From 04c1500801f4d88635001bda1e4f73473fe8e33a Mon Sep 17 00:00:00 2001
From: Jeff Cantrill <jcantril@redhat.com>
Date: Tue, 29 Nov 2016 16:31:13 -0500
Subject: =?UTF-8?q?Bruno=20Barcarol=20Guimar=C3=A3es=20work=20to=20move=20?=
=?UTF-8?q?metrics=20to=20ansible=20from=20deployer?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../templates/hawkular_cassandra_rc.j2 | 94 ++++++++++++++++++++++
.../templates/hawkular_metrics_rc.j2 | 88 ++++++++++++++++++++
roles/openshift_metrics/templates/heapster.j2 | 66 +++++++++++++++
roles/openshift_metrics/templates/pvc.j2 | 27 +++++++
roles/openshift_metrics/templates/rolebinding.j2 | 23 ++++++
roles/openshift_metrics/templates/route.j2 | 23 ++++++
roles/openshift_metrics/templates/secret.j2 | 12 +++
roles/openshift_metrics/templates/service.j2 | 32 ++++++++
.../openshift_metrics/templates/serviceaccount.j2 | 16 ++++
9 files changed, 381 insertions(+)
create mode 100644 roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
create mode 100644 roles/openshift_metrics/templates/hawkular_metrics_rc.j2
create mode 100644 roles/openshift_metrics/templates/heapster.j2
create mode 100644 roles/openshift_metrics/templates/pvc.j2
create mode 100644 roles/openshift_metrics/templates/rolebinding.j2
create mode 100644 roles/openshift_metrics/templates/route.j2
create mode 100644 roles/openshift_metrics/templates/secret.j2
create mode 100644 roles/openshift_metrics/templates/service.j2
create mode 100644 roles/openshift_metrics/templates/serviceaccount.j2
(limited to 'roles/openshift_metrics/templates')
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
new file mode 100644
index 000000000..bb8866263
--- /dev/null
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -0,0 +1,94 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: hawkular-cassandra-{{ node }}
+ labels:
+ metrics-infra: hawkular-cassandra
+ name: hawkular-cassandra
+ type: hawkular-cassandra
+spec:
+ selector:
+ name: hawkular-cassandra-{{ node }}
+ replicas: 1
+ template:
+ version: v1
+ metadata:
+ labels:
+ metrics-infra: hawkular-cassandra
+ name: hawkular-cassandra-{{ node }}
+ type: hawkular-cassandra
+ spec:
+ serviceAccount: cassandra
+ containers:
+ - image: "{{ image_prefix }}metrics-cassandra:{{ image_version }}"
+ name: hawkular-cassandra-{{ node }}
+ ports:
+ - name: cql-port
+ containerPort: 9042
+ - name: thift-port
+ containerPort: 9160
+ - name: tcp-port
+ containerPort: 7000
+ - name: ssl-port
+ containerPort: 7001
+ command:
+ - "/opt/apache-cassandra/bin/cassandra-docker.sh"
+ - "--cluster_name=hawkular-metrics"
+ - "--data_volume=/cassandra_data"
+ - "--internode_encryption=all"
+ - "--require_node_auth=true"
+ - "--enable_client_encryption=true"
+ - "--require_client_auth=true"
+ - "--keystore_file=/secret/cassandra.keystore"
+ - "--keystore_password_file=/secret/cassandra.keystore.password"
+ - "--truststore_file=/secret/cassandra.truststore"
+ - "--truststore_password_file=/secret/cassandra.truststore.password"
+ - "--cassandra_pem_file=/secret/cassandra.pem"
+ env:
+ - name: CASSANDRA_MASTER
+ value: "{{ master }}"
+ - name: CASSANDRA_DATA_VOLUME
+ value: "/cassandra_data"
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MEMORY_LIMIT
+ valueFrom:
+ resourceFieldRef:
+ resource: limits.memory
+ - name: CPU_LIMIT
+ valueFrom:
+ resourceFieldRef:
+ resource: limits.cpu
+ divisor: 1m
+ volumeMounts:
+ - name: cassandra-data
+ mountPath: "/cassandra_data"
+ - name: hawkular-cassandra-secrets
+ mountPath: "/secret"
+ readinessProbe:
+ exec:
+ command:
+ - "/opt/apache-cassandra/bin/cassandra-docker-ready.sh"
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - "/opt/apache-cassandra/bin/cassandra-prestop.sh"
+ postStart:
+ exec:
+ command:
+ - "/opt/apache-cassandra/bin/cassandra-poststart.sh"
+ terminationGracePeriodSeconds: 1800
+ volumes:
+ - name: cassandra-data
+{% if hawkular_cassandra_storage_type == 'emptydir' %}
+ emptyDir: {}
+{% else %}
+ persistentVolumeClaim:
+ claimName: "{{ hawkular_cassandra_pv_prefix }}-{{ node }}"
+{% endif %}
+ - name: hawkular-cassandra-secrets
+ secret:
+ secretName: hawkular-cassandra-secrets
diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
new file mode 100644
index 000000000..bcfe9dc84
--- /dev/null
+++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: hawkular-metrics
+ labels:
+ metrics-infra: hawkular-metrics
+ name: hawkular-metrics
+spec:
+ selector:
+ name: hawkular-metrics
+ replicas: 1
+ template:
+ version: v1
+ metadata:
+ labels:
+ metrics-infra: hawkular-metrics
+ name: hawkular-metrics
+ spec:
+ serviceAccount: hawkular
+ containers:
+ - image: {{image_prefix}}metrics-hawkular-metrics:{{image_version}}
+ name: hawkular-metrics
+ ports:
+ - name: http-endpoint
+ containerPort: 8080
+ - name: https-endpoint
+ containerPort: 8443
+ - name: ping
+ containerPort: 8888
+ command:
+ - "/opt/hawkular/scripts/hawkular-metrics-wrapper.sh"
+ - "-b"
+ - 0.0.0.0
+ - "-Dhawkular.metrics.cassandra.nodes=hawkular-cassandra"
+ - "-Dhawkular.metrics.cassandra.use-ssl"
+ - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd"
+ - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file"
+ - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization"
+ - "-Dhawkular.metrics.default-ttl={{metrics_duration}}"
+ - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra"
+ - "-Dhawkular-alerts.cassandra-use-ssl"
+ - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd"
+ - "-Dhawkular.alerts.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file"
+ - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization"
+ - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"
+ - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true"
+ - "-DKUBERNETES_MASTER_URL={{master_url}}"
+ - "-DUSER_WRITE_ACCESS={{hawkular_user_write_access}}"
+ - "--hmw.keystore=/secrets/hawkular-metrics.keystore"
+ - "--hmw.truststore=/secrets/hawkular-metrics.truststore"
+ - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password"
+ - "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password"
+ - "--hmw.jgroups_keystore=/secrets/hawkular-metrics.jgroups.keystore"
+ - "--hmw.jgroups_keystore_password_file=/secrets/hawkular-metrics.jgroups.keystore.password"
+ - "--hmw.jgroups_alias_file=/secrets/hawkular-metrics.jgroups.alias"
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MASTER_URL
+ value: "{{ master_url }}"
+ - name: OPENSHIFT_KUBE_PING_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OPENSHIFT_KUBE_PING_LABELS
+ value: "metrics-infra=hawkular-metrics,name=hawkular-metrics"
+ volumeMounts:
+ - name: hawkular-metrics-secrets
+ mountPath: "/secrets"
+ - name: hawkular-metrics-client-secrets
+ mountPath: "/client-secrets"
+ readinessProbe:
+ exec:
+ command:
+ - "/opt/hawkular/scripts/hawkular-metrics-readiness.py"
+ livenessProbe:
+ exec:
+ command:
+ - "/opt/hawkular/scripts/hawkular-metrics-liveness.py"
+ volumes:
+ - name: hawkular-metrics-secrets
+ secret:
+ secretName: hawkular-metrics-secrets
+ - name: hawkular-metrics-client-secrets
+ secret:
+ secretName: hawkular-metrics-account
diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2
new file mode 100644
index 000000000..779be0145
--- /dev/null
+++ b/roles/openshift_metrics/templates/heapster.j2
@@ -0,0 +1,66 @@
+apiVersion: "v1"
+kind: "ReplicationController"
+metadata:
+ name: heapster
+ labels:
+ metrics-infra: heapster
+ name: heapster
+spec:
+ selector:
+ name: heapster
+ replicas: 1
+ template:
+ version: v1
+ metadata:
+ name: heapster
+ labels:
+ metrics-infra: heapster
+ name: heapster
+ spec:
+ serviceAccountName: heapster
+ containers:
+ - name: heapster
+ image: {{image_prefix}}metrics-heapster:{{image_version}}
+ ports:
+ - containerPort: 8082
+ name: "http-endpoint"
+ command:
+ - "heapster-wrapper.sh"
+ - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users"
+ - "--source=kubernetes:{{master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250"
+ - "--tls_cert=/secrets/heapster.cert"
+ - "--tls_key=/secrets/heapster.key"
+ - "--tls_client_ca=/secrets/heapster.client-ca"
+ - "--allowed_users=%allowed_users%"
+ - "--metric_resolution={{metrics_resolution}}"
+{% if not heapster_standalone %}
+ - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username"
+ - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password"
+ - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status"
+ - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)"
+{% endif %}
+ volumeMounts:
+ - name: heapster-secrets
+ mountPath: "/secrets"
+{% if not heapster_standalone %}
+ - name: hawkular-metrics-certificate
+ mountPath: "/hawkular-cert"
+ - name: hawkular-metrics-account
+ mountPath: "/hawkular-account"
+ readinessProbe:
+ exec:
+ command:
+ - "/opt/heapster-readiness.sh"
+{% endif %}
+ volumes:
+ - name: heapster-secrets
+ secret:
+ secretName: heapster-secrets
+{% if not heapster_standalone %}
+ - name: hawkular-metrics-certificate
+ secret:
+ secretName: hawkular-metrics-certificate
+ - name: hawkular-metrics-account
+ secret:
+ secretName: hawkular-metrics-account
+{% endif %}
diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2
new file mode 100644
index 000000000..8fbfa8b5d
--- /dev/null
+++ b/roles/openshift_metrics/templates/pvc.j2
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{obj_name}}
+{% if labels is not defined %}
+ labels:
+ logging-infra: support
+{% elif labels %}
+ labels:
+{% for key, value in labels.iteritems() %}
+ {{ key }}: {{ value }}
+{% endfor %}
+{% endif %}
+{% if annotations is defined and annotations %}
+ annotations:
+{% for key,value in annotations.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+spec:
+ accessModes:
+{% for mode in access_modes %}
+ - {{ mode }}
+{% endfor %}
+ resources:
+ requests:
+ storage: {{size}}
diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2
new file mode 100644
index 000000000..5230f0780
--- /dev/null
+++ b/roles/openshift_metrics/templates/rolebinding.j2
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: {% if cluster is defined and cluster %}Cluster{% endif %}RoleBinding
+metadata:
+ name: {{obj_name}}
+{% if labels is defined %}
+ labels:
+{% for k, v in labels.iteritems() %}
+ {{ k }}: {{ v }}
+{% endfor %}
+{% endif %}
+roleRef:
+{% if 'kind' in roleRef %}
+ kind: {{ roleRef.kind }}
+{% endif %}
+ name: {{ roleRef.name }}
+subjects:
+{% for sub in subjects %}
+ - kind: {{ sub.kind }}
+ name: {{ sub.name }}
+{% if 'namespace' in sub %}
+ namespace: {{ sub.namespace }}
+{% endif %}
+{% endfor %}
diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2
new file mode 100644
index 000000000..a720c4959
--- /dev/null
+++ b/roles/openshift_metrics/templates/route.j2
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Route
+metadata:
+ name: {{ name }}
+{% if labels is defined and labels %}
+ labels:
+{% for k, v in labels.iteritems() %}
+ {{ k }}: {{ v }}
+{% endfor %}
+{% endif %}
+spec:
+ host: {{ host }}
+ to:
+ kind: {{ to.kind }}
+ name: {{ to.name }}
+{% if tls is defined %}
+ tls:
+ termination: {{ tls.termination }}
+{% if tls.termination == 'reencrypt' %}
+ destinationCACertificate: |
+{{ tls.destination_ca_certificate|indent(6, true) }}
+{% endif %}
+{% endif %}
diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2
new file mode 100644
index 000000000..370890c7d
--- /dev/null
+++ b/roles/openshift_metrics/templates/secret.j2
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "{{ name }}"
+ labels:
+{% for k, v in labels.iteritems() %}
+ {{ k }}: {{ v }}
+{% endfor %}
+data:
+{% for k, v in data.iteritems() %}
+ {{ k }}: {{ v }}
+{% endfor %}
diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2
new file mode 100644
index 000000000..8df89127b
--- /dev/null
+++ b/roles/openshift_metrics/templates/service.j2
@@ -0,0 +1,32 @@
+apiVersion: "v1"
+kind: "Service"
+metadata:
+ name: "{{obj_name}}"
+{% if labels is defined%}
+ labels:
+{% for key, value in labels.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+spec:
+{% if headless is defined and headless %}
+ portalIP: None
+ clusterIP: None
+{% endif %}
+ ports:
+{% for port in ports %}
+ -
+{% for key, value in port.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% if port.targetPort is undefined %}
+ clusterIP: "None"
+{% endif %}
+{% endfor %}
+{% if service_targetPort is defined %}
+ targetPort: {{service_targetPort}}
+{% endif %}
+ selector:
+ {% for key, value in selector.iteritems() %}
+ {{key}}: {{value}}
+ {% endfor %}
diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2
new file mode 100644
index 000000000..b22acc594
--- /dev/null
+++ b/roles/openshift_metrics/templates/serviceaccount.j2
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{obj_name}}
+{% if labels is defined%}
+ labels:
+{% for key, value in labels.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
+{% if secrets is defined %}
+secrets:
+{% for name in secrets %}
+- name: {{ name }}
+{% endfor %}
+{% endif %}
--
cgit v1.2.3