From 04c1500801f4d88635001bda1e4f73473fe8e33a Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Tue, 29 Nov 2016 16:31:13 -0500 Subject: =?UTF-8?q?Bruno=20Barcarol=20Guimar=C3=A3es=20work=20to=20move=20?= =?UTF-8?q?metrics=20to=20ansible=20from=20deployer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/hawkular_cassandra_rc.j2 | 94 ++++++++++++++++++++++ .../templates/hawkular_metrics_rc.j2 | 88 ++++++++++++++++++++ roles/openshift_metrics/templates/heapster.j2 | 66 +++++++++++++++ roles/openshift_metrics/templates/pvc.j2 | 27 +++++++ roles/openshift_metrics/templates/rolebinding.j2 | 23 ++++++ roles/openshift_metrics/templates/route.j2 | 23 ++++++ roles/openshift_metrics/templates/secret.j2 | 12 +++ roles/openshift_metrics/templates/service.j2 | 32 ++++++++ .../openshift_metrics/templates/serviceaccount.j2 | 16 ++++ 9 files changed, 381 insertions(+) create mode 100644 roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 create mode 100644 roles/openshift_metrics/templates/hawkular_metrics_rc.j2 create mode 100644 roles/openshift_metrics/templates/heapster.j2 create mode 100644 roles/openshift_metrics/templates/pvc.j2 create mode 100644 roles/openshift_metrics/templates/rolebinding.j2 create mode 100644 roles/openshift_metrics/templates/route.j2 create mode 100644 roles/openshift_metrics/templates/secret.j2 create mode 100644 roles/openshift_metrics/templates/service.j2 create mode 100644 roles/openshift_metrics/templates/serviceaccount.j2 (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 new file mode 100644 index 000000000..bb8866263 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-cassandra-{{ node }} + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra + type: hawkular-cassandra +spec: + selector: + name: hawkular-cassandra-{{ node }} + replicas: 1 + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra-{{ node }} + type: hawkular-cassandra + spec: + serviceAccount: cassandra + containers: + - image: "{{ image_prefix }}metrics-cassandra:{{ image_version }}" + name: hawkular-cassandra-{{ node }} + ports: + - name: cql-port + containerPort: 9042 + - name: thift-port + containerPort: 9160 + - name: tcp-port + containerPort: 7000 + - name: ssl-port + containerPort: 7001 + command: + - "/opt/apache-cassandra/bin/cassandra-docker.sh" + - "--cluster_name=hawkular-metrics" + - "--data_volume=/cassandra_data" + - "--internode_encryption=all" + - "--require_node_auth=true" + - "--enable_client_encryption=true" + - "--require_client_auth=true" + - "--keystore_file=/secret/cassandra.keystore" + - "--keystore_password_file=/secret/cassandra.keystore.password" + - "--truststore_file=/secret/cassandra.truststore" + - "--truststore_password_file=/secret/cassandra.truststore.password" + - "--cassandra_pem_file=/secret/cassandra.pem" + env: + - name: CASSANDRA_MASTER + value: "{{ master }}" + - name: CASSANDRA_DATA_VOLUME + value: "/cassandra_data" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MEMORY_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: 1m + volumeMounts: + - name: cassandra-data + mountPath: "/cassandra_data" + - name: hawkular-cassandra-secrets + mountPath: "/secret" + readinessProbe: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-docker-ready.sh" + lifecycle: + preStop: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-prestop.sh" + postStart: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-poststart.sh" + terminationGracePeriodSeconds: 1800 + volumes: + - name: cassandra-data +{% if hawkular_cassandra_storage_type == 'emptydir' %} + emptyDir: {} +{% else %} + persistentVolumeClaim: + claimName: "{{ hawkular_cassandra_pv_prefix }}-{{ node }}" +{% endif %} + - name: hawkular-cassandra-secrets + secret: + secretName: hawkular-cassandra-secrets diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 new file mode 100644 index 000000000..bcfe9dc84 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -0,0 +1,88 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics +spec: + selector: + name: hawkular-metrics + replicas: 1 + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics + spec: + serviceAccount: hawkular + containers: + - image: {{image_prefix}}metrics-hawkular-metrics:{{image_version}} + name: hawkular-metrics + ports: + - name: http-endpoint + containerPort: 8080 + - name: https-endpoint + containerPort: 8443 + - name: ping + containerPort: 8888 + command: + - "/opt/hawkular/scripts/hawkular-metrics-wrapper.sh" + - "-b" + - 0.0.0.0 + - "-Dhawkular.metrics.cassandra.nodes=hawkular-cassandra" + - "-Dhawkular.metrics.cassandra.use-ssl" + - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" + - "-Dhawkular.metrics.default-ttl={{metrics_duration}}" + - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" + - "-Dhawkular-alerts.cassandra-use-ssl" + - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.alerts.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" + - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" + - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" + - "-DKUBERNETES_MASTER_URL={{master_url}}" + - "-DUSER_WRITE_ACCESS={{hawkular_user_write_access}}" + - "--hmw.keystore=/secrets/hawkular-metrics.keystore" + - "--hmw.truststore=/secrets/hawkular-metrics.truststore" + - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" + - "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password" + - "--hmw.jgroups_keystore=/secrets/hawkular-metrics.jgroups.keystore" + - "--hmw.jgroups_keystore_password_file=/secrets/hawkular-metrics.jgroups.keystore.password" + - "--hmw.jgroups_alias_file=/secrets/hawkular-metrics.jgroups.alias" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MASTER_URL + value: "{{ master_url }}" + - name: OPENSHIFT_KUBE_PING_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPENSHIFT_KUBE_PING_LABELS + value: "metrics-infra=hawkular-metrics,name=hawkular-metrics" + volumeMounts: + - name: hawkular-metrics-secrets + mountPath: "/secrets" + - name: hawkular-metrics-client-secrets + mountPath: "/client-secrets" + readinessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-readiness.py" + livenessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-liveness.py" + volumes: + - name: hawkular-metrics-secrets + secret: + secretName: hawkular-metrics-secrets + - name: hawkular-metrics-client-secrets + secret: + secretName: hawkular-metrics-account diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 new file mode 100644 index 000000000..779be0145 --- /dev/null +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -0,0 +1,66 @@ +apiVersion: "v1" +kind: "ReplicationController" +metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster +spec: + selector: + name: heapster + replicas: 1 + template: + version: v1 + metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster + spec: + serviceAccountName: heapster + containers: + - name: heapster + image: {{image_prefix}}metrics-heapster:{{image_version}} + ports: + - containerPort: 8082 + name: "http-endpoint" + command: + - "heapster-wrapper.sh" + - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" + - "--source=kubernetes:{{master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--tls_cert=/secrets/heapster.cert" + - "--tls_key=/secrets/heapster.key" + - "--tls_client_ca=/secrets/heapster.client-ca" + - "--allowed_users=%allowed_users%" + - "--metric_resolution={{metrics_resolution}}" +{% if not heapster_standalone %} + - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" + - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" + - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" +{% endif %} + volumeMounts: + - name: heapster-secrets + mountPath: "/secrets" +{% if not heapster_standalone %} + - name: hawkular-metrics-certificate + mountPath: "/hawkular-cert" + - name: hawkular-metrics-account + mountPath: "/hawkular-account" + readinessProbe: + exec: + command: + - "/opt/heapster-readiness.sh" +{% endif %} + volumes: + - name: heapster-secrets + secret: + secretName: heapster-secrets +{% if not heapster_standalone %} + - name: hawkular-metrics-certificate + secret: + secretName: hawkular-metrics-certificate + - name: hawkular-metrics-account + secret: + secretName: hawkular-metrics-account +{% endif %} diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 new file mode 100644 index 000000000..8fbfa8b5d --- /dev/null +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{obj_name}} +{% if labels is not defined %} + labels: + logging-infra: support +{% elif labels %} + labels: +{% for key, value in labels.iteritems() %} + {{ key }}: {{ value }} +{% endfor %} +{% endif %} +{% if annotations is defined and annotations %} + annotations: +{% for key,value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: + accessModes: +{% for mode in access_modes %} + - {{ mode }} +{% endfor %} + resources: + requests: + storage: {{size}} diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2 new file mode 100644 index 000000000..5230f0780 --- /dev/null +++ b/roles/openshift_metrics/templates/rolebinding.j2 @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: {% if cluster is defined and cluster %}Cluster{% endif %}RoleBinding +metadata: + name: {{obj_name}} +{% if labels is defined %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +roleRef: +{% if 'kind' in roleRef %} + kind: {{ roleRef.kind }} +{% endif %} + name: {{ roleRef.name }} +subjects: +{% for sub in subjects %} + - kind: {{ sub.kind }} + name: {{ sub.name }} +{% if 'namespace' in sub %} + namespace: {{ sub.namespace }} +{% endif %} +{% endfor %} diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 new file mode 100644 index 000000000..a720c4959 --- /dev/null +++ b/roles/openshift_metrics/templates/route.j2 @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Route +metadata: + name: {{ name }} +{% if labels is defined and labels %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +spec: + host: {{ host }} + to: + kind: {{ to.kind }} + name: {{ to.name }} +{% if tls is defined %} + tls: + termination: {{ tls.termination }} +{% if tls.termination == 'reencrypt' %} + destinationCACertificate: | +{{ tls.destination_ca_certificate|indent(6, true) }} +{% endif %} +{% endif %} diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2 new file mode 100644 index 000000000..370890c7d --- /dev/null +++ b/roles/openshift_metrics/templates/secret.j2 @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ name }}" + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +data: +{% for k, v in data.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 new file mode 100644 index 000000000..8df89127b --- /dev/null +++ b/roles/openshift_metrics/templates/service.j2 @@ -0,0 +1,32 @@ +apiVersion: "v1" +kind: "Service" +metadata: + name: "{{obj_name}}" +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: +{% if headless is defined and headless %} + portalIP: None + clusterIP: None +{% endif %} + ports: +{% for port in ports %} + - +{% for key, value in port.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% if port.targetPort is undefined %} + clusterIP: "None" +{% endif %} +{% endfor %} +{% if service_targetPort is defined %} + targetPort: {{service_targetPort}} +{% endif %} + selector: + {% for key, value in selector.iteritems() %} + {{key}}: {{value}} + {% endfor %} diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2 new file mode 100644 index 000000000..b22acc594 --- /dev/null +++ b/roles/openshift_metrics/templates/serviceaccount.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{obj_name}} +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +{% if secrets is defined %} +secrets: +{% for name in secrets %} +- name: {{ name }} +{% endfor %} +{% endif %} -- cgit v1.2.3 From f3f1f610c9e0fdf8115dd8ea61e647080ad42006 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Wed, 30 Nov 2016 12:12:14 -0500 Subject: prefix vars with metrics role (#4) --- roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 6 +++--- roles/openshift_metrics/templates/hawkular_metrics_rc.j2 | 10 +++++----- roles/openshift_metrics/templates/heapster.j2 | 14 +++++++------- 3 files changed, 15 insertions(+), 15 deletions(-) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index bb8866263..525f32859 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -20,7 +20,7 @@ spec: spec: serviceAccount: cassandra containers: - - image: "{{ image_prefix }}metrics-cassandra:{{ image_version }}" + - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" name: hawkular-cassandra-{{ node }} ports: - name: cql-port @@ -83,11 +83,11 @@ spec: terminationGracePeriodSeconds: 1800 volumes: - name: cassandra-data -{% if hawkular_cassandra_storage_type == 'emptydir' %} +{% if openshift_metrics_hawkular_cassandra_storage_type == 'emptydir' %} emptyDir: {} {% else %} persistentVolumeClaim: - claimName: "{{ hawkular_cassandra_pv_prefix }}-{{ node }}" + claimName: "{{ openshift_metrics_hawkular_cassandra_pv_prefix }}-{{ node }}" {% endif %} - name: hawkular-cassandra-secrets secret: diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index bcfe9dc84..6f1275809 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -18,7 +18,7 @@ spec: spec: serviceAccount: hawkular containers: - - image: {{image_prefix}}metrics-hawkular-metrics:{{image_version}} + - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} name: hawkular-metrics ports: - name: http-endpoint @@ -36,7 +36,7 @@ spec: - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" - - "-Dhawkular.metrics.default-ttl={{metrics_duration}}" + - "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}" - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" - "-Dhawkular-alerts.cassandra-use-ssl" - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" @@ -44,8 +44,8 @@ spec: - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" - - "-DKUBERNETES_MASTER_URL={{master_url}}" - - "-DUSER_WRITE_ACCESS={{hawkular_user_write_access}}" + - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}" + - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}" - "--hmw.keystore=/secrets/hawkular-metrics.keystore" - "--hmw.truststore=/secrets/hawkular-metrics.truststore" - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" @@ -59,7 +59,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: MASTER_URL - value: "{{ master_url }}" + value: "{{ openshift_metrics_master_url }}" - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index 779be0145..e4b4b9739 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -20,29 +20,29 @@ spec: serviceAccountName: heapster containers: - name: heapster - image: {{image_prefix}}metrics-heapster:{{image_version}} + image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} ports: - containerPort: 8082 name: "http-endpoint" command: - "heapster-wrapper.sh" - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" - - "--source=kubernetes:{{master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--source=kubernetes:{{openshift_metrics_master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" - "--tls_cert=/secrets/heapster.cert" - "--tls_key=/secrets/heapster.key" - "--tls_client_ca=/secrets/heapster.client-ca" - "--allowed_users=%allowed_users%" - - "--metric_resolution={{metrics_resolution}}" -{% if not heapster_standalone %} + - "--metric_resolution={{openshift_metrics_resolution}}" +{% if not openshift_metrics_heapster_standalone %} - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" - - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" {% endif %} volumeMounts: - name: heapster-secrets mountPath: "/secrets" -{% if not heapster_standalone %} +{% if not openshift_metrics_heapster_standalone %} - name: hawkular-metrics-certificate mountPath: "/hawkular-cert" - name: hawkular-metrics-account @@ -56,7 +56,7 @@ spec: - name: heapster-secrets secret: secretName: heapster-secrets -{% if not heapster_standalone %} +{% if not openshift_metrics_heapster_standalone %} - name: hawkular-metrics-certificate secret: secretName: hawkular-metrics-certificate -- cgit v1.2.3 From b6ce0464142403785a7ba8eae664286082f4d30e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20Barcarol=20Guimar=C3=A3es?= Date: Mon, 5 Dec 2016 16:34:32 +0000 Subject: Custom certificates (#5) * Generate secrets on a persistent directory. * Split certificate generation files. * Custom certificates. * Minor fixes. - use `slurp` instead of `shell: base64` - fix route hostname * Updates on origin-metrics. --- roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 2 ++ roles/openshift_metrics/templates/hawkular_metrics_rc.j2 | 2 ++ roles/openshift_metrics/templates/heapster.j2 | 5 ++++- 3 files changed, 8 insertions(+), 1 deletion(-) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 525f32859..158d0d1a3 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -49,6 +49,8 @@ spec: value: "{{ master }}" - name: CASSANDRA_DATA_VOLUME value: "/cassandra_data" + - name: JVM_OPTS + value: "-Dcassandra.commitlog.ignorereplayerrors=true" - name: POD_NAMESPACE valueFrom: fieldRef: diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 6f1275809..647a4bfbb 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -66,6 +66,8 @@ spec: fieldPath: metadata.namespace - name: OPENSHIFT_KUBE_PING_LABELS value: "metrics-infra=hawkular-metrics,name=hawkular-metrics" + - name: STARTUP_TIMEOUT + value: "{{ openshift_metrics_startup_timeout }}" volumeMounts: - name: hawkular-metrics-secrets mountPath: "/secrets" diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index e4b4b9739..90227db68 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -27,7 +27,7 @@ spec: command: - "heapster-wrapper.sh" - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" - - "--source=kubernetes:{{openshift_metrics_master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--source=kubernetes.summary_api:${MASTER_URL}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" - "--tls_cert=/secrets/heapster.cert" - "--tls_key=/secrets/heapster.key" - "--tls_client_ca=/secrets/heapster.client-ca" @@ -39,6 +39,9 @@ spec: - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" {% endif %} + env: + - name: STARTUP_TIMEOUT + value: "{{ openshift_metrics_startup_timeout }}" volumeMounts: - name: heapster-secrets mountPath: "/secrets" -- cgit v1.2.3 From 9d0b2eed6f2b897280660949d12e09a3b7993b2b Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Thu, 15 Dec 2016 10:34:58 -0500 Subject: rename variables to be less extraneous (#10) --- roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 158d0d1a3..7cea5f040 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -85,11 +85,11 @@ spec: terminationGracePeriodSeconds: 1800 volumes: - name: cassandra-data -{% if openshift_metrics_hawkular_cassandra_storage_type == 'emptydir' %} +{% if openshift_metrics_cassandra_storage_type == 'emptydir' %} emptyDir: {} {% else %} persistentVolumeClaim: - claimName: "{{ openshift_metrics_hawkular_cassandra_pv_prefix }}-{{ node }}" + claimName: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ node }}" {% endif %} - name: hawkular-cassandra-secrets secret: -- cgit v1.2.3 From b335bd4e88d5ec50aa3106f789f4e08a8baac9b2 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Thu, 15 Dec 2016 15:46:10 -0500 Subject: allow definition of cpu/memory limits/resources (#11) --- .../templates/hawkular_cassandra_rc.j2 | 29 ++++++++++++++++++++++ .../templates/hawkular_metrics_rc.j2 | 29 ++++++++++++++++++++++ roles/openshift_metrics/templates/heapster.j2 | 29 ++++++++++++++++++++++ 3 files changed, 87 insertions(+) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 7cea5f040..7ce1a6a87 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -69,6 +69,35 @@ spec: mountPath: "/cassandra_data" - name: hawkular-cassandra-secrets mountPath: "/secret" +{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none) + or (openshift_metrics_cassandra_limits_memory is defined and openshift_metrics_cassandra_limits_memory is not none) + or (openshift_metrics_cassandra_requests_cpu is defined and openshift_metrics_cassandra_requests_cpu is not none) + or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_cassandra_limits_cpu is not none + or openshift_metrics_cassandra_limits_memory is not none) +%} + limits: +{% if openshift_metrics_cassandra_limits_cpu is not none %} + cpu: "{{openshift_metrics_cassandra_limits_cpu}}" +{% endif %} +{% if openshift_metrics_cassandra_limits_memory is not none %} + memory: "{{openshift_metrics_cassandra_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_cassandra_requests_cpu is not none + or openshift_metrics_cassandra_requests_memory is not none) +%} + requests: +{% if openshift_metrics_cassandra_requests_cpu is not none %} + cpu: "{{openshift_metrics_cassandra_requests_cpu}}" +{% endif %} +{% if openshift_metrics_cassandra_requests_memory is not none %} + memory: "{{openshift_metrics_cassandra_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} readinessProbe: exec: command: diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 647a4bfbb..4314800a3 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -73,6 +73,35 @@ spec: mountPath: "/secrets" - name: hawkular-metrics-client-secrets mountPath: "/client-secrets" +{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none) + or (openshift_metrics_hawkular_limits_memory is defined and openshift_metrics_hawkular_limits_memory is not none) + or (openshift_metrics_hawkular_requests_cpu is defined and openshift_metrics_hawkular_requests_cpu is not none) + or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_hawkular_limits_cpu is not none + or openshift_metrics_hawkular_limits_memory is not none) +%} + limits: +{% if openshift_metrics_hawkular_limits_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_limits_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_limits_memory is not none %} + memory: "{{openshift_metrics_hawkular_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_hawkular_requests_cpu is not none + or openshift_metrics_hawkular_requests_memory is not none) +%} + requests: +{% if openshift_metrics_hawkular_requests_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_requests_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_requests_memory is not none %} + memory: "{{openshift_metrics_hawkular_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} readinessProbe: exec: command: diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index 90227db68..04fb76982 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -42,6 +42,35 @@ spec: env: - name: STARTUP_TIMEOUT value: "{{ openshift_metrics_startup_timeout }}" +{% if ((openshift_metrics_heapster_limits_cpu is defined and openshift_metrics_heapster_limits_cpu is not none) + or (openshift_metrics_heapster_limits_memory is defined and openshift_metrics_heapster_limits_memory is not none) + or (openshift_metrics_heapster_requests_cpu is defined and openshift_metrics_heapster_requests_cpu is not none) + or (openshift_metrics_heapster_requests_memory is defined and openshift_metrics_heapster_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_heapster_limits_cpu is not none + or openshift_metrics_heapster_limits_memory is not none) +%} + limits: +{% if openshift_metrics_heapster_limits_cpu is not none %} + cpu: "{{openshift_metrics_heapster_limits_cpu}}" +{% endif %} +{% if openshift_metrics_heapster_limits_memory is not none %} + memory: "{{openshift_metrics_heapster_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_heapster_requests_cpu is not none + or openshift_metrics_heapster_requests_memory is not none) +%} + requests: +{% if openshift_metrics_heapster_requests_cpu is not none %} + cpu: "{{openshift_metrics_heapster_requests_cpu}}" +{% endif %} +{% if openshift_metrics_heapster_requests_memory is not none %} + memory: "{{openshift_metrics_heapster_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} volumeMounts: - name: heapster-secrets mountPath: "/secrets" -- cgit v1.2.3 From 765fb5ce39fdca0b56a23f6d13650fe16debf20a Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Thu, 15 Dec 2016 15:48:09 -0500 Subject: update vars to allow scaling of components (#9) --- roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 2 +- roles/openshift_metrics/templates/hawkular_metrics_rc.j2 | 2 +- roles/openshift_metrics/templates/heapster.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 7ce1a6a87..9a1c446cd 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -9,7 +9,7 @@ metadata: spec: selector: name: hawkular-cassandra-{{ node }} - replicas: 1 + replicas: 0 template: version: v1 metadata: diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 4314800a3..1397276e6 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -8,7 +8,7 @@ metadata: spec: selector: name: hawkular-metrics - replicas: 1 + replicas: 0 template: version: v1 metadata: diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index 04fb76982..f64c6696e 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -8,7 +8,7 @@ metadata: spec: selector: name: heapster - replicas: 1 + replicas: 0 template: version: v1 metadata: -- cgit v1.2.3 From 1e8928c96627218fdc422bfa3731f790699abfbb Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Fri, 6 Jan 2017 11:23:28 -0500 Subject: User provided certs pushed from control. vars reorg (#12) Merging per discussion and agreement from @bbguimaraes --- roles/openshift_metrics/templates/route.j2 | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 index a720c4959..08ca87288 100644 --- a/roles/openshift_metrics/templates/route.j2 +++ b/roles/openshift_metrics/templates/route.j2 @@ -16,6 +16,18 @@ spec: {% if tls is defined %} tls: termination: {{ tls.termination }} +{% if tls.ca_certificate is defined and tls.ca_certificate | length > 0 %} + CACertificate: | +{{ tls.ca_certificate|indent(6, true) }} +{% endif %} +{% if tls.key is defined and tls.key | length > 0 %} + key: | +{{ tls.key|indent(6, true) }} +{% endif %} +{% if tls.certificate is defined and tls.certificate | length > 0 %} + certificate: | +{{ tls.certificate|indent(6, true) }} +{% endif %} {% if tls.termination == 'reencrypt' %} destinationCACertificate: | {{ tls.destination_ca_certificate|indent(6, true) }} -- cgit v1.2.3 From b097d9f595c378ce35a2d35f2bd4749c3aa5d77d Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Fri, 6 Jan 2017 11:27:18 -0500 Subject: set replicas to current value so not to disrupt current pods (#13) --- roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 2 +- roles/openshift_metrics/templates/hawkular_metrics_rc.j2 | 2 +- roles/openshift_metrics/templates/heapster.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 9a1c446cd..48ef3290d 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -9,7 +9,7 @@ metadata: spec: selector: name: hawkular-cassandra-{{ node }} - replicas: 0 + replicas: {{replica_count}} template: version: v1 metadata: diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 1397276e6..e6954ea44 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -8,7 +8,7 @@ metadata: spec: selector: name: hawkular-metrics - replicas: 0 + replicas: {{replica_count}} template: version: v1 metadata: diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index f64c6696e..eeca03be0 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -8,7 +8,7 @@ metadata: spec: selector: name: heapster - replicas: 0 + replicas: {{replica_count}} template: version: v1 metadata: -- cgit v1.2.3 From a5f6e3f684a3294056d4d4e224226b90acc062e6 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Wed, 11 Jan 2017 14:07:19 -0500 Subject: additional code reviews --- .../templates/hawkular_cassandra_rc.j2 | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 48ef3290d..abd4ff939 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -75,25 +75,25 @@ spec: or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none)) %} resources: -{% if (openshift_metrics_cassandra_limits_cpu is not none - or openshift_metrics_cassandra_limits_memory is not none) +{% if (openshift_metrics_cassandra_limits_cpu is not none + or openshift_metrics_cassandra_limits_memory is not none) %} limits: -{% if openshift_metrics_cassandra_limits_cpu is not none %} +{% if openshift_metrics_cassandra_limits_cpu is not none %} cpu: "{{openshift_metrics_cassandra_limits_cpu}}" {% endif %} -{% if openshift_metrics_cassandra_limits_memory is not none %} +{% if openshift_metrics_cassandra_limits_memory is not none %} memory: "{{openshift_metrics_cassandra_limits_memory}}" {% endif %} {% endif %} -{% if (openshift_metrics_cassandra_requests_cpu is not none - or openshift_metrics_cassandra_requests_memory is not none) +{% if (openshift_metrics_cassandra_requests_cpu is not none + or openshift_metrics_cassandra_requests_memory is not none) %} requests: -{% if openshift_metrics_cassandra_requests_cpu is not none %} +{% if openshift_metrics_cassandra_requests_cpu is not none %} cpu: "{{openshift_metrics_cassandra_requests_cpu}}" {% endif %} -{% if openshift_metrics_cassandra_requests_memory is not none %} +{% if openshift_metrics_cassandra_requests_memory is not none %} memory: "{{openshift_metrics_cassandra_requests_memory}}" {% endif %} {% endif %} @@ -114,9 +114,9 @@ spec: terminationGracePeriodSeconds: 1800 volumes: - name: cassandra-data -{% if openshift_metrics_cassandra_storage_type == 'emptydir' %} +{% if openshift_metrics_cassandra_storage_type == 'emptydir' %} emptyDir: {} -{% else %} +{% else %} persistentVolumeClaim: claimName: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ node }}" {% endif %} -- cgit v1.2.3 From 65eb7e43faf38698b22b90ad3c743d1fecdc0961 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Tue, 17 Jan 2017 11:42:23 -0500 Subject: use pod to generate keystores (#14) --- roles/openshift_metrics/templates/jks_pod.j2 | 38 ++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 roles/openshift_metrics/templates/jks_pod.j2 (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/jks_pod.j2 b/roles/openshift_metrics/templates/jks_pod.j2 new file mode 100644 index 000000000..e86fe38a4 --- /dev/null +++ b/roles/openshift_metrics/templates/jks_pod.j2 @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + metrics-infra: support + generateName: jks-cert-gen- +spec: + containers: + - name: jks-cert-gen + image: {{openshift_metrics_image_prefix}}metrics-deployer:{{openshift_metrics_image_version}} + imagePullPolicy: Always + command: ["sh", "{{openshift_metrics_certs_dir}}/import_jks_certs.sh"] + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: {{openshift_metrics_certs_dir}} + name: certmount + env: + - name: CERT_DIR + value: {{openshift_metrics_certs_dir}} + - name: METRICS_KEYSTORE_PASSWD + value: {{metrics_keystore_passwd}} + - name: CASSANDRA_KEYSTORE_PASSWD + value: {{cassandra_keystore_passwd}} + - name: METRICS_TRUSTSTORE_PASSWD + value: {{metrics_truststore_passwd}} + - name: CASSANDRA_TRUSTSTORE_PASSWD + value: {{cassandra_truststore_passwd}} + - name: hawkular_cassandra_alias + value: {{cassandra_keystore_passwd}} + - name: JGROUPS_PASSWD + value: {{jgroups_passwd}} + restartPolicy: Never + serviceAccount: jks-generator + volumes: + - hostPath: + path: "{{openshift_metrics_certs_dir}}" + name: certmount -- cgit v1.2.3