaml @@ -7,7 +7,7 @@ metadata: labels: kubeaddons.mesosphere.io/name: opsportal annotations: - catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-11" + catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.0-12" appversion.kubeaddons.mesosphere.io/opsportal: "1.0.0" endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/ values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/4155f480571eaf82c64ddd63d3d334b1105d0591/stable/opsportal/values.yaml" @@ -28,7 +28,7 @@ spec: chartReference: chart: opsportal repo: https://mesosphere.github.io/charts/stable - version: 0.2.10 + version: 0.2.11 values: | --- landing: From 139df4dfd405e9423081d126dec3f9bdae82a308 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Wed, 11 Mar 2020 17:23:30 -0700 Subject: [PATCH 15/15] Add release notes for 1.3.0 --- RELEASE_NOTES.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 9de28562..bdeef34f 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,4 +1,9 @@ # Release Notes +## stable-1.15-1.3.0, stable-1.16-1.3.0 + +* [ElasticSearch, fluentbit] Create index template + Create ElasticSearch Index Template. Require Fluentbit to deploy only after ElasticSearch deploys. + ## stable-1.15-1.2.0, stable-1.16-1.2.0 * fluent-bit